| |
| |||||||
Log-Analyse und Auswertung: C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dllWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.04.2011, 10:40
| #1 |
 |  C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Vorerst ein freundliches Hallo!  Ich habe diese Art von Problem bereits hier im Forum gefunden, allerdings möchte ich nicht blind irgendwelche Anweisungen befolgen, da meine Kenntnisse in diesem Bereich von dünn gesäht bis nicht vorhanden reichen.  Aus diesem Grunde habe ich ein neues Thema aufgemacht und hoffe, dass sich Jemand meiner annimmt und mir helfen kann. Seid ein paar Tagen habe ich das Poroblem, dass diese (im Titel genannte) Fehlermeldung nach dem Hochfahren meines Rechners auftritt und mir angibt, dass eben diese Datei nicht gefunden werden konnte. Daraufhin habe ich versucht mich hier im Forum etwas schlau zu machen. Zuallererst hatte ich zwei dieser Meldungen und habe Malwarebytes über mein System laufen lassen. Ich hatte ziemlich viele Funde und habe diese löschen lassen. Leider reichte meine Gehirnkapazität nun nicht mehr dafür aus, den Report zu kopieren.  Desweiteren, hat mir Maleware angegeben, dass eine Datei nicht gelöscht werden konnte. Jedenfalls hat sich hiernach das Problem auf eine dieser beiden Fehlermeldungen reduziert. Ich habe jetzt nocheinmal Maleware benutzt und dieses mal den Report gespeichert. Die Fehlermeldung besteht weiterhin ( Fehler beim Laden von C:\....dll Das angegebene Modul wurde nicht gefunden).Mein Computer macht mir ziemliches Kopfzerbrechen ich hoffe, dass mir Jemand helfen kann.  Ich bedanke mich im Vorraus schonmal für alle Antworten. Grüße Shinichi |
|
17.04.2011, 12:13
| #2 | |
| /// TB-Ausbilder   | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich möchte dich nun darauf hinweisen, dass ich hier noch im Training bin und jede Antwort zuerst von einem Mitglied des Kompetenzteams freigegeben werden muss. Dies kann eine leichte Verzögerung der Antworten hervorrufen. Ich bedanke mich für deine Geduld. Bitte lies dir folgende Themen durch:
Erstelle anschließend die gewünschten Logfiles. Ohne die entsprechenden Logfiles kann und wird dir hier niemand helfen. Vielen Dank für dein Verständnis. Zitat:
|
|
17.04.2011, 15:14
| #3 |
| | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Hallo M-K-D-B,
__________________vielen dank, dass du mir helfen möchtest!  Mir ist durchaus bewusst, dass das mit Arbeit verbunden ist aber ich bin gewillt meinen Rechner von diesen Plagegeistern zu befreien. Jedoch wirst du wohl viel geduld mitbringen müssen, da ich wie gesagt wirklich keine Ahnung von soetwas habe.  Aber hier habe ich nun die gewünschten Logfiles. Gruß Shinichi |
|
17.04.2011, 18:22
| #4 |
| /// TB-Ausbilder | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Hallo Shinichi, Schritt # 1: Hinweise Bitte beachte folgende Hinweise:
Schritt # 2: Load.exe ausführen Downloade Dir bitte Load.exe
TFC wird alle offenen Programme schließen. Sichere alle offenen Dokumente bevor du Start drückst Sollte TFC den Rechner nicht neu starten wird Load.exe den Rechner neu starten. Nach dem Neustart wird sich automatisch die Anleitung.html ( zu finden auf dem Desktop ) öffnen. Darin wird die Anweisung der Tools beschrieben. Schritt # 3: Fragen beantworten Bitte beantworte uns folgende Fragen:
Schritt # 4: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort die Logfiles von
|
|
17.04.2011, 22:11
| #5 |
| | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Hallo M-K-D-B, entschuldige bitte, dass ich nicht aufmerksam genug gelesen habe und somit die OTL-Logfile nicht gepostet habe. Ich werde von nun an aufmerksamer sein.  OTL.Txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.04.2011 20:53:12 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melissa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 52,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,29 Gb Total Space | 50,70 Gb Free Space | 35,14% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS Drive G: | 298,01 Gb Total Space | 124,89 Gb Free Space | 41,91% Space Free | Partition Type: FAT32 Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32 Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Programme\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Programme\Common Files\Marmiko Shared\MWLaMaS.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de) PRC - C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AdobeActiveFileMonitor7.0) -- D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (SIS163u) -- C:\Windows\System32\drivers\SiS163u.sys (SiS Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKLM\..\URLSearchHook: {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Programme\DigitalPowered\tbDigi.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Programme\DigitalPowered\tbDigi.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.12 18:27:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 10:54:47 | 000,000,000 | ---D | M] [2009.01.19 23:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Extensions [2011.04.17 17:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions [2010.07.09 10:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.14 11:54:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.10.04 10:31:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.10.26 15:04:48 | 000,000,000 | ---D | M] (DigitalPowered Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed} [2011.03.30 18:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}-trash [2011.01.25 12:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.01.19 14:45:37 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.10.04 10:31:38 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} [2011.01.25 12:30:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com [2011.03.29 14:50:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com [2010.03.28 22:07:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\illimitux@illimitux.net [2010.01.30 16:48:09 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\radiobar@toolbar [2010.02.07 02:10:02 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\searchrecs@veoh.com [2011.01.25 12:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\staged-xpis [2010.08.09 11:29:22 | 000,000,873 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\searchplugins\conduit.xml [2011.04.06 22:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.16 21:00:29 | 000,000,000 | ---D | M] (VMLoad) -- C:\Programme\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE} [2009.08.15 23:40:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.06 21:44:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2009.01.20 12:30:15 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll [2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2011.03.06 00:27:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.06 00:27:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.06 00:27:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.06 00:27:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.06 00:27:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (DigitalPowered Toolbar) - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Programme\DigitalPowered\tbDigi.dll (Conduit Ltd.) O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Melissa\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (DigitalPowered Toolbar) - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Programme\DigitalPowered\tbDigi.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DigitalPowered Toolbar) - {B317125E-2F10-4388-BF1F-2C31C6CD89ED} - C:\Programme\DigitalPowered\tbDigi.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acer Tour Reminder] File not found O4 - HKLM..\Run: [Apanel] File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKCU..\Run: [chknelog] File not found O4 - HKCU..\Run: [cxlacuxatx.exe] File not found O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.03 12:58:30 | 000,000,038 | -H-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ] O32 - AutoRun File - [2009.08.10 15:40:34 | 000,000,103 | ---- | M] () - J:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{26f0f3d0-e677-11dd-b932-0040f4b7a179}\Shell - "" = AutoRun O33 - MountPoints2\{26f0f3d0-e677-11dd-b932-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe O33 - MountPoints2\{2736ac1d-cde0-11de-9b03-0040f4b7a179}\Shell - "" = AutoRun O33 - MountPoints2\{2736ac1d-cde0-11de-9b03-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe O33 - MountPoints2\{5560534d-38b7-11de-87b8-0040f4b7a179}\Shell - "" = AutoRun O33 - MountPoints2\{5560534d-38b7-11de-87b8-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe O33 - MountPoints2\{b06dce6f-5cdc-11de-919f-0040f4b7a179}\Shell - "" = AutoRun O33 - MountPoints2\{b06dce6f-5cdc-11de-919f-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\DVR/AutoRun.exe start.exe O33 - MountPoints2\{cd3199c9-e665-11dd-9066-001fe23aea48}\Shell\AutoRun\command - "" = G:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.17 20:51:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe [2011.04.16 11:30:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.16 11:30:02 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.16 11:30:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.16 11:30:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.16 11:30:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.16 11:30:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.16 11:30:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.16 11:30:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.16 11:30:01 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.16 11:30:01 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.16 11:30:00 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.16 11:30:00 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.16 11:30:00 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.16 11:30:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.16 11:30:00 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.16 11:30:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.16 11:30:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.16 11:30:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.16 11:30:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.16 11:30:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.16 11:30:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.16 11:29:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.16 11:29:59 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.16 11:29:59 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.16 11:29:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.16 11:29:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.16 11:29:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.16 11:29:59 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.16 11:29:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.16 11:29:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.16 11:29:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.16 11:29:58 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.16 11:29:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.16 11:29:58 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.16 11:29:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.16 11:29:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.16 11:29:58 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.16 11:29:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.16 11:29:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Malwarebytes [2011.04.15 15:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.15 15:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.15 15:11:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.15 15:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.14 09:01:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 09:01:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 09:01:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 09:01:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 09:01:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 09:01:37 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 02:05:14 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.04.13 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2011.04.13 12:51:30 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2011.04.13 12:36:09 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Xois [2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Iwnevo [2011.03.23 14:14:02 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 14:14:02 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2009.01.19 22:11:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2008.09.30 06:55:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL ========== Files - Modified Within 30 Days ========== [2011.04.17 20:51:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe [2011.04.17 20:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.17 19:29:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.17 19:29:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.17 19:14:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.17 15:34:22 | 000,233,472 | ---- | M] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.17 12:37:59 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.17 12:37:59 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.17 12:37:59 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.17 12:37:59 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.17 11:29:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.17 11:28:58 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys [2011.04.17 10:17:49 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2011.04.16 11:30:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.16 11:30:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.16 11:30:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.16 11:30:02 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.16 11:30:02 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.16 11:30:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.16 11:30:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.16 11:30:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.16 11:30:02 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.16 11:30:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.16 11:30:01 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.16 11:30:01 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.16 11:30:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.16 11:30:00 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.16 11:30:00 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.16 11:30:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.16 11:30:00 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.16 11:30:00 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.16 11:30:00 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.16 11:30:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.16 11:30:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.16 11:30:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.16 11:30:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.16 11:30:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.16 11:29:59 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.16 11:29:59 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.16 11:29:59 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.16 11:29:59 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.16 11:29:59 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.16 11:29:59 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.16 11:29:59 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.16 11:29:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.16 11:29:59 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.16 11:29:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.16 11:29:58 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.16 11:29:58 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.16 11:29:58 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.16 