| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach einer Malware attacke lassen sich einige Programme nicht mehr updatenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.01.2011, 07:01
| #31 |
| /// Helfer-Team  |  Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten Klar kein Problem, dann bis später 
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte!  |
|
03.01.2011, 18:55
| #32 |
 | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten so die sachen hab ich deinstalliert,
__________________und schon gefixt hier ist der file: All processes killed ========== OTL ========== Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL C:\Program Files\Conduit\Community Alerts folder moved successfully. C:\Program Files\Conduit folder moved successfully. C:\Program Files\ESET\ESET Online Scanner\Quarantine folder moved successfully. C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles\temp folder moved successfully. C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com folder moved successfully. C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles folder moved successfully. C:\Program Files\ESET\ESET Online Scanner\Modules\data folder moved successfully. C:\Program Files\ESET\ESET Online Scanner\Modules folder moved successfully. C:\Program Files\ESET\ESET Online Scanner folder moved successfully. C:\Program Files\ESET folder moved successfully. Folder C:\Users\eugen\AppData\Roaming\SparweltGutschein\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: eugen ->Temp folder emptied: 6040586 bytes ->Temporary Internet Files folder emptied: 308011 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 90495382 bytes ->Flash cache emptied: 1494 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 24492 bytes RecycleBin emptied: 48034 bytes Total Files Cleaned = 92,00 mb OTL by OldTimer - Version 3.2.18.0 log created on 01032011_184847 Files\Folders moved on Reboot... C:\Users\eugen\AppData\Local\Temp\~DF4CC5.tmp moved successfully. File\Folder C:\Windows\temp\ZLT03d5a.TMP not found! Registry entries deleted on Reboot... |
|
03.01.2011, 19:32
| #33 |
| | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten so java ist jetzt aktuell, und foxit läuft jetzt auch.
__________________und hier sind die logfiles: OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.01.2011 19:25:37 - Run 6 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\eugen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 67,07 Gb Total Space | 20,82 Gb Free Space | 31,04% Space Free | Partition Type: NTFS Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2010.09.02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.09.02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass) DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] [2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions [2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.03 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions [2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com [2010.12.02 00:19:16 | 000,000,939 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml [2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit [2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011.01.02 20:07:11 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll [2011.01.02 20:07:11 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll [2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira [2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll [2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool [2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.01.03 19:24:40 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url [2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.03 19:22:19 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.03 19:19:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 19:19:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 19:18:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.03 19:18:47 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys [2011.01.03 19:15:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.01.03 19:10:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.03 18:52:42 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2011.01.02 20:09:02 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2011.01.02 20:07:58 | 000,000,878 | ---- | M] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini ========== Files Created - No Company Name ========== [2011.01.03 19:24:40 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url [2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.02 20:07:58 | 000,000,878 | ---- | C] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk [2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll [2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys [2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini [2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache [2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini [2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll ========== LOP Check ========== [2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics [2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint [2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit [2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ [2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView [2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org [2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3 [2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV [2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird [2011.01.03 19:15:30 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.01.2011 19:25:37 - Run 6
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,82 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system |
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E7CB68B9-C8A5-40EA-AC3C-FA69351CE3F0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E8FC58F6-7496-4308-9BFA-7BE61218B254}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Foxit Reader" = Foxit Reader
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Zattoo4" = Zattoo4 4.0.5
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 19:48:53 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 19:48:53 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description =
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description =
[ System Events ]
Error - 02.01.2011 15:11:40 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.01.2011 15:50:02 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
Error - 03.01.2011 13:48:48 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 03.01.2011 14:01:47 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
Error - 03.01.2011 14:12:42 | Computer Name = eugen-PC | Source = DCOM | ID = 10005
Description =
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.01.2011 14:15:18 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
03.01.2011, 19:32
| #34 |
| | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten so java ist jetzt aktuell, und foxit läuft jetzt auch. und hier sind die logfiles: OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.01.2011 19:25:37 - Run 6 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\eugen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 67,07 Gb Total Space | 20,82 Gb Free Space | 31,04% Space Free | Partition Type: NTFS Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2010.09.02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.09.02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass) DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] [2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions [2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.03 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions [2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com [2010.12.02 00:19:16 | 000,000,939 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml [2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit [2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011.01.02 20:07:11 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll [2011.01.02 20:07:11 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll [2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira [2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll [2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool [2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.01.03 19:24:40 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url [2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.03 19:22:19 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.03 19:19:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 19:19:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 19:18:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.03 19:18:47 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys [2011.01.03 19:15:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.01.03 19:10:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.03 18:52:42 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2011.01.02 20:09:02 | 000,421,441 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2011.01.02 20:07:58 | 000,000,878 | ---- | M] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini ========== Files Created - No Company Name ========== [2011.01.03 19:24:40 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url [2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.02 20:07:58 | 000,000,878 | ---- | C] () -- C:\Users\eugen\Desktop\ZoneAlarm Security.lnk [2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll [2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys [2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini [2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache [2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini [2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll ========== LOP Check ========== [2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics [2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint [2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit [2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ [2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView [2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org [2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3 [2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV [2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird [2011.01.03 19:15:30 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.01.2011 19:25:37 - Run 6
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,82 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system |
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E7CB68B9-C8A5-40EA-AC3C-FA69351CE3F0}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E8FC58F6-7496-4308-9BFA-7BE61218B254}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Foxit Reader" = Foxit Reader
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Zattoo4" = Zattoo4 4.0.5
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 19:48:53 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 19:48:53 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description =
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description =
[ System Events ]
Error - 02.01.2011 15:11:40 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.01.2011 15:50:02 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
Error - 03.01.2011 13:48:48 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 03.01.2011 14:01:47 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
Error - 03.01.2011 14:12:42 | Computer Name = eugen-PC | Source = DCOM | ID = 10005
Description =
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.01.2011 14:15:18 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
03.01.2011, 20:24
| #35 |
| /// Helfer-Team | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten Ich würd dir vorschlagen, Zonealarm zu deinstallieren und stattdessen die Windowsfirewall zu benutzen. Irgendwie stellt Zonealarm die Conduiteinträge bei dir dauernd wieder her, ausserdem ist es nicht unbedingt von Vorteil sowas zu nutzen und die Windowsfirewall tut eine gute Arbeit. Ich hab dir mal Cosinus` Links zum Thema Personal Firewalls herausgesucht, wenn dich das genauer interessiert: Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei? personal firewalls ? Wiki ? ubuntuusers.de NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de microsoft.public.de.security.heimanwender FAQ Wenn du ZA deinstalliert hast, würd ich gern nochmal neue OTL-Logs von dir sehen.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
03.01.2011, 21:16
| #36 |
| | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten so gesagt getanOTL Logfile: Code:
ATTFilter OTL logfile created on: 03.01.2011 21:09:50 - Run 7 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\eugen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 67,07 Gb Total Space | 20,73 Gb Free Space | 30,90% Space Free | Partition Type: NTFS Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.03 19:23:58 | 006,827,264 | ---- | M] (Foxit Software Company) -- C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass) DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] [2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions [2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.03 19:33:08 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions [2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com [2010.12.02 00:19:16 | 000,000,939 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml [2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.03 21:07:43 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit [2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira [2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll [2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool [2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.01.03 21:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.03 21:06:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.03 21:06:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 21:06:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 21:05:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.03 21:05:52 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys [2011.01.03 21:05:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.01.03 19:24:40 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url [2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.03 18:52:42 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini ========== Files Created - No Company Name ========== [2011.01.03 19:24:40 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url [2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll [2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys [2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini [2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache [2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini [2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll ========== LOP Check ========== [2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics [2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint [2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit [2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ [2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView [2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org [2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3 [2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV [2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird [2011.01.03 21:05:03 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.01.2011 21:09:50 - Run 7
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,73 Gb Free Space | 30,90% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system |
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Foxit Reader" = Foxit Reader
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.09.2010 13:40:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 13:40:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description =
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description =
[ System Events ]
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.01.2011 15:50:02 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
Error - 03.01.2011 13:48:48 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 03.01.2011 14:01:47 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
Error - 03.01.2011 14:12:42 | Computer Name = eugen-PC | Source = DCOM | ID = 10005
Description =
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.01.2011 14:15:18 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
Error - 03.01.2011 15:02:08 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
Error - 03.01.2011 16:04:49 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
03.01.2011, 21:16
| #37 |
| | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten so gesagt getanOTL Logfile: Code:
ATTFilter OTL logfile created on: 03.01.2011 21:09:50 - Run 7 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\eugen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 67,07 Gb Total Space | 20,73 Gb Free Space | 30,90% Space Free | Partition Type: NTFS Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.03 19:23:58 | 006,827,264 | ---- | M] (Foxit Software Company) -- C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe PRC - [2010.12.12 14:29:00 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010.12.12 14:28:58 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass) DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] [2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions [2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.03 19:33:08 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions [2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com [2010.12.02 00:19:16 | 000,000,939 | ---- | M] () -- C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml [2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.03 21:07:43 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit [2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira [2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll [2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool [2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.01.03 21:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.03 21:06:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.03 21:06:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 21:06:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.03 21:05:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.03 21:05:52 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys [2011.01.03 21:05:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.01.03 19:24:40 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\eBay.url [2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.03 18:52:42 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini ========== Files Created - No Company Name ========== [2011.01.03 19:24:40 | 000,000,200 | ---- | C] () -- C:\Users\Public\Desktop\eBay.url [2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll [2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys [2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini [2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache [2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini [2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll ========== LOP Check ========== [2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics [2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint [2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit [2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ [2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView [2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org [2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3 [2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV [2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird [2011.01.03 21:05:03 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.01.2011 21:09:50 - Run 7
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\eugen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 20,73 Gb Free Space | 30,90% Space Free | Partition Type: NTFS
Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C87A85D-ED90-4786-86DA-D3E0CF0AFF18}" = lport=3390 | protocol=6 | dir=in | app=system |