11:29:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.16 11:29:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.16 11:29:58 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.16 11:29:58 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.16 11:29:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 15:11:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.15 03:30:24 | 000,328,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 12:51:32 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.04.11 20:43:57 | 092,643,550 | ---- | M] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv [2011.04.06 22:35:33 | 000,000,054 | ---- | M] () -- C:\Windows\mpsettings.ini ========== Files Created - No Company Name ========== [2011.04.16 11:30:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.15 15:11:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.13 12:51:32 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.04.11 20:43:58 | 092,643,550 | ---- | C] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv [2011.04.06 22:35:33 | 000,000,054 | ---- | C] () -- C:\Windows\mpsettings.ini [2010.08.13 11:30:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.06.22 15:21:30 | 000,000,000 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\chrtmp [2010.06.14 19:12:53 | 000,000,130 | ---- | C] () -- C:\Windows\System32\rpireica.bin [2009.11.12 20:27:13 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.11.12 20:27:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.11.12 20:27:08 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.11.12 20:27:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.11.12 20:27:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.11.09 19:19:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\swunilog.ini [2009.11.04 23:47:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll [2009.09.24 06:17:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.24 06:17:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.02 06:57:23 | 000,007,268 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat [2009.07.02 13:51:39 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat [2009.02.10 19:22:57 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.01.28 20:46:28 | 000,000,096 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat [2009.01.20 13:05:11 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2009.01.20 13:05:01 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2009.01.20 13:04:31 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.20 13:04:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2009.01.20 13:03:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.20 13:03:53 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.20 13:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2009.01.20 13:02:53 | 000,006,315 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.01.20 00:02:56 | 000,233,472 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.19 23:11:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.19 22:39:59 | 000,000,095 | ---- | C] () -- C:\Users\Melissa\AppData\Local\fusioncache.dat [2009.01.19 22:11:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.06 06:48:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.10.06 06:48:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.01.21 09:15:58 | 000,674,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,146,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.04.11 19:30:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.04.11 17:09:20 | 000,000,734 | ---- | C] () -- C:\Windows\generic.ini [2007.04.11 17:09:20 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.04.11 17:07:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.04.11 17:07:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.04.11 17:07:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.04.11 09:20:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,328,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.01.06 15:04:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 48 bytes -> C:\Windows:857B1D3CE2BFC36F < End of report > Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.04.2011 20:53:12 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melissa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 50,70 Gb Free Space | 35,14% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS
Drive G: | 298,01 Gb Total Space | 124,89 Gb Free Space | 41,91% Space Free | Partition Type: FAT32
Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32
Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe (Deutsche Telekom AG, T-Com)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9265EC7A-E74F-4CDF-8A76-E4033AD19FF8}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) |
"{9D830633-DD90-4848-B43D-4EF669D6F30D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C30F9E5F-F884-4709-8280-9BF784D597AF}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) |
"{CDB5E889-7B85-4872-A409-1F10550761B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36C6E343-386F-4206-9620-AE09F0637B87}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{37C1A328-628F-440D-BB32-B14E94F9B3C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{429E1076-6ED3-4631-A110-E242611ABD04}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{470485FC-DCD2-42E6-838B-540E050DE5C6}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{49E4D65D-DEF5-49DD-B6B4-D4518F3F07E1}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{4C880794-BF1D-4C44-AD3C-3FD4250E5173}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5A2859D1-F844-4801-BA8A-BDC0BDBFA558}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{6A08AA94-D7A3-4683-87AB-B24381941503}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{718A601A-C322-4255-83C0-FCDA64B2CA6D}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{76D1DCC1-7E94-4A4E-9187-78274AB2BBFC}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{868152AE-DA95-4E0E-9108-8CE3109FF356}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{88E99510-3643-4B2E-B7CE-83B61D45F9D8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9291FD17-F5BA-4322-A18A-4EC9F59C4022}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{99BCA220-9175-484D-BC1C-2B1676046127}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{A53B27B6-773D-47E5-AFA9-73C76B7FF3E9}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{A8296857-D3DC-45A0-AEA7-8C9B04B9EB2A}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{AB2224D7-5B2C-4C66-9F80-4C9570629041}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{AE04494B-E8AE-437B-9966-C6983DD556F0}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{AF92660B-57A0-46FB-885B-3665D19E3912}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{CA400290-A962-4669-95F0-71C5F75DF3A5}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{EB9C78C8-C45B-4B90-80EA-EC8212B374EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001FC252-5D30-956C-D6E3-405B9651B698}" = CCC Help Korean
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0145ABB1-8F13-D85C-EFA7-16AAFD415F07}" = Catalyst Control Center Localization Chinese Standard
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08091134-5478-4F0E-5A1A-470BE72647ED}" = CCC Help Thai
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F72BF6-D1B1-04AF-BBB2-EA2BA6F50EDB}" = CCC Help English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1E6F7CFD-5BEB-0828-B1B1-645FA4F292DB}" = Catalyst Control Center Localization Korean
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{27005EDF-E80A-7059-81A3-692051625488}" = Catalyst Control Center Localization French
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D4A265B-8CE4-EF70-0C2A-1271119AA5B3}" = Catalyst Control Center Localization Turkish
"{2EA65C2D-0C11-3D8B-46AE-B9092EE7D64C}" = CCC Help Norwegian
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EB3629F-C98A-F5A3-25C2-D47B0EDF2A7C}" = CCC Help Greek
"{2FA6AE84-DFE1-9651-7AEB-2E8C78E5B97D}" = CCC Help Swedish
"{355D4B62-447F-1654-70EE-5DEB8D11D807}" = Catalyst Control Center Localization Danish
"{37EBDFAC-5900-A0AD-CCE9-9A0DDA5682F9}" = Catalyst Control Center Localization Portuguese
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41D87F76-0623-B98E-089E-AD0010369AC1}" = ccc-utility
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45576B9A-D9A9-CCE2-488F-E74A96FA550B}" = CCC Help Turkish
"{472BC165-1990-1963-7AAD-BD4DAA3F293E}" = CCC Help Finnish
"{4B4C56E5-819C-E1EB-B682-2F3EB3C32D88}" = CCC Help Hungarian
"{4C0F2181-4765-D5C5-B665-52E7722C1D18}" = Catalyst Control Center Localization Japanese
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{526B988C-393C-181A-0536-257C6AE70D18}" = CCC Help Portuguese
"{5792B5D9-645A-3309-C848-9BB7A68F1667}" = CCC Help Russian
"{593AF68A-BEDA-BC04-D278-7E020F2E6A6E}" = Catalyst Control Center Localization Dutch
"{5EC29BC7-F0E5-4FA1-864C-D155548B024E}" = Altova StyleVision® 2009 Enterprise Edition
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ED5CFB-7EBF-AEF2-C5FF-DCF2D2AC5A77}" = Catalyst Control Center Core Implementation
"{687C95B4-4670-DEF1-4585-E11CE3AB7C26}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D4DC170-69D1-7CE8-EF98-6DCDC887FA1C}" = Catalyst Control Center Localization Spanish
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{75D803F3-2CCA-F91B-F269-1EA77BA56688}" = Catalyst Control Center Localization Chinese Traditional
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CE727EA-498F-B17F-53B6-C695E134C83C}" = Catalyst Control Center Localization Greek
"{7E70195B-0530-EED3-E8FE-237EC86F989E}" = Catalyst Control Center Localization Polish
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver Installation Program
"{886607CA-3144-493D-1134-EEAAC8D5AAFD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5AEB5F-C533-FD3B-9D35-6FF8BEB91A7E}" = CCC Help Dutch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CB7C96F-22D5-5911-3507-4639ED218CE6}" = CCC Help Polish
"{8FF37D01-3105-690A-C481-06EBED787498}" = Catalyst Control Center Localization Swedish
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97D4EB44-3BD8-F35A-14AE-73FB3B491396}" = Catalyst Control Center Localization Italian
"{99AF8AED-2960-B47B-CAA0-1558B5E78D48}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5A6F0F-EBEC-85B1-C3C2-07E84A58E0DD}" = Catalyst Control Center Graphics Light
"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A78024C0-8C20-27CB-2B7B-6A60445B61AF}" = Catalyst Control Center Localization Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B231A9E2-9E9C-9226-E483-DD2D725D1BFE}" = Catalyst Control Center Localization Thai
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7CBEC53-C913-87E2-D70F-3BABEFB0A080}" = Catalyst Control Center Localization Finnish
"{B92C4887-D617-F6C5-DC4B-94984C23E0ED}" = Catalyst Control Center Graphics Full Existing
"{BD2BA0B1-5448-987E-9562-6C665252714A}" = Catalyst Control Center Localization Norwegian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDC88E5A-F47B-4314-AB38-994592E32C95}" = 802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00
"{C03A4F4C-09A2-ADA3-0DE9-F830F636DD4B}" = CCC Help Spanish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6660342-B863-AD6B-3D74-C5466AAF1A5F}" = CCC Help Italian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D475C441-82E7-4694-8717-EA8896D6D37A}" = CCC Help Japanese
"{D51FFF33-0F42-72C1-0DFD-220E3B3E4F97}" = CCC Help Chinese Traditional
"{DABC2CCE-5B36-66D2-2CEF-EA2188BE51CF}" = ccc-core-static
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD8E5E2F-2189-3CB5-D048-38102D91C06A}" = Catalyst Control Center Graphics Full New
"{DE247139-8107-31A7-E580-6AFAE183A95F}" = Catalyst Control Center Localization German
"{DEB38E1A-F4E5-4DF0-96F4-4050567A9D09}" = AV Input Selection
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7DA2552-8808-7F25-1A85-AAFDE834CA14}" = CCC Help Czech
"{EB0A38F9-6698-B5D5-949E-E042BBEE763B}" = Catalyst Control Center Localization Hungarian
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F748B133-D25C-14C2-0178-D90703042FDE}" = CCC Help Chinese Standard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F840ACBD-6167-EDD9-FD4D-41A79DF43552}" = Catalyst Control Center Localization Czech
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Any Video Converter_is1" = Any Video Converter 2.6.7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CloneDVD2" = CloneDVD2
"conduitEngine" = Conduit Engine
"Defraggler" = Defraggler
"DigitalPowered Toolbar" = DigitalPowered Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free Studio_is1" = Free Studio version 4.2
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Desktop" = Google Desktop
"Graboid Video" = Graboid Video 1.65
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{BDC88E5A-F47B-4314-AB38-994592E32C95}" = 802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"RealPlayer 12.0" = RealPlayer
"Replay Media Catcher 3.11" = Replay Media Catcher 3.11
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Shockwave" = Shockwave
"Tastenteufel" = Tastenteufel
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.04.2011 20:06:28 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.04.2011 20:06:28 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16208
Error - 01.04.2011 20:06:28 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16208
Error - 01.04.2011 20:06:29 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.04.2011 20:06:29 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17207
Error - 01.04.2011 20:06:29 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17207
Error - 01.04.2011 20:06:30 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.04.2011 20:06:30 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18221
Error - 01.04.2011 20:06:30 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18221
Error - 01.04.2011 20:06:31 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ System Events ]
Error - 16.04.2011 05:22:42 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033
Description = Edid checksum error
Error - 16.04.2011 05:22:42 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43037
Description =
Error - 16.04.2011 05:22:42 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033
Description = Edid checksum error
Error - 17.04.2011 04:17:50 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033
Description = Edid checksum error
Error - 17.04.2011 04:20:24 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033
Description = Edid checksum error
Error - 17.04.2011 04:20:25 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43037
Description =
Error - 17.04.2011 04:20:25 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033
Description = Edid checksum error
Error - 17.04.2011 05:28:59 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033
Description = Edid checksum error
Error - 17.04.2011 05:28:59 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43037
Description =
Error - 17.04.2011 05:28:59 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033
Description = Edid checksum error
< End of report >
Gmer.Txt GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-17 22:39:47
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6 WDC_WD3200AAJS-22B4A0 rev.01.03A01
Running: g2m3e4r.exe; Driver: C:\Users\Melissa\AppData\Local\Temp\pwtcauoc.sys
---- System - GMER 1.0.15 ----
SSDT 9B229C6C ZwCreateThread
SSDT 9B229C58 ZwOpenProcess
SSDT 9B229C5D ZwOpenThread
SSDT 9B229C67 ZwTerminateProcess
INT 0x51 ? 844C5BF8
INT 0x61 ? 844C5BF8
INT 0x62 ? 85E87F00
INT 0x72 ? 85E87F00
INT 0x82 ? 85E87F00
INT 0x92 ? 85E87F00
INT 0xB2 ? 844C5BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 824F59A4 4 Bytes [6C, 9C, 22, 9B]
.text ntkrnlpa.exe!KeSetEvent + 3F2 824F5B75 3 Bytes [9C, 22, 9B]
.text ntkrnlpa.exe!KeSetEvent + 40D 824F5B90 4 Bytes [5D, 9C, 22, 9B]
.text ntkrnlpa.exe!KeSetEvent + 621 824F5DA4 4 Bytes [67, 9C, 22, 9B]
? System32\Drivers\splb.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8D31341B 5 Bytes JMP 85E874E0
.text alvdiw0b.SYS 8D377000 22 Bytes [82, D3, 41, 82, 6C, D2, 41, ...]
.text alvdiw0b.SYS 8D377017 137 Bytes [00, 32, 97, B1, 82, 3D, 95, ...]
.text alvdiw0b.SYS 8D3770A1 43 Bytes [20, 4F, 82, 74, 16, 49, 82, ...]
.text alvdiw0b.SYS 8D3770CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text alvdiw0b.SYS 8D3770DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1548] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 75FFB37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] kernel32.dll!GetTempFileNameW 77391741 5 Bytes JMP 100018E0 C:\Users\Melissa\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] kernel32.dll!CreateThread 773CC90E 5 Bytes JMP 6C677133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateDialogParamW 770E72A2 5 Bytes JMP 050A49D0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!GetAsyncKeyState 770E863C 2 Bytes JMP 6C65DC09 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!GetAsyncKeyState + 3 770E863F 2 Bytes [57, F5] {PUSH EDI; CMC }
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!SetWindowsHookExW 770E87AD 5 Bytes JMP 6C6B1FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CallNextHookEx 770E8E3B 5 Bytes JMP 6C6D7AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!UnhookWindowsHookEx 770E98DB 5 Bytes JMP 6C6FEB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!EnableWindow 770ECD8B 5 Bytes JMP 6C6B9884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DefWindowProcA 770EDB88 7 Bytes JMP 6C679345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateWindowExA 770EDC2A 2 Bytes JMP 6C683173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateWindowExA + 3 770EDC2D 2 Bytes [59, F5] {POP ECX; CMC }
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateWindowExW 770F1305 5 Bytes JMP 6C6DFF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!GetKeyState 770F8CB1 5 Bytes JMP 6C65DAE3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DefWindowProcW 771003B4 7 Bytes JMP 6C6D7B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!IsDialogMessageW 77100745 5 Bytes JMP 6C806406 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!TrackPopupMenu 771014F3 5 Bytes JMP 050A4150 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateDialogParamA 771017AA 5 Bytes JMP 6C805C41 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!IsDialogMessage 77101847 5 Bytes JMP 6C8063DE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateDialogIndirectParamA 771026F1 5 Bytes JMP 6C805CB1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateDialogIndirectParamW 77109A62 5 Bytes JMP 6C805CE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!SetKeyboardState 77110987 5 Bytes JMP 6C806CCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!TrackPopupMenuEx 77110CE7 5 Bytes JMP 050A42B0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxParamW 771110B0 5 Bytes JMP 050A4B50 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxIndirectParamW 77112EF5 5 Bytes JMP 6C80590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!SendInput 77112F75 5 Bytes JMP 6C806C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!EndDialog 7711326E 5 Bytes JMP 6C8066B2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!SetCursorPos 77126FB2 5 Bytes JMP 6C806D4E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxParamA 77128152 5 Bytes JMP 6C8058AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxIndirectParamA 7712847D 5 Bytes JMP 6C805974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxIndirectA 7713D4D9 5 Bytes JMP 6C805831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxIndirectW 7713D5D3 5 Bytes JMP 6C8057B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxExA 7713D639 5 Bytes JMP 6C805754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxExW 7713D65D 5 Bytes JMP 6C8056F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!keybd_event 7713D972 5 Bytes JMP 6C806C32 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] SHELL32.dll!SHRestricted + D95 760489A8 4 Bytes [37, 01, 40, 67] {AAA ; ADD [EAX+0x67], EAX}
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] SHELL32.dll!SHRestricted + D9D 760489B0 8 Bytes [60, 61, 3F, 67, E1, F6, 3F, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] ole32.dll!OleLoadFromStream 75D61E80 5 Bytes JMP 6C806110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] ole32.dll!CoCreateInstance 75D99F3E 5 Bytes JMP 6C6DB6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!closesocket 772C330C 5 Bytes JMP 66F4EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!recv 772C343A 5 Bytes JMP 66F4F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!socket 772C36D1 5 Bytes JMP 66F4E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!connect 772C40D9 5 Bytes JMP 66F4E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!getaddrinfo 772C418A 5 Bytes JMP 66F4E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!send 772C659B 5 Bytes JMP 66F4E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4600] ntdll.dll!LdrLoadDll 776493A8 5 Bytes JMP 00E213F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4600] kernel32.dll!GetTempFileNameW 77391741 5 Bytes JMP 100018E0 C:\Users\Melissa\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4600] kernel32.dll!CreateFileW 773CAECB 5 Bytes JMP 10002150 C:\Users\Melissa\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] kernel32.dll!GetTempFileNameW 77391741 5 Bytes JMP 100018E0 C:\Users\Melissa\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] kernel32.dll!CreateFileW 773CAECB 5 Bytes JMP 10002150 C:\Users\Melissa\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!CreateDialogParamW 770E72A2 5 Bytes JMP 045349D0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!EnableWindow 770ECD8B 5 Bytes JMP 6C6B9884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!TrackPopupMenu 771014F3 5 Bytes JMP 04534150 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!TrackPopupMenuEx 77110CE7 5 Bytes JMP 045342B0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!DialogBoxParamW 771110B0 5 Bytes JMP 04534B50 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!DialogBoxIndirectParamW 77112EF5 5 Bytes JMP 6C80590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!DialogBoxParamA 77128152 5 Bytes JMP 6C8058AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!DialogBoxIndirectParamA 7712847D 5 Bytes JMP 6C805974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!MessageBoxIndirectA 7713D4D9 5 Bytes JMP 6C805831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!MessageBoxIndirectW 7713D5D3 5 Bytes JMP 6C8057B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!MessageBoxExA 7713D639 5 Bytes JMP 6C805754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!MessageBoxExW 7713D65D 5 Bytes JMP 6C8056F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84E5A1F8
Device \FileSystem\fastfat \FatCdrom 86D44500
Device \Driver\volmgr \Device\VolMgrControl 844C71F8
Device \Driver\netbt \Device\NetBT_Tcpip_{47A7ADE3-B642-4C17-9D29-3899857D60D3} 869BA1F8
Device \Driver\usbohci \Device\USBPDO-0 85E0D1F8
Device \Driver\PCI_PNP7131 \Device\00000051 splb.sys
Device \Driver\sptd \Device\47901140 splb.sys
Device \Driver\usbohci \Device\USBPDO-1 85E0D1F8
Device \Driver\usbohci \Device\USBPDO-2 85E0D1F8
Device \Driver\usbohci \Device\USBPDO-3 85E0D1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{489A8CC2-652A-4F88-A6E8-FAF429845542} 869BA1F8
Device \Driver\usbohci \Device\USBPDO-4 85E0D1F8
Device \Driver\usbehci \Device\USBPDO-5 85DE81F8
Device \Driver\volmgr \Device\HarddiskVolume1 844C71F8
Device \Driver\USBSTOR \Device\00000071 85F031F8
Device \Driver\USBSTOR \Device\00000071 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\volmgr \Device\HarddiskVolume2 844C71F8
Device \Driver\cdrom \Device\CdRom0 85E06500
Device \Driver\USBSTOR \Device\00000072 85F031F8
Device \Driver\USBSTOR \Device\00000072 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 84E591F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 84E591F8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 84E591F8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 84E591F8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-3 84E591F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-6 84E591F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-6 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\volmgr \Device\HarddiskVolume3 844C71F8
Device \Driver\cdrom \Device\CdRom1 85E06500
Device \Driver\volmgr \Device\HarddiskVolume4 844C71F8
Device \Driver\volmgr \Device\HarddiskVolume5 844C71F8
Device \Driver\USBSTOR \Device\00000068 85F031F8
Device \Driver\USBSTOR \Device\00000068 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\volmgr \Device\HarddiskVolume6 844C71F8
Device \Driver\USBSTOR \Device\00000069 85F031F8
Device \Driver\USBSTOR \Device\00000069 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\netbt \Device\NetBt_Wins_Export 869BA1F8
Device \Driver\Smb \Device\NetbiosSmb 86A861F8
Device \Driver\netbt \Device\NetBT_Tcpip_{68B68306-FE2F-4B37-BC10-4ABC839E99FD} 869BA1F8
Device \Driver\iScsiPrt \Device\RaidPort0 85F5E1F8
Device \Driver\usbohci \Device\USBFDO-0 85E0D1F8
Device \Driver\USBSTOR \Device\0000006c 85F031F8
Device \Driver\USBSTOR \Device\0000006c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\0000006d 85F031F8
Device \Driver\USBSTOR \Device\0000006d sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbohci \Device\USBFDO-1 85E0D1F8
Device \Driver\usbohci \Device\USBFDO-2 85E0D1F8
Device \Driver\usbohci \Device\USBFDO-3 85E0D1F8
Device \Driver\usbohci \Device\USBFDO-4 85E0D1F8
Device \Driver\usbehci \Device\USBFDO-5 85DE81F8
Device \Driver\alvdiw0b \Device\Scsi\alvdiw0b1 85F531F8
Device \Driver\alvdiw0b \Device\Scsi\alvdiw0b1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\alvdiw0b \Device\Scsi\alvdiw0b1Port5Path0Target0Lun0 85F531F8
Device \Driver\alvdiw0b \Device\Scsi\alvdiw0b1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\fastfat \Fat 86D44500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 85E881F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC9 0xEC 0x0A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF9 0xA7 0x70 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEE 0xA5 0x84 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE5 0x96 0xCF 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x68 0x4B 0xD6 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xD4 0x37 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC9 0xEC 0x0A 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF9 0xA7 0x70 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEE 0xA5 0x84 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE5 0x96 0xCF 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x68 0x4B 0xD6 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xD4 0x37 0x8B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}@hapjlkfbdnghfncc 0x6B 0x61 0x62 0x67 ...