"{12BA91D1-2014-42E8-A143-2BBDAAB28FBE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3D4D1749-D2F6-4CF8-B405-A5098045143D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60B812F6-1288-4812-8090-B47CE0C7B32C}" = lport=10244 | protocol=6 | dir=in | app=system |
"{69B4A7F7-3F6F-460E-8BB4-C0BA0031A9DC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{714915FD-BC7C-422E-AB41-9A839652D705}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77CAA091-55E8-47CE-9E54-5EA7D8BFF448}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{842BB2BD-A78A-4564-AA6F-C94DA0AEDC0E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A7629E3-78BA-4802-94BA-4B759DE10642}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EF3C954-E937-448E-B898-E305B137CBB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0C5B489-77A5-4403-A6A8-B9EDFB4643D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1062A3F-5019-4111-AFD1-9D20B7DD0A61}" = lport=3390 | protocol=6 | dir=in | app=system |
"{ABC32864-3591-4796-AA67-F6EB3AAF4D00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B58339CD-94E2-41DF-A24D-FAAEF46FCBF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C33C92CA-36F6-4E7A-BFA8-638036FD890D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0168644-59E7-46D0-8CB2-96B00F11ADC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2325BBC-FA5C-417A-85E3-5B0A0DD99663}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D56CC344-E531-4139-9B9B-F0C01F3CA409}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D7785132-E819-4678-ABD8-56C038CCA7A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD673716-38C0-4FBB-9866-C9872770D5A2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DEA9904B-594F-4EEE-988C-D19697A864B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EFE2DE28-8E6D-42F3-9344-A54D20347093}" = lport=10244 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024115AE-CD47-458A-BB62-8823D08D9851}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{049832E6-1800-471A-AF5F-6C845821BCB6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1E666313-E3D4-4715-ADAD-447A2E20C0C6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3FB40E5F-61FB-4056-B93F-01B54BFC55B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{44B1256A-9EF9-47F0-87DF-2EF96970CAC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4C3D3814-CB74-4B85-B6B1-5777FE9C7B31}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{50DCCF9B-0A21-4BCC-82E2-6035E25CFBEF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5A125478-81B6-4C90-9CE5-E61DC3DACA24}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{8B5756D2-938E-4B67-9CAF-E7E2CA7B4039}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{93F76A8F-BB4D-4CD3-907B-F96774709707}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{980C0DB2-0243-47C7-B126-8551C110F256}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A64935B9-06C3-4627-92EC-CE89ED7B4E76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C9AD2570-C4BA-46C0-9332-F6A85FCFD20B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CD33CC15-F9A0-426F-ACF0-5F0704F73254}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CED46412-83AF-4B53-959F-F735BAB00E1B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D0263A35-9753-4735-AA3D-43C64835B329}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DC6EF64C-7E1E-4F85-93C1-4EB1224BBC0C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E7D9546A-207D-40A8-8429-C1C273B4E50E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EB8F8B06-4C63-4543-A04A-F789C91E2B20}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F22A2463-3668-421B-9FA2-720CCE60D45B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{049DE0EA-163F-2FDB-3E9D-C4B2DF1ED6C0}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{057847EC-F678-553C-23C3-F756D12D94CC}" = CCC Help Hungarian
"{06D387CA-93A6-DF48-44F4-DEF679C9773F}" = Catalyst Control Center Localization Polish
"{0C4C1082-BED7-9F55-1817-140C358DD2A9}" = CCC Help Japanese
"{0E3E1968-69D0-A3C6-6F27-BCD4C55E8877}" = CCC Help Danish
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F2ECBF6-E946-D953-C820-216CA7C60766}" = Catalyst Control Center Localization Dutch
"{12D57DBB-AF1B-ACB9-C188-0CD15AB88714}" = Catalyst Control Center Localization Norwegian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1680A88C-184E-771D-B084-475932F722F2}" = Catalyst Control Center Localization Swedish
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B9EF5E8-1537-1C02-8E1B-E0F6C8B9804B}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1D02E648-3981-C46A-C490-7626CBD677E5}" = Catalyst Control Center Localization Italian
"{1D0775F7-EAA3-3B04-7E62-5F0B201E7784}" = Catalyst Control Center Localization Czech
"{1E4EBAF3-B745-D820-DAA1-A9D994ACEAC1}" = Catalyst Control Center Localization German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{27FA0EA8-B597-6156-3F71-0600589E5DF5}" = Catalyst Control Center Localization Korean
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2EA63C93-C1ED-AA5D-63A4-809AC014130A}" = CCC Help Turkish
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{324A6FDE-72E6-FE4A-3E96-79FC082FF05C}" = CCC Help Korean
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{44D3E73C-DD4F-E9F5-ED67-6449A95BDAEE}" = Catalyst Control Center Localization Chinese Standard
"{471E6731-9F77-7642-6FEE-82BF38572F41}" = Catalyst Control Center Localization Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2966E3-6CE2-7044-9BBE-69D73C9A5669}" = Catalyst Control Center Localization Turkish
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63F6B4DE-D927-71D2-DB37-E3D57324BFBD}" = Catalyst Control Center Localization Chinese Traditional
"{6B170DF1-44D5-EE03-488B-B14022926269}" = Catalyst Control Center Localization Portuguese
"{6E6420FE-4C99-3ED5-7519-B5C22B6253BC}" = CCC Help English
"{70CB0558-9487-5AFF-A0C7-868A29345FC1}" = Catalyst Control Center Graphics Full Existing
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C926B5D-DC4A-5E89-5E17-B3A3B1A89BAA}" = Skins
"{7C9A109D-C870-F116-A730-D8D36FF0BDE4}" = Catalyst Control Center Graphics Light
"{7DD9CFAE-5CF1-9AE0-1318-C08252C13944}" = Catalyst Control Center Localization Hungarian
"{7DE47C72-0A60-705B-8CC5-6C97ED457EAD}" = Catalyst Control Center Localization Greek
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{858F597F-0927-DDD2-F997-FAD8D1E35C76}" = ccc-utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{94FC9A0E-2C2E-A90E-0286-3B89514C1C66}" = CCC Help Polish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{97F38321-6488-7AF4-66E6-D0E54DED4DB5}" = CCC Help German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B452711-75BD-875D-F364-E422598C7E03}" = Catalyst Control Center Localization Danish
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A121592B-3807-E758-5707-CEADF57C7DD8}" = CCC Help Italian
"{A2C2600A-8AB7-E6C9-246E-DB019DBB537F}" = Catalyst Control Center Localization Japanese
"{A416058E-754E-792A-EA8A-28643F2E69E9}" = CCC Help Chinese Traditional
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A96EA0-6198-66D5-6C5A-0C478374D4FB}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD153D6-EA7D-E913-7EDF-441871A7D58B}" = Catalyst Control Center Graphics Previews Vista
"{ADE489CC-D322-D86E-E386-DA5E8615EC28}" = CCC Help Dutch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0544A18-DC32-E7C2-6D53-5DF018A08182}" = CCC Help Swedish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4904CE1-9B11-B1E7-55BF-3C14990D5D13}" = Catalyst Control Center Localization Russian
"{B4D43702-3A40-3840-61B2-A16C52F6DA23}" = CCC Help Portuguese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7B16694-9557-6946-6B7D-5C5D19522A16}" = ccc-core-static
"{B9290344-051D-CAE7-7D33-C6EC3C5E6F88}" = CCC Help Finnish
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{CB0150AB-0D06-A3CE-F177-00AD5CD88A9A}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E9704D-2D80-9EDC-A9AF-805E5FF4CF3A}" = Catalyst Control Center Localization Finnish
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6AB9AB2-252C-DDAA-6FDD-75C1D1944848}" = CCC Help Czech
"{D847C95B-FD35-A198-A034-1884DDD113F4}" = CCC Help Norwegian
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E142866C-701D-CD53-ECEE-E641EA1989C4}" = CCC Help Chinese Standard
"{E17E3426-4F92-01EC-13CB-BE4B31F86D5C}" = CCC Help French
"{E20921C0-C0EE-1409-DE92-7B93B94EF1F0}" = CCC Help Greek
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E42F19D3-1C46-630E-62AB-302AB9A08C83}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17E7C5-5C86-6DF7-C161-C5C34A2F0E11}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FEE3C238-FDAB-4150-85DB-66BDA293DABA}_is1" = Trendpoker 3D - Texas Hold'em Poker - DEMO
"{FF5C9C17-2FCA-C04E-67B0-5EAEFD783DD4}" = CCC Help Thai
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CHIP System-Check-Tool_is1" = CHIP System-Check-Tool 1.1.9.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Foxit Reader" = Foxit Reader
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Texas Hold'em Poker (Test)_is1" = Texas Hold'em Poker (Test)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.09.2010 13:40:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 13:40:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:02:55 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:28 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:12:29 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.09.2010 14:25:45 | Computer Name = eugen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 23.05.2010 10:49:45 | Computer Name = eugen-PC | Source = Mcx2Dvcs | ID = 401
Description =
Error - 02.06.2010 15:33:18 | Computer Name = eugen-PC | Source = McrMgr | ID = 107
Description =
[ System Events ]
Error - 02.01.2011 15:14:34 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.01.2011 15:50:02 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
Error - 03.01.2011 13:48:48 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 03.01.2011 14:01:47 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
Error - 03.01.2011 14:12:42 | Computer Name = eugen-PC | Source = DCOM | ID = 10005
Description =
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 03.01.2011 14:12:43 | Computer Name = eugen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.01.2011 14:15:18 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
Error - 03.01.2011 15:02:08 | Computer Name = eugen-PC | Source = BROWSER | ID = 8032
Description =
Error - 03.01.2011 16:04:49 | Computer Name = eugen-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
03.01.2011, 21:33
| #38 |
| /// Helfer-Team | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten 1.) Fixen mit OTL
2.) Windowsupdates Besuche bitte mit dem Internet Explorer die Microsoftupdate-Seite und lade dir über die Benutzerdefinierte Suche alle angebotenen Updates herunter. Alternativ kannst du dir die Updates auch mit dem Mozilla Firefox laden, du benötigst dafür aber das AddOn IE View. Erstelle neue Logs mit OTL, poste mir aber nur noch die OTL.txt.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
03.01.2011, 21:56
| #39 |
| | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten so fix file: All processes killed ========== OTL ========== Prefs.js: "ZoneAlarm Security Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "ZoneAlarm Security Customized Web Search" removed from browser.search.selectedEngine C:\Users\eugen\AppData\Roaming\Mozilla\FireFox\Profiles\9pik1lpk.default\searchplugins\conduit.xml moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: eugen ->Temp folder emptied: 5806630 bytes ->Temporary Internet Files folder emptied: 114654 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 43327161 bytes ->Flash cache emptied: 456 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 47,00 mb OTL by OldTimer - Version 3.2.18.0 log created on 01032011_215211 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
03.01.2011, 22:02
| #40 |
| | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten also wenn ich windows updates durchführen will, sagt mir dein link ich soll unter, Start-alle programme-windows updates probieren, dort steht keine wichtigen updates vorhanden. was nun? |
|
03.01.2011, 22:27
| #41 |
| /// Helfer-Team | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten Ist okay, poste mir das OTL-Log.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
04.01.2011, 18:54
| #42 |
| | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten so hier ist das OTL log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.01.2011 18:43:21 - Run 8 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\eugen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 67,07 Gb Total Space | 20,63 Gb Free Space | 30,76% Space Free | Partition Type: NTFS Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass) DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] [2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions [2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.03 21:56:41 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions [2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.03 21:56:37 | 000,000,000 | ---D | M] (IE View) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com [2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.03 21:07:43 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit [2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira [2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll [2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool [2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.01.04 18:42:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.04 18:42:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.04 18:42:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.04 18:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.04 18:42:28 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys [2011.01.04 01:04:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.01.04 00:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.03 21:53:58 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini ========== Files Created - No Company Name ========== [2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll [2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys [2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini [2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache [2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini [2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll ========== LOP Check ========== [2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics [2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint [2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit [2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ [2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView [2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org [2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3 [2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV [2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird [2011.01.04 01:04:12 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
04.01.2011, 18:54
| #43 |
| | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten so hier ist das OTL log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.01.2011 18:43:21 - Run 8 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\eugen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 67,07 Gb Total Space | 20,63 Gb Free Space | 30,76% Space Free | Partition Type: NTFS Drive D: | 44,71 Gb Total Space | 14,27 Gb Free Space | 31,90% Space Free | Partition Type: NTFS Computer Name: EUGEN-PC | User Name: eugen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe PRC - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.30 18:12:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.12 21:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.06.26 19:10:44 | 000,778,240 | ---- | M] () -- C:\Program Files\PowerForPhone\PowerForPhone.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.04.17 05:03:18 | 000,135,168 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.02.15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.09 19:38:36 | 000,049,520 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.18 05:41:34 | 000,843,776 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2006.12.21 08:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2006.11.22 10:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2006.11.02 17:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2006.09.11 11:31:36 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe PRC - [2006.09.08 08:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.30 18:12:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.30 18:12:38 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007.05.15 18:47:48 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006.12.29 01:17:50 | 000,123,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.30 18:13:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.15 17:11:31 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.10.15 17:11:21 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.19 06:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass) DRV - [2007.05.24 15:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.04.25 02:28:14 | 000,027,504 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.03.22 07:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.03.05 14:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 03:04:58 | 000,694,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.02.24 23:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.14 07:11:26 | 001,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.02.05 12:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.01.24 11:08:40 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2007.01.24 01:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.28 09:17:18 | 000,018,688 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 10:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.14 04:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.08.30 02:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 14:29:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 00:26:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 19:24:14 | 000,000,000 | ---D | M] [2010.02.01 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions [2010.02.01 19:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eugen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.03 21:56:41 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions [2010.06.29 16:04:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.03 21:56:37 | 000,000,000 | ---D | M] (IE View) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d} [2010.06.29 14:58:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.06.23 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\mozilla\Firefox\Profiles\9pik1lpk.default\extensions\battlefieldheroespatcher@ea.com [2011.01.03 19:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2011.01.03 19:08:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.03 19:07:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.01.03 19:23:58 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\eugen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.03 21:07:43 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.01.03 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Foxit [2011.01.03 19:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2011.01.03 19:12:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.03 19:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.01.03 19:08:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:08:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.03 19:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.01.02 20:07:22 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2011.01.02 13:48:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.12.25 16:40:58 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.22 19:17:52 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.18 14:37:41 | 000,000,000 | ---D | C] -- C:\Users\eugen\AppData\Roaming\Avira [2010.12.18 14:36:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.12.18 14:36:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.18 14:36:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.12.18 14:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010.12.18 14:16:21 | 000,032,768 | ---- | C] (*) -- C:\Windows\System32\chipxum.dll [2010.12.18 14:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\CHIP System-Check-Tool [2010.12.16 20:17:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.16 20:16:47 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.16 20:16:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.16 20:16:41 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.16 20:16:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.16 20:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.16 20:16:35 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.16 20:16:35 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.12.16 20:16:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.16 20:16:29 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.16 20:16:27 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.16 20:16:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.16 20:16:24 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.12.16 20:16:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.16 20:16:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.02.01 06:58:06 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.01.04 18:42:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.04 18:42:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.04 18:42:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.04 18:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.04 18:42:28 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys [2011.01.04 01:04:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.01.04 00:10:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.03 21:53:58 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2011.01.03 19:24:16 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.03 19:07:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.01.03 19:07:36 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.03 19:07:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.01 23:04:25 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.31 20:07:21 | 000,050,688 | ---- | M] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.27 17:55:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.27 17:55:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.27 17:55:11 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.27 17:55:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.26 22:15:50 | 019,985,265 | ---- | M] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.23 19:13:08 | 000,024,576 | ---- | M] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.12.22 20:56:19 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.12.22 19:04:42 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\eugen\Desktop\OTL.exe [2010.12.21 19:34:39 | 000,296,448 | ---- | M] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 01:02:27 | 000,252,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.10 10:04:07 | 008,827,028 | ---- | M] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:07 | 001,777,838 | ---- | M] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:15:25 | 003,913,092 | ---- | M] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 21:25:06 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini ========== Files Created - No Company Name ========== [2011.01.03 19:24:16 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.01.01 23:06:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2010.12.22 19:32:17 | 000,296,448 | ---- | C] () -- C:\Users\eugen\Desktop\5lvc84qm.exe [2010.12.18 14:36:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.12.18 14:16:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\DriveInfo.dll [2010.12.10 21:59:59 | 019,985,265 | ---- | C] () -- C:\Users\eugen\Documents\vlc-1.1.5-win32.exe [2010.12.10 10:03:30 | 008,827,028 | ---- | C] () -- C:\Users\eugen\Desktop\duck_sauce_barbara_streisand_[zaycev-mp3.net].mp3 [2010.12.10 09:17:00 | 001,777,838 | ---- | C] () -- C:\Users\eugen\Desktop\mp4.ma_Desole.mp3 [2010.12.10 09:14:37 | 003,913,092 | ---- | C] () -- C:\Users\eugen\Desktop\01-I-Need-a-Dollar.mp3 [2010.12.09 22:40:00 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys [2010.11.14 17:56:59 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini [2010.10.15 17:11:31 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.10.15 17:11:21 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.09.29 20:04:23 | 000,000,036 | ---- | C] () -- C:\Users\eugen\AppData\Local\housecall.guid.cache [2010.06.15 17:05:32 | 000,000,174 | ---- | C] () -- C:\Windows\holdemg.ini [2010.06.13 17:40:40 | 000,024,576 | ---- | C] () -- C:\Users\eugen\AppData\Local\WebpageIcons.db [2010.03.16 19:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2010.02.06 16:12:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.03 22:20:47 | 000,050,688 | ---- | C] () -- C:\Users\eugen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.01 06:58:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.02.01 06:44:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.04.18 10:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll [2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\Windows\System32\AgCPanelFrench.dll ========== LOP Check ========== [2010.06.03 10:55:52 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Auslogics [2010.02.05 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\CheckPoint [2011.01.03 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Foxit [2010.12.29 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\ICQ [2010.06.29 14:48:04 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\IrfanView [2010.02.22 21:59:50 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\OpenOffice.org [2010.09.29 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Red Alert 3 [2010.06.27 19:23:46 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\RevoluTV [2010.02.01 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\eugen\AppData\Roaming\Thunderbird [2011.01.04 01:04:12 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
04.01.2011, 19:35
| #44 |
| /// Helfer-Team | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten Okay, erledigt  Dann sollten wir fertig sein. Abschliessend noch die letzten Schritte für dich:1.)Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell. 2.) Systemwiederherstellung leeren
Und für die Zukunft: Sicherheit im Internet
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
04.01.2011, 19:57
| #45 |
| | Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten hey das ist ja super, danke dir! kannst du mir evt. in laien sprache kurz sagen was da los war? |
|
| Themen zu Nach einer Malware attacke lassen sich einige Programme nicht mehr updaten |
| adobe, adobe flash player, anti-malware, avira, firefox, flash player, folge, home, home premium, infiziert, malware, nicht mehr, player, problem, probleme, programme, rechner, server, sp2, update, updaten, verbindung, vista, vista home premium, windows, windows vista, windows vista home |
Linear-Darstellung