---- EOF - GMER 1.0.15 ----
Eine Defogger.exe wurde nicht auf meinem Desktop erstellt und auch nach einem Suchdurchlauf konnte ich keine finden. Soll ich versuchen sie aus dem Internet zu downloaden? Das habe ich nicht getan, da ich zuerst deine Antwort von dir abwarten wollte. Nungut, zu den weiteren Problemen: Seit einiger Zeit kann ich Firefox nur noch eingeschränkt nutzen und muss den Internet Explorer verwenden um ins Internet zu gelangen. Wenn ich Firefox öffne ist zuerst alles normal jedoch, wenn ich es nur für eine kurze Zeit nicht nutze reagiert es nicht mehr, "keine Rückmeldung" wird oben angezeigt und das Programm funktioniert schlichtweg einfach nichtmehr, sodass ich es abbrechen muss. Von Zeit zu Zeit erhalte ich eine Fehlermeldung sobald der Rechner neu gestartet ist, dass ich mich im Offlinemodus befinde und habe die Wahl zwischen "Erneut versuchen" und "Abbrechen", wobei bei "Abbrechen" diese Meldung erneut angezeigt wird. Desweiteren erscheint neuerdings "Einige Autostartprogramme wurden geblockt. Programme, die eine Berechtigung zum Ausführen beim Windows-Start erfordern, werden von Windows geblockt. Klicken Sie hier, um die geblockten Programme anzuzeigen.". Neu ist eine Problemmeldung (ebenfalls nach dem Hochfahren) "[Java Skript-Anwendung] Reference Error:bbyln is not defined". Teilweise funktioniert meine Internetverbindung nicht und es wird mir angegeben "Internet nur local" jedoch glaube ich, dass dies ein Problem ist, dass von meinem Router kommt. Ich wollte es nur erwähnt haben. Eine Zeit lang konnte ich auch den Windows Explorer nicht verwenden, mir wurde angegeben, dass er von Windows selbst geblockt wird. Auch mein Windows Mediaplayer ist eine Zeit lang abgestürzt. Diese beiden Probleme tauchen allerdings mitlerweile nicht mehr auf. Ich hoffe ich habe dir nicht die Hoffnung genommen und lese bald wieder von dir!  Gruß Shinichi |
|
19.04.2011, 09:43
| #6 | ||||||
| /// TB-Ausbilder | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Hallo Shinichi, Schritt # 1: Beantwortung deiner Fragen Zitat:
Zitat:
Zitat:
Bei der nächsten derartigen Meldung klicke bitte auf das Symbol Geblockte Autostartprogramme und lass dir diese Programme anzeigen. Zitat:
Zitat:
Schritt # 2: Registry Cleaner Ich sehe, dass Du sogenannte Registry Cleaner am System hast. In deinem Fall Uniblue RegistryBooster 2010. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Schritt # 3: Deinstallation von Programmen Du hast Software auf deinem Rechner, welche unerlaubt Änderungen am System vornehmen und zudem keinen sinnvollen Zwecke erfüllen. Ich bitte dich, diese unbedingt zu deinstallieren.
Schritt # 4: Kontrolle mit VirusTotal Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Wiederhole die selben Schritte mit folgenden Dateien. Code:
ATTFilter C:\Windows\jautoexp.dat
Schritt # 5: Benutzerdefinierter Scan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Users\Melissa\AppData\Roaming\Xois /S
C:\Users\Melissa\AppData\Roaming\Iwnevo /S
/md5start
explorer.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
Schritt # 6: Stoppen von Treibern mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button. Schritt # 7: GMER Rootkitscan Bitte
Schritt # 8: Fragen beantworten Bitte beantworte uns folgende Fragen:
Schritt # 9: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
19.04.2011, 19:14
| #7 | |
| | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Hallo M-K-D-B, das genannte Problem ist jediglich bei Firefox vorhanden und tritt nicht bei meinem Internet Exproler auf. Wenn ich mir die geblockten, bzw. das gelockte Programm ansehe, wird mir angezeigt, dass es sich hierbei um Malwarebytes' Anti-Malwarehandelt. Die genannten Programme habe ich ohne Probleme löschen können, ich habe diese wohl unbewusst installieren lassen, wenn ich davon ausgehe, dass sie mir bei den Firefox Updates angegeben wurden. Ich werde demnächst mehr darauf achtgeben. Bei der Datei von Megavideo handelt es sich um einen Teil eines Videos, welches ich wohl mal bei dem Versuch etwas anzusehen gedownloadet habe, soll ich es einfach löschen? Es treten keine der genannten Probleme auf, wenn ich es ausführe. Hier die gwünschten Links: Zitat:
Code:
ATTFilter OTL logfile created on: 19.04.2011 19:23:44 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melissa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,29 Gb Total Space | 51,00 Gb Free Space | 35,35% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS Drive G: | 298,01 Gb Total Space | 126,61 Gb Free Space | 42,49% Space Free | Partition Type: FAT32 Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32 Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Programme\Common Files\Marmiko Shared\MWLaMaS.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de) PRC - C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AdobeActiveFileMonitor7.0) -- D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (SIS163u) -- C:\Windows\System32\drivers\SiS163u.sys (SiS Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.12 18:27:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 10:54:47 | 000,000,000 | ---D | M] [2009.01.19 23:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Extensions [2011.04.18 23:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions [2010.07.09 10:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.14 11:54:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.10.04 10:31:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.10.26 15:04:48 | 000,000,000 | ---D | M] (DigitalPowered Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed} [2011.03.30 18:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}-trash [2011.01.25 12:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.01.19 14:45:37 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.10.04 10:31:38 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} [2011.01.25 12:30:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com [2011.03.29 14:50:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com [2010.03.28 22:07:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\illimitux@illimitux.net [2010.01.30 16:48:09 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\radiobar@toolbar [2010.02.07 02:10:02 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\searchrecs@veoh.com [2011.01.25 12:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\staged-xpis [2010.08.09 11:29:22 | 000,000,873 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\searchplugins\conduit.xml [2011.04.06 22:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.16 21:00:29 | 000,000,000 | ---D | M] (VMLoad) -- C:\Programme\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE} [2009.08.15 23:40:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.06 21:44:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2009.01.20 12:30:15 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll [2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2011.03.06 00:27:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.06 00:27:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.06 00:27:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.06 00:27:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.06 00:27:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Melissa\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Acer Tour Reminder] File not found O4 - HKLM..\Run: [Apanel] File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKCU..\Run: [chknelog] File not found O4 - HKCU..\Run: [cxlacuxatx.exe] File not found O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.03 12:58:30 | 000,000,038 | -H-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ] O32 - AutoRun File - [2009.08.10 15:40:34 | 000,000,103 | ---- | M] () - J:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{26f0f3d0-e677-11dd-b932-0040f4b7a179}\Shell - "" = AutoRun O33 - MountPoints2\{26f0f3d0-e677-11dd-b932-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe O33 - MountPoints2\{2736ac1d-cde0-11de-9b03-0040f4b7a179}\Shell - "" = AutoRun O33 - MountPoints2\{2736ac1d-cde0-11de-9b03-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe O33 - MountPoints2\{5560534d-38b7-11de-87b8-0040f4b7a179}\Shell - "" = AutoRun O33 - MountPoints2\{5560534d-38b7-11de-87b8-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe O33 - MountPoints2\{b06dce6f-5cdc-11de-919f-0040f4b7a179}\Shell - "" = AutoRun O33 - MountPoints2\{b06dce6f-5cdc-11de-919f-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\DVR/AutoRun.exe start.exe O33 - MountPoints2\{cd3199c9-e665-11dd-9066-001fe23aea48}\Shell\AutoRun\command - "" = G:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Acer Empowering Technology Monitor - hkey= - key= - C:\Acer\Empowering Technology\SysMonitor.exe () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: InfoCockpit - hkey= - key= - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: mcagent_exe - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.04.17 21:57:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.17 21:30:47 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe [2011.04.17 21:30:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe [2011.04.17 20:51:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe [2011.04.15 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Malwarebytes [2011.04.15 15:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.15 15:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.15 15:11:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.15 15:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.13 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2011.04.13 12:51:30 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2011.04.13 12:36:09 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Xois [2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Iwnevo [2009.01.19 22:11:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2008.09.30 06:55:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL ========== Files - Modified Within 30 Days ========== [2011.04.19 19:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.19 19:14:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.19 18:52:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.19 18:52:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.19 18:52:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.19 18:52:25 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys [2011.04.19 18:49:41 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2011.04.18 22:19:25 | 000,040,005 | ---- | M] () -- C:\Users\Melissa\Desktop\Malvada.odt [2011.04.18 21:24:54 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.18 21:24:54 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.18 21:24:54 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.18 21:24:54 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.18 15:52:08 | 000,244,736 | ---- | M] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.17 21:55:23 | 000,000,737 | ---- | M] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk [2011.04.17 21:55:23 | 000,000,718 | ---- | M] () -- C:\Users\Melissa\Desktop\ERUNT.lnk [2011.04.17 21:39:24 | 000,301,568 | ---- | M] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe [2011.04.17 21:39:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe [2011.04.17 21:39:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe [2011.04.17 21:39:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe [2011.04.17 21:28:35 | 000,377,280 | ---- | M] () -- C:\Users\Melissa\Desktop\Load.exe [2011.04.17 10:17:49 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2011.04.16 11:30:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.16 11:30:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.16 11:30:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.15 15:11:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.15 03:30:24 | 000,328,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 12:51:32 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.04.11 20:43:57 | 092,643,550 | ---- | M] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv [2011.04.06 22:35:33 | 000,000,054 | ---- | M] () -- C:\Windows\mpsettings.ini ========== Files Created - No Company Name ========== [2011.04.19 18:49:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011.04.18 21:23:54 | 000,040,005 | ---- | C] () -- C:\Users\Melissa\Desktop\Malvada.odt [2011.04.17 21:55:23 | 000,000,737 | ---- | C] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk [2011.04.17 21:55:23 | 000,000,718 | ---- | C] () -- C:\Users\Melissa\Desktop\ERUNT.lnk [2011.04.17 21:30:47 | 000,301,568 | ---- | C] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe [2011.04.17 21:28:35 | 000,377,280 | ---- | C] () -- C:\Users\Melissa\Desktop\Load.exe [2011.04.16 11:30:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.15 15:11:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.13 12:51:32 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.04.11 20:43:58 | 092,643,550 | ---- | C] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv [2011.04.06 22:35:33 | 000,000,054 | ---- | C] () -- C:\Windows\mpsettings.ini [2010.08.13 11:30:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.06.22 15:21:30 | 000,000,000 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\chrtmp [2010.06.14 19:12:53 | 000,000,130 | ---- | C] () -- C:\Windows\System32\rpireica.bin [2009.11.12 20:27:13 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.11.12 20:27:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.11.12 20:27:08 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.11.12 20:27:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.11.12 20:27:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.11.09 19:19:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\swunilog.ini [2009.11.04 23:47:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll [2009.09.24 06:17:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.24 06:17:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.02 06:57:23 | 000,007,268 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat [2009.07.02 13:51:39 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat [2009.02.10 19:22:57 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.01.28 20:46:28 | 000,000,096 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat [2009.01.20 13:05:11 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2009.01.20 13:05:01 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2009.01.20 13:04:31 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.20 13:04:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2009.01.20 13:03:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.20 13:03:53 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.20 13:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2009.01.20 13:02:53 | 000,006,315 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.01.20 00:02:56 | 000,244,736 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.19 23:11:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.19 22:39:59 | 000,000,095 | ---- | C] () -- C:\Users\Melissa\AppData\Local\fusioncache.dat [2009.01.19 22:11:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.06 06:48:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.10.06 06:48:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.01.21 09:15:58 | 000,674,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,146,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.04.11 19:30:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.04.11 17:09:20 | 000,000,734 | ---- | C] () -- C:\Windows\generic.ini [2007.04.11 17:09:20 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.04.11 17:07:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.04.11 17:07:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.04.11 17:07:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.04.11 09:20:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,328,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.01.06 15:04:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2007.04.11 08:32:30 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Acer GameZone Console [2011.04.11 21:09:32 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Any Video Converter [2009.11.13 18:01:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Blitware [2009.01.29 23:08:16 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Canneverbe_Limited [2011.03.13 18:28:27 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\CD Art Display [2009.06.30 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\DAEMON Tools Lite [2009.11.05 23:11:46 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\InterTrust [2011.04.13 11:25:24 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Iwnevo [2010.09.24 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Leadertech [2010.05.20 00:30:37 | 000,000,000 | -HSD | M] -- C:\Users\Melissa\AppData\Roaming\lowsec [2009.04.25 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\OpenOffice.org [2009.01.19 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\T-Online [2009.03.04 20:54:32 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Template [2009.11.13 18:08:33 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Uniblue [2010.11.05 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\uTorrent [2011.04.06 22:58:40 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\VMLoad [2010.10.29 10:35:47 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WindSolutions [2011.04.07 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Xois [2011.04.17 10:17:49 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2011.04.19 18:51:09 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.03.12 11:45:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.06.11 05:14:37 | 000,000,000 | ---D | M] -- C:\Acer [2009.01.19 22:13:37 | 000,000,000 | ---D | M] -- C:\AcerSW [2007.04.11 17:09:19 | 000,000,000 | ---D | M] -- C:\Book [2009.11.10 21:12:29 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.01.19 22:06:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.01 20:58:07 | 000,000,000 | ---D | M] -- C:\Downloads [2007.04.11 17:09:19 | 000,000,000 | ---D | M] -- C:\DRV [2011.03.20 23:13:44 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2009.06.20 13:57:42 | 000,000,000 | ---D | M] -- C:\FPC [2011.04.06 22:47:18 | 000,000,000 | ---D | M] -- C:\Hotspot Shield [2009.04.19 12:12:49 | 000,000,000 | ---D | M] -- C:\L10SAVES [2009.01.20 19:55:41 | 000,000,000 | ---D | M] -- C:\MyVideos [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.04.19 18:52:24 | 000,000,000 | R--D | M] -- C:\Programme [2011.04.15 18:09:39 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.01.19 22:06:56 | 000,000,000 | -HSD | M] -- C:\Programme [2011.04.19 19:25:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.11.10 20:15:06 | 000,000,000 | ---D | M] -- C:\temp [2011.04.13 13:08:49 | 000,000,000 | R--D | M] -- C:\Users [2011.04.19 18:49:40 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*. > [2009.11.05 23:29:48 | 000,000,000 | ---D | M] -- C:\Programme\802.11 Wireless LAN [2007.04.11 08:55:19 | 000,000,000 | ---D | M] -- C:\Programme\Acer Arcade Live [2011.04.06 23:01:43 | 000,000,000 | ---D | M] -- C:\Programme\Acer GameZone [2008.10.06 06:48:50 | 000,000,000 | ---D | M] -- C:\Programme\Acer Incorporated [2007.04.11 09:03:35 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites [2010.11.30 15:00:09 | 000,000,000 | ---D | M] -- C:\Programme\Activision [2011.03.02 18:02:07 | 000,000,000 | ---D | M] -- C:\Programme\Adobe [2009.04.03 17:01:27 | 000,000,000 | ---D | M] -- C:\Programme\Adobe Media Player [2009.08.15 11:23:35 | 000,000,000 | ---D | M] -- C:\Programme\AGEIA Technologies [2009.03.16 16:01:10 | 000,000,000 | ---D | M] -- C:\Programme\Alcohol Soft [2009.02.10 19:29:03 | 000,000,000 | ---D | M] -- C:\Programme\Altova [2009.01.20 00:28:26 | 000,000,000 | ---D | M] -- C:\Programme\Any Video Converter [2010.10.29 12:09:04 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update [2010.05.21 16:39:32 | 000,000,000 | ---D | M] -- C:\Programme\ArcSoft [2007.04.11 08:26:39 | 000,000,000 | ---D | M] -- C:\Programme\ATI [2007.04.11 08:28:28 | 000,000,000 | ---D | M] -- C:\Programme\ATI Technologies [2010.02.04 11:31:00 | 000,000,000 | ---D | M] -- C:\Programme\Avira [2010.09.29 12:44:40 | 000,000,000 | ---D | M] -- C:\Programme\AVS4YOU [2009.08.12 21:52:51 | 000,000,000 | ---D | M] -- C:\Programme\Baphomets Fluch II [2009.05.02 20:48:50 | 000,000,000 | ---D | M] -- C:\Programme\BearShare Applications [2011.04.06 22:40:26 | 000,000,000 | ---D | M] -- C:\Programme\BitTorrent [2010.10.29 12:05:32 | 000,000,000 | ---D | M] -- C:\Programme\Bonjour [2011.04.13 12:42:18 | 000,000,000 | ---D | M] -- C:\Programme\Common Files [2009.02.20 20:04:41 | 000,000,000 | ---D | M] -- C:\Programme\coolspot AG [2011.04.12 18:24:19 | 000,000,000 | ---D | M] -- C:\Programme\Counter-Strike 1.6 V40 [2007.04.11 08:49:57 | 000,000,000 | ---D | M] -- C:\Programme\CyberLink [2009.06.29 22:29:01 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Toolbar [2011.04.13 12:51:32 | 000,000,000 | ---D | M] -- C:\Programme\Defraggler [2007.04.11 09:33:20 | 000,000,000 | ---D | M] -- C:\Programme\DIFX [2011.04.12 18:25:40 | 000,000,000 | ---D | M] -- C:\Programme\DivX [2009.06.07 12:58:42 | 000,000,000 | ---D | M] -- C:\Programme\DNA [2011.04.12 18:37:39 | 000,000,000 | ---D | M] -- C:\Programme\DVDVideoSoft [2011.04.12 18:33:02 | 000,000,000 | ---D | M] -- C:\Programme\EA GAMES [2009.02.10 19:22:07 | 000,000,000 | ---D | M] -- C:\Programme\Elaborate Bytes [2011.03.15 00:37:58 | 000,000,000 | ---D | M] -- C:\Programme\Enterbrain [2011.04.17 21:55:34 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT [2007.04.11 09:28:48 | 000,000,000 | ---D | M] -- C:\Programme\eSobi [2009.01.19 22:06:56 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien [2011.04.13 12:41:21 | 000,000,000 | ---D | M] -- C:\Programme\Google [2010.05.10 19:23:25 | 000,000,000 | ---D | M] -- C:\Programme\id Software [2011.04.06 23:15:34 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information [2011.04.17 10:18:51 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer [2010.10.29 15:52:02 | 000,000,000 | ---D | M] -- C:\Programme\iPod [2010.10.29 15:53:41 | 000,000,000 | ---D | M] -- C:\Programme\iTunes [2009.08.15 23:39:20 | 000,000,000 | ---D | M] -- C:\Programme\Java [2009.11.12 20:27:49 | 000,000,000 | ---D | M] -- C:\Programme\K-Lite Codec Pack [2011.04.15 15:11:19 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware [2009.04.13 18:10:27 | 000,000,000 | ---D | M] -- C:\Programme\Maxis [2011.04.13 12:06:14 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft [2010.01.07 21:50:55 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games [2011.04.13 12:11:48 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office [2011.03.03 04:21:51 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight [2009.11.24 17:16:22 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server Compact Edition [2009.11.24 17:18:27 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Sync Framework [2011.04.13 12:11:44 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works [2011.04.13 12:11:48 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET [2010.08.13 19:38:07 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker [2010.12.16 04:16:14 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker 2.6 [2009.09.27 11:25:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla ActiveX Control v1.7.12 [2011.03.24 10:54:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild [2010.01.02 16:37:31 | 000,000,000 | ---D | M] -- C:\Programme\MSECache [2009.01.19 23:07:22 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0 [2009.04.25 11:34:53 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3 [2010.10.29 12:11:45 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime [2009.12.06 21:43:34 | 000,000,000 | ---D | M] -- C:\Programme\Real [2007.04.11 09:10:23 | 000,000,000 | ---D | M] -- C:\Programme\Realtek [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies [2009.11.04 23:51:16 | 000,000,000 | ---D | M] -- C:\Programme\Replay Media Catcher [2009.02.20 20:16:50 | 000,000,000 | ---D | M] -- C:\Programme\SecretCity 3DChat [2010.11.05 14:40:18 | 000,000,000 | ---D | M] -- C:\Programme\Sid Meier's Civilization V [2009.01.21 16:55:16 | 000,000,000 | ---D | M] -- C:\Programme\SiteAdvisor [2009.03.11 18:22:28 | 000,000,000 | ---D | M] -- C:\Programme\T-Online [2009.11.13 18:08:29 | 000,000,000 | ---D | M] -- C:\Programme\Uniblue [2006.11.02 15:01:55 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information [2010.11.04 13:11:26 | 000,000,000 | ---D | M] -- C:\Programme\Vampire The Masquerade - Redemption [2009.01.20 12:30:11 | 000,000,000 | ---D | M] -- C:\Programme\Veoh Networks [2009.01.20 00:27:01 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN [2011.04.06 22:58:38 | 000,000,000 | ---D | M] -- C:\Programme\VMLoad [2009.01.20 16:02:24 | 000,000,000 | ---D | M] -- C:\Programme\vtplus [2010.02.03 13:45:57 | 000,000,000 | ---D | M] -- C:\Programme\Winamp [2009.11.10 21:04:26 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar [2009.11.10 21:04:23 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration [2009.11.10 21:04:12 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender [2009.11.10 21:04:23 | 000,000,000 | ---D | M] -- C:\Programme\Windows Journal [2009.11.24 17:19:00 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live [2009.06.16 18:36:12 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive [2011.04.15 03:26:46 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail [2010.10.15 18:51:56 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player [2009.01.19 22:06:56 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT [2009.11.10 21:04:19 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery [2009.11.18 18:56:06 | 000,000,000 | ---D | M] -- C:\Programme\Windows Portable Devices [2009.11.10 21:04:24 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar [2009.01.20 12:44:14 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR [2009.09.30 14:13:24 | 000,000,000 | ---D | M] -- C:\Programme\WinTV [2008.10.06 06:46:53 | 000,000,000 | ---D | M] -- C:\Programme\YUAN < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Users\Melissa\AppData\Roaming\Xois /S > < C:\Users\Melissa\AppData\Roaming\Iwnevo /S > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-19 08:25:48 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 48 bytes -> C:\Windows:857B1D3CE2BFC36F < End of report > GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-19 20:00:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 WDC_WD3200AAJS-22B4A0 rev.01.03A01
Running: g2m3e4r.exe; Driver: C:\Users\Melissa\AppData\Local\Temp\pwtcauoc.sys
---- System - GMER 1.0.15 ----
SSDT 888D8ABC ZwCreateThread
SSDT 888D8AA8 ZwOpenProcess
SSDT 888D8AAD ZwOpenThread
SSDT 888D8AB7 ZwTerminateProcess
INT 0x51 ? 844C4BF8
INT 0x61 ? 844C4BF8
INT 0x62 ? 85E32F00
INT 0x72 ? 85E32F00
INT 0x82 ? 85E32F00
INT 0x92 ? 85E32F00
INT 0xB2 ? 844C4BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 221 824C29A4 4 Bytes [BC, 8A, 8D, 88]
.text ntkrnlpa.exe!KeSetEvent + 3F1 824C2B74 4 Bytes [A8, 8A, 8D, 88]
.text ntkrnlpa.exe!KeSetEvent + 40D 824C2B90 4 Bytes [AD, 8A, 8D, 88]
.text ntkrnlpa.exe!KeSetEvent + 621 824C2DA4 4 Bytes [B7, 8A, 8D, 88]
? System32\Drivers\spmm.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8DB1141B 5 Bytes JMP 85E324E0
.text atsecl1w.SYS 8DB75000 22 Bytes [82, 73, 7D, 82, 6C, 72, 7D, ...]
.text atsecl1w.SYS 8DB75017 137 Bytes [00, 32, 97, B1, 82, 3D, 95, ...]
.text atsecl1w.SYS 8DB750A1 43 Bytes [F0, 4B, 82, 74, E6, 45, 82, ...]
.text atsecl1w.SYS 8DB750CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text atsecl1w.SYS 8DB750DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1576] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 760BB37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84E5A1F8
Device \FileSystem\fastfat \FatCdrom 87036500
Device \Driver\volmgr \Device\VolMgrControl 844C61F8
Device \Driver\netbt \Device\NetBT_Tcpip_{47A7ADE3-B642-4C17-9D29-3899857D60D3} 86C321F8
Device \Driver\usbohci \Device\USBPDO-0 85E7E1F8
Device \Driver\PCI_PNP1468 \Device\00000051 spmm.sys
Device \Driver\usbohci \Device\USBPDO-1 85E7E1F8
Device \Driver\usbohci \Device\USBPDO-2 85E7E1F8
Device \Driver\usbohci \Device\USBPDO-3 85E7E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{489A8CC2-652A-4F88-A6E8-FAF429845542} 86C321F8
Device \Driver\usbohci \Device\USBPDO-4 85E7E1F8
Device \Driver\usbehci \Device\USBPDO-5 85E7D1F8
Device \Driver\volmgr \Device\HarddiskVolume1 844C61F8
Device \Driver\volmgr \Device\HarddiskVolume2 844C61F8
Device \Driver\cdrom \Device\CdRom0 85E8F500
Device \Driver\atapi \Device\Ide\IdePort0 84E591F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 84E591F8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 84E591F8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 84E591F8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-3 84E591F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7 84E591F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\volmgr \Device\HarddiskVolume3 844C61F8
Device \Driver\cdrom \Device\CdRom1 85E8F500
Device \Driver\volmgr \Device\HarddiskVolume4 844C61F8
Device \Driver\volmgr \Device\HarddiskVolume5 844C61F8
Device \Driver\volmgr \Device\HarddiskVolume6 844C61F8
Device \Driver\USBSTOR \Device\00000069 85E2F1F8
Device \Driver\USBSTOR \Device\00000069 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\sptd \Device\2650615477 spmm.sys
Device \Driver\netbt \Device\NetBt_Wins_Export 86C321F8
Device \Driver\USBSTOR \Device\00000077 85E2F1F8
Device \Driver\USBSTOR \Device\00000077 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000078 85E2F1F8
Device \Driver\USBSTOR \Device\00000078 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Smb \Device\NetbiosSmb 86CEC1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{68B68306-FE2F-4B37-BC10-4ABC839E99FD} 86C321F8
Device \Driver\iScsiPrt \Device\RaidPort0 85F381F8
Device \Driver\USBSTOR \Device\0000006a 85E2F1F8
Device \Driver\USBSTOR \Device\0000006a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbohci \Device\USBFDO-0 85E7E1F8
Device \Driver\usbohci \Device\USBFDO-1 85E7E1F8
Device \Driver\USBSTOR \Device\0000006e 85E2F1F8
Device \Driver\USBSTOR \Device\0000006e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbohci \Device\USBFDO-2 85E7E1F8
Device \Driver\USBSTOR \Device\0000006f 85E2F1F8
Device \Driver\USBSTOR \Device\0000006f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbohci \Device\USBFDO-3 85E7E1F8
Device \Driver\usbohci \Device\USBFDO-4 85E7E1F8
Device \Driver\usbehci \Device\USBFDO-5 85E7D1F8
Device \Driver\atsecl1w \Device\Scsi\atsecl1w1Port5Path0Target0Lun0 85F361F8
Device \Driver\atsecl1w \Device\Scsi\atsecl1w1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atsecl1w \Device\Scsi\atsecl1w1 85F361F8
Device \Driver\atsecl1w \Device\Scsi\atsecl1w1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\fastfat \Fat 87036500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 86BE81F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC9 0xEC 0x0A 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF9 0xA7 0x70 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEE 0xA5 0x84 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE5 0x96 0xCF 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x68 0x4B 0xD6 0x47 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xD4 0x37 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC9 0xEC 0x0A 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xF9 0xA7 0x70 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEE 0xA5 0x84 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE5 0x96 0xCF 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x68 0x4B 0xD6 0x47 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x65 0xD4 0x37 0x8B ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@OfflineDetectionPending 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}@hapjlkfbdnghfncc 0x6B 0x61 0x62 0x67 ...
---- EOF - GMER 1.0.15 ----
Vielen lieben Dank, Gruß Shinichi |
|
20.04.2011, 12:54
| #8 | |||
| /// TB-Ausbilder | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Hallo Shinichi, Schritt # 1: FileSharing Programme Ich sehe das Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall BitTorrent und DNA. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben genannte Software. Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst. Verwendest du diese Programme überhaupt noch? Schritt # 2: Fix mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.7.2.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
[2010.10.04 10:31:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.26 15:04:48 | 000,000,000 | ---D | M] (DigitalPowered Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}
[2011.03.30 18:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}-trash
[2011.01.19 14:45:37 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.10.04 10:31:38 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2011.01.25 12:30:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com
[2011.03.29 14:50:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com
[2010.08.09 11:29:22 | 000,000,873 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [chknelog] File not found
O4 - HKCU..\Run: [cxlacuxatx.exe] File not found
[2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Xois
[2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Iwnevo
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 48 bytes -> C:\Windows:857B1D3CE2BFC36F
:commands
[Purity]
[Emptytemp]
Schritt # 3: ComboFix ausführen Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. Schritt # 4: Systemscan mit OTL
Schritt # 5: Fragen beantworten Zitat:
Zitat:
Zitat:
Schritt # 6: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
20.04.2011, 22:23
| #9 | |
| | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Hallo M-K-D-B, Ich habe an diesem Morgen eine Fehlermeldung bekommen, welche ich vergessen hatte zu erwähnen, da sie seit langem nicht mehr aufgetaucht ist. Allerdings ist dieses Problem bereits an einem Tag des öfteren, nahezu permanent, aufgetreten. Mir wurde angegeben, dass der Windows Explorer nicht mehr funktioniert und dieser neu gestartet werden müsse. Dies war allerdings bevor ich deine heute angegebenen Schritte ausgeführt habe. BitTorrent und DNA konnte ich nicht deinstallieren, da sie mir nicht unter den zu bearbeitenden/deinstallierenden Programmen angegeben wurden. Ausserdem bin ich fest davon überzeugt, dass ich BitTorrent bereits vor einer kleinen Weile deinstalliert habe, da ich dieses Programm für unnötig hielt, denn ich benutze es nicht mehr. Was DNA ist, wann bzw. warum ich es installiert habe, weiß ich nicht und auch dieses wurde mir nicht angezeigt. Uniblue Registry Booster ließ sich ohne Probleme deinstallieren. Zitat:
Code:
ATTFilter ComboFix 11-04-20.01 - Melissa 20.04.2011 22:44:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1791.1023 [GMT 2:00]
ausgeführt von:: c:\users\Melissa\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Melissa\AppData\Roaming\chrtmp
c:\windows\system32\skinboxer43.dll
J:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-20 bis 2011-04-20 ))))))))))))))))))))))))))))))
.
.
2011-04-20 20:54 . 2011-04-20 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-20 20:27 . 2011-04-20 20:27 -------- d-----w- C:\_OTL
2011-04-19 16:49 . 2011-04-19 16:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-04-19 08:25 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DE13662-E882-4CEA-B292-949635B8582C}\mpengine.dll
2011-04-17 19:55 . 2011-04-17 19:55 -------- d-----w- c:\program files\ERUNT
2011-04-15 13:11 . 2011-04-15 13:11 -------- d-----w- c:\users\Melissa\AppData\Roaming\Malwarebytes
2011-04-15 13:11 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-15 13:11 . 2011-04-15 13:11 -------- d-----w- c:\programdata\Malwarebytes
2011-04-15 13:11 . 2011-04-15 13:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-15 13:11 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 00:05 . 2011-02-02 16:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-13 10:51 . 2011-04-13 10:51 -------- d-----w- c:\program files\Defraggler
2011-03-23 12:14 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 12:14 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 12:14 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 23:35 . 2009-11-02 17:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-09 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 149280]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-04-29 268800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-1-20 110647]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-11 535336]
Wireless Configuration Utility HW.32.lnk - c:\windows\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2009-11-5 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2008-01-09 16:43 326176 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-02 04:00 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- d:\daemon tools lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoCockpit]
2009-04-29 14:11 268800 ------w- c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\ic_start.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-06 19:43 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-01-26 17:46 2633976 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;D:\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-09 30192]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2008-04-17 560640]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2008-04-17 15616]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-29 721904]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-10-01 162304]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 13:57]
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 13:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - c:\progra~1\SECRET~1\\SECRET~1.EXE
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Veoh Web Player Video Finder: web@veoh.com - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-20 22:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2682020467-2822555498-3201927298-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}*]
"hapjlkfbdnghfncc"=hex:6b,61,62,67,67,61,6c,69,63,64,6c,6c,65,6b,69,70,6a,6b,
6f,63,67,6b,00,00
.
Zeit der Fertigstellung: 2011-04-20 22:59:03
ComboFix-quarantined-files.txt 2011-04-20 20:59
.
Vor Suchlauf: 17 Verzeichnis(se), 54.924.656.640 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 56.619.708.416 Bytes frei
.
- - End Of File - - 0F9AF2AC4FAC8BFA7724750F5CD313BE
OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.04.2011 23:00:29 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melissa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,29 Gb Total Space | 52,78 Gb Free Space | 36,58% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS Drive G: | 298,01 Gb Total Space | 127,88 Gb Free Space | 42,91% Space Free | Partition Type: FAT32 Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32 Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AdobeActiveFileMonitor7.0) -- D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (SIS163u) -- C:\Windows\System32\drivers\SiS163u.sys (SiS Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: "" FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: "" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: "" FF - prefs.js..extensions.enabledItems: "" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: "" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.12 18:27:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 10:54:47 | 000,000,000 | ---D | M] [2009.01.19 23:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Extensions [2011.04.20 22:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions [2010.07.09 10:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.14 11:54:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.01.25 12:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.03.28 22:07:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\illimitux@illimitux.net [2010.01.30 16:48:09 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\radiobar@toolbar [2010.02.07 02:10:02 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\searchrecs@veoh.com [2011.01.25 12:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\staged-xpis [2011.04.06 22:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.16 21:00:29 | 000,000,000 | ---D | M] (VMLoad) -- C:\Programme\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE} [2009.08.15 23:40:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.06 21:44:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2009.01.20 12:30:15 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER File not found (No name found) -- C:\USERS\MELISSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NE30DEX4.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\USERS\MELISSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NE30DEX4.DEFAULT\EXTENSIONS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} File not found (No name found) -- C:\USERS\MELISSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NE30DEX4.DEFAULT\EXTENSIONS\{ECDEE021-0D17-467F-A1FF-C7A115230949} File not found (No name found) -- C:\USERS\MELISSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NE30DEX4.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM File not found (No name found) -- C:\USERS\MELISSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NE30DEX4.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll [2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2011.03.06 00:27:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.06 00:27:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.06 00:27:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.06 00:27:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.06 00:27:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.20 22:54:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Melissa\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - File not found O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.03 12:58:30 | 000,000,038 | -H-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.20 22:59:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.04.20 22:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.04.20 22:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.04.20 22:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.04.20 22:42:34 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.04.20 22:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.04.20 22:39:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.04.20 22:27:26 | 000,000,000 | ---D | C] -- C:\_OTL [2011.04.17 21:57:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.17 21:30:47 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe [2011.04.17 21:30:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe [2011.04.17 20:51:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe [2011.04.16 11:30:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.16 11:30:02 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.16 11:30:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.16 11:30:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.16 11:30:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.16 11:30:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.16 11:30:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.16 11:30:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.16 11:30:01 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.16 11:30:01 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.16 11:30:00 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.16 11:30:00 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.16 11:30:00 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.16 11:30:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.16 11:30:00 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.16 11:30:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.16 11:30:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.16 11:30:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.16 11:30:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.16 11:30:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.16 11:30:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.16 11:29:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.16 11:29:59 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.16 11:29:59 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.16 11:29:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.16 11:29:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.16 11:29:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.16 11:29:59 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.16 11:29:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.16 11:29:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.16 11:29:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.16 11:29:58 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.16 11:29:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.16 11:29:58 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.16 11:29:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.16 11:29:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.16 11:29:58 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.16 11:29:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.16 11:29:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Malwarebytes [2011.04.15 15:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.15 15:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.15 15:11:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.15 15:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.14 09:01:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 09:01:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 09:01:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 09:01:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 09:01:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 09:01:37 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 02:05:14 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.04.13 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2011.04.13 12:51:30 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2011.04.13 12:36:09 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.03.23 14:14:02 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 14:14:02 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2009.01.19 22:11:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2008.09.30 06:55:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL ========== Files - Modified Within 30 Days ========== [2011.04.20 22:54:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.04.20 22:37:54 | 004,325,372 | R--- | M] () -- C:\Users\Melissa\Desktop\ComboFix.exe [2011.04.20 22:32:48 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.20 22:32:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.20 22:32:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.20 22:32:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.20 22:32:21 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys [2011.04.20 22:21:31 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.20 22:21:31 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.20 22:21:31 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.20 22:21:31 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.20 22:20:25 | 000,247,296 | ---- | M] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.20 22:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.20 00:26:48 | 000,040,504 | ---- | M] () -- C:\Users\Melissa\Desktop\Malvada.odt [2011.04.19 19:33:17 | 000,050,477 | ---- | M] () -- C:\Users\Melissa\Desktop\Defogger.exe [2011.04.19 18:49:41 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2011.04.17 21:55:23 | 000,000,737 | ---- | M] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk [2011.04.17 21:55:23 | 000,000,718 | ---- | M] () -- C:\Users\Melissa\Desktop\ERUNT.lnk [2011.04.17 21:39:24 | 000,301,568 | ---- | M] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe [2011.04.17 21:39:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe [2011.04.17 21:39:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe [2011.04.17 21:39:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe [2011.04.17 21:28:35 | 000,377,280 | ---- | M] () -- C:\Users\Melissa\Desktop\Load.exe [2011.04.16 11:30:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.16 11:30:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.16 11:30:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.16 11:30:02 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.16 11:30:02 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.16 11:30:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.16 11:30:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.16 11:30:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.16 11:30:02 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.16 11:30:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.16 11:30:01 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.16 11:30:01 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.16 11:30:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.16 11:30:00 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.16 11:30:00 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.16 11:30:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.16 11:30:00 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.16 11:30:00 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.16 11:30:00 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.16 11:30:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.16 11:30:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.16 11:30:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.16 11:30:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.16 11:30:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.16 11:29:59 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.16 11:29:59 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.16 11:29:59 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.16 11:29:59 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.16 11:29:59 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.16 11:29:59 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.16 11:29:59 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.16 11:29:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.16 11:29:59 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.16 11:29:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.16 11:29:58 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.16 11:29:58 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.16 11:29:58 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.16 11:29:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.16 11:29:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.16 11:29:58 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.16 11:29:58 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.16 11:29:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 15:11:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.15 03:30:24 | 000,328,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 12:51:32 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.04.11 20:43:57 | 092,643,550 | ---- | M] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv [2011.04.06 22:35:33 | 000,000,054 | ---- | M] () -- C:\Windows\mpsettings.ini ========== Files Created - No Company Name ========== [2011.04.20 22:42:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.04.20 22:42:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.04.20 22:42:38 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.04.20 22:42:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.04.20 22:42:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.04.20 22:35:23 | 004,325,372 | R--- | C] () -- C:\Users\Melissa\Desktop\ComboFix.exe [2011.04.19 19:33:16 | 000,050,477 | ---- | C] () -- C:\Users\Melissa\Desktop\Defogger.exe [2011.04.19 18:49:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011.04.18 21:23:54 | 000,040,504 | ---- | C] () -- C:\Users\Melissa\Desktop\Malvada.odt [2011.04.17 21:55:23 | 000,000,737 | ---- | C] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk [2011.04.17 21:55:23 | 000,000,718 | ---- | C] () -- C:\Users\Melissa\Desktop\ERUNT.lnk [2011.04.17 21:30:47 | 000,301,568 | ---- | C] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe [2011.04.17 21:28:35 | 000,377,280 | ---- | C] () -- C:\Users\Melissa\Desktop\Load.exe [2011.04.16 11:30:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.15 15:11:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.13 12:51:32 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.04.11 20:43:58 | 092,643,550 | ---- | C] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv [2011.04.06 22:35:33 | 000,000,054 | ---- | C] () -- C:\Windows\mpsettings.ini [2010.08.13 11:30:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.06.14 19:12:53 | 000,000,130 | ---- | C] () -- C:\Windows\System32\rpireica.bin [2009.11.12 20:27:13 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.11.12 20:27:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.11.12 20:27:08 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.11.12 20:27:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.11.12 20:27:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.11.09 19:19:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\swunilog.ini [2009.11.04 23:47:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll [2009.09.24 06:17:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.24 06:17:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.02 06:57:23 | 000,007,268 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat [2009.07.02 13:51:39 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat [2009.02.10 19:22:57 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.01.28 20:46:28 | 000,000,096 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat [2009.01.20 13:05:11 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2009.01.20 13:05:01 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2009.01.20 13:04:31 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.20 13:04:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2009.01.20 13:03:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.20 13:03:53 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.20 13:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2009.01.20 13:02:53 | 000,006,315 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.01.20 00:02:56 | 000,247,296 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.19 23:11:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.19 22:39:59 | 000,000,095 | ---- | C] () -- C:\Users\Melissa\AppData\Local\fusioncache.dat [2009.01.19 22:11:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.06 06:48:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.10.06 06:48:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.01.21 09:15:58 | 000,674,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,146,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.04.11 19:30:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.04.11 17:09:20 | 000,000,734 | ---- | C] () -- C:\Windows\generic.ini [2007.04.11 17:09:20 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.04.11 17:07:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.04.11 17:07:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.04.11 17:07:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.04.11 09:20:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,328,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.01.06 15:04:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.04.2011 23:00:29 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melissa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 52,78 Gb Free Space | 36,58% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS
Drive G: | 298,01 Gb Total Space | 127,88 Gb Free Space | 42,91% Space Free | Partition Type: FAT32
Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32
Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9265EC7A-E74F-4CDF-8A76-E4033AD19FF8}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) |
"{9D830633-DD90-4848-B43D-4EF669D6F30D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C30F9E5F-F884-4709-8280-9BF784D597AF}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) |
"{CDB5E889-7B85-4872-A409-1F10550761B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36C6E343-386F-4206-9620-AE09F0637B87}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{37C1A328-628F-440D-BB32-B14E94F9B3C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{429E1076-6ED3-4631-A110-E242611ABD04}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{470485FC-DCD2-42E6-838B-540E050DE5C6}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{49E4D65D-DEF5-49DD-B6B4-D4518F3F07E1}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{4C880794-BF1D-4C44-AD3C-3FD4250E5173}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5A2859D1-F844-4801-BA8A-BDC0BDBFA558}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{6A08AA94-D7A3-4683-87AB-B24381941503}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{718A601A-C322-4255-83C0-FCDA64B2CA6D}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{76D1DCC1-7E94-4A4E-9187-78274AB2BBFC}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{868152AE-DA95-4E0E-9108-8CE3109FF356}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{88E99510-3643-4B2E-B7CE-83B61D45F9D8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9291FD17-F5BA-4322-A18A-4EC9F59C4022}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{99BCA220-9175-484D-BC1C-2B1676046127}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{A53B27B6-773D-47E5-AFA9-73C76B7FF3E9}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{A8296857-D3DC-45A0-AEA7-8C9B04B9EB2A}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{AB2224D7-5B2C-4C66-9F80-4C9570629041}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{AE04494B-E8AE-437B-9966-C6983DD556F0}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{AF92660B-57A0-46FB-885B-3665D19E3912}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{CA400290-A962-4669-95F0-71C5F75DF3A5}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{EB9C78C8-C45B-4B90-80EA-EC8212B374EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001FC252-5D30-956C-D6E3-405B9651B698}" = CCC Help Korean
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0145ABB1-8F13-D85C-EFA7-16AAFD415F07}" = Catalyst Control Center Localization Chinese Standard
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08091134-5478-4F0E-5A1A-470BE72647ED}" = CCC Help Thai
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F72BF6-D1B1-04AF-BBB2-EA2BA6F50EDB}" = CCC Help English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1E6F7CFD-5BEB-0828-B1B1-645FA4F292DB}" = Catalyst Control Center Localization Korean
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{27005EDF-E80A-7059-81A3-692051625488}" = Catalyst Control Center Localization French
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D4A265B-8CE4-EF70-0C2A-1271119AA5B3}" = Catalyst Control Center Localization Turkish
"{2EA65C2D-0C11-3D8B-46AE-B9092EE7D64C}" = CCC Help Norwegian
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EB3629F-C98A-F5A3-25C2-D47B0EDF2A7C}" = CCC Help Greek
"{2FA6AE84-DFE1-9651-7AEB-2E8C78E5B97D}" = CCC Help Swedish
"{355D4B62-447F-1654-70EE-5DEB8D11D807}" = Catalyst Control Center Localization Danish
"{37EBDFAC-5900-A0AD-CCE9-9A0DDA5682F9}" = Catalyst Control Center Localization Portuguese
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41D87F76-0623-B98E-089E-AD0010369AC1}" = ccc-utility
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45576B9A-D9A9-CCE2-488F-E74A96FA550B}" = CCC Help Turkish
"{472BC165-1990-1963-7AAD-BD4DAA3F293E}" = CCC Help Finnish
"{4B4C56E5-819C-E1EB-B682-2F3EB3C32D88}" = CCC Help Hungarian
"{4C0F2181-4765-D5C5-B665-52E7722C1D18}" = Catalyst Control Center Localization Japanese
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{526B988C-393C-181A-0536-257C6AE70D18}" = CCC Help Portuguese
"{5792B5D9-645A-3309-C848-9BB7A68F1667}" = CCC Help Russian
"{593AF68A-BEDA-BC04-D278-7E020F2E6A6E}" = Catalyst Control Center Localization Dutch
"{5EC29BC7-F0E5-4FA1-864C-D155548B024E}" = Altova StyleVision® 2009 Enterprise Edition
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ED5CFB-7EBF-AEF2-C5FF-DCF2D2AC5A77}" = Catalyst Control Center Core Implementation
"{687C95B4-4670-DEF1-4585-E11CE3AB7C26}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D4DC170-69D1-7CE8-EF98-6DCDC887FA1C}" = Catalyst Control Center Localization Spanish
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{75D803F3-2CCA-F91B-F269-1EA77BA56688}" = Catalyst Control Center Localization Chinese Traditional
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CE727EA-498F-B17F-53B6-C695E134C83C}" = Catalyst Control Center Localization Greek
"{7E70195B-0530-EED3-E8FE-237EC86F989E}" = Catalyst Control Center Localization Polish
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver Installation Program
"{886607CA-3144-493D-1134-EEAAC8D5AAFD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5AEB5F-C533-FD3B-9D35-6FF8BEB91A7E}" = CCC Help Dutch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CB7C96F-22D5-5911-3507-4639ED218CE6}" = CCC Help Polish
"{8FF37D01-3105-690A-C481-06EBED787498}" = Catalyst Control Center Localization Swedish
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97D4EB44-3BD8-F35A-14AE-73FB3B491396}" = Catalyst Control Center Localization Italian
"{99AF8AED-2960-B47B-CAA0-1558B5E78D48}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5A6F0F-EBEC-85B1-C3C2-07E84A58E0DD}" = Catalyst Control Center Graphics Light
"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A78024C0-8C20-27CB-2B7B-6A60445B61AF}" = Catalyst Control Center Localization Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B231A9E2-9E9C-9226-E483-DD2D725D1BFE}" = Catalyst Control Center Localization Thai
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7CBEC53-C913-87E2-D70F-3BABEFB0A080}" = Catalyst Control Center Localization Finnish
"{B92C4887-D617-F6C5-DC4B-94984C23E0ED}" = Catalyst Control Center Graphics Full Existing
"{BD2BA0B1-5448-987E-9562-6C665252714A}" = Catalyst Control Center Localization Norwegian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDC88E5A-F47B-4314-AB38-994592E32C95}" = 802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00
"{C03A4F4C-09A2-ADA3-0DE9-F830F636DD4B}" = CCC Help Spanish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6660342-B863-AD6B-3D74-C5466AAF1A5F}" = CCC Help Italian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D475C441-82E7-4694-8717-EA8896D6D37A}" = CCC Help Japanese
"{D51FFF33-0F42-72C1-0DFD-220E3B3E4F97}" = CCC Help Chinese Traditional
"{DABC2CCE-5B36-66D2-2CEF-EA2188BE51CF}" = ccc-core-static
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD8E5E2F-2189-3CB5-D048-38102D91C06A}" = Catalyst Control Center Graphics Full New
"{DE247139-8107-31A7-E580-6AFAE183A95F}" = Catalyst Control Center Localization German
"{DEB38E1A-F4E5-4DF0-96F4-4050567A9D09}" = AV Input Selection
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7DA2552-8808-7F25-1A85-AAFDE834CA14}" = CCC Help Czech
"{EB0A38F9-6698-B5D5-949E-E042BBEE763B}" = Catalyst Control Center Localization Hungarian
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F748B133-D25C-14C2-0178-D90703042FDE}" = CCC Help Chinese Standard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F840ACBD-6167-EDD9-FD4D-41A79DF43552}" = Catalyst Control Center Localization Czech
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Any Video Converter_is1" = Any Video Converter 2.6.7
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CloneDVD2" = CloneDVD2
"Defraggler" = Defraggler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"Free Studio_is1" = Free Studio version 4.2
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Desktop" = Google Desktop
"Graboid Video" = Graboid Video 1.65
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{BDC88E5A-F47B-4314-AB38-994592E32C95}" = 802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"RealPlayer 12.0" = RealPlayer
"Replay Media Catcher 3.11" = Replay Media Catcher 3.11
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Shockwave" = Shockwave
"Tastenteufel" = Tastenteufel
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.04.2011 10:17:06 | Computer Name = AssiGammelKeks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.4095, Zeitstempel
0x4d852c62, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x00048822, Prozess-ID 0x1548, Anwendungsstartzeit
01cbf9e3ecdb9d0a.
Error - 13.04.2011 11:44:31 | Computer Name = AssiGammelKeks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18311, Zeitstempel
0x4c8e2d72, fehlerhaftes Modul ASAudio.ax, Version 1.3.1.99, Zeitstempel 0x479055c1,
Ausnahmecode 0xc0000005, Fehleroffset 0x00010876, Prozess-ID 0x1458, Anwendungsstartzeit
01cbf9f196be71fa.
Error - 13.04.2011 16:18:33 | Computer Name = AssiGammelKeks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19019, Zeitstempel
0x4d0c3d4c, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x160c, Anwendungsstartzeit
01cbfa17ea13ccda.
Error - 13.04.2011 16:18:36 | Computer Name = AssiGammelKeks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19019, Zeitstempel
0x4d0c3d4c, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x17e4, Anwendungsstartzeit
01cbfa17f5e1587a.
Error - 13.04.2011 17:30:18 | Computer Name = AssiGammelKeks | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1778 Anfangszeit: 01cbf9efbb78ad0a Zeitpunkt der Beendigung:
175
Error - 14.04.2011 09:32:53 | Computer Name = AssiGammelKeks | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 64c Anfangszeit: 01cbfaa6c5592324 Zeitpunkt der Beendigung:
11
Error - 14.04.2011 11:09:50 | Computer Name = AssiGammelKeks | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 6dc Anfangszeit: 01cbfab14a6c7994 Zeitpunkt der Beendigung:
14
Error - 14.04.2011 17:11:20 | Computer Name = AssiGammelKeks | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1750 Anfangszeit: 01cbfae7c35e5404 Zeitpunkt der Beendigung:
23
Error - 14.04.2011 17:58:48 | Computer Name = AssiGammelKeks | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.4095 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: fd4 Anfangszeit: 01cbfaece3ced344 Zeitpunkt der Beendigung:
14
Error - 14.04.2011 17:58:49 | Computer Name = AssiGammelKeks | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.4095, Zeitstempel
0x4d852c62, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x00048822, Prozess-ID 0x10c, Anwendungsstartzeit
01cbfaeced18e854.
[ System Events ]
Error - 20.04.2011 04:19:37 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033
Description = Edid checksum error
Error - 20.04.2011 11:14:27 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033
Description = Edid checksum error
Error - 20.04.2011 16:27:28 | Computer Name = AssiGammelKeks | Source = Service Control Manager | ID = 7034
Description =
Error - 20.04.2011 16:32:21 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033
Description = Edid checksum error
Error - 20.04.2011 16:32:21 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43037
Description =
Error - 20.04.2011 16:32:21 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033
Description = Edid checksum error
Error - 20.04.2011 16:39:53 | Computer Name = AssiGammelKeks | Source = Service Control Manager | ID = 7034
Description =
Error - 20.04.2011 16:44:15 | Computer Name = AssiGammelKeks | Source = Service Control Manager | ID = 7030
Description =
Error - 20.04.2011 16:50:21 | Computer Name = AssiGammelKeks | Source = Service Control Manager | ID = 7030
Description =
Error - 20.04.2011 16:54:42 | Computer Name = AssiGammelKeks | Source = Service Control Manager | ID = 7030
Description =
< End of report >
Gruß, Shinichi PS.: Ich konnte Veränderungen unter deinem Namen feststellen. Anstelle von TB-Senior steht nun MalwareTeam, hat da etwa jemand seine Ausbildung erfolgreich abgeschlossen? Wenn ich mit meiner Vermutung richtig liege möchte ich dir hiermit gratulieren.  |
|
20.04.2011, 23:45
| #10 | ||
| /// TB-Ausbilder | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Hallo Shinichi, Nun kümmern wir uns noch um ein paar Reste. Schritt # 1: Fix mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
:files
C:\Programme\BitTorrent
C:\Programme\DNA
C:\Programme\DVDVideoSoft
C:\DVDVideoSoft
C:\Users\Melissa\AppData\Roaming\uTorrent
C:\Users\Melissa\AppData\Roaming\Uniblue
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{49E4D65D-DEF5-49DD-B6B4-D4518F3F07E1}" =-
"{4C880794-BF1D-4C44-AD3C-3FD4250E5173}" =-
:commands
[Reboot]
Schritt # 2: Beantwortung von Fragen Zitat:
 Bitte beantworte mir folgende Fragen:
Schritt # 3: Systemscan mit OTL
Schritt # 4: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
23.04.2011, 14:00
| #11 | |||
| | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Hallo M-K-D-B, die OTL-Fixfile konnte ich nicht auf meinem Desktop finden und auch Zitat:
Zitat:
Zitat:
Zu den Add-ons: 4.0 Java Console 6.0.15 Microsoft. NET Framework Assistent 1.2.1 RadioBar Toolbar 1.0.0 RealPlayer Browser Record Veoh Video Compass 1.5.2 Veoh Web Player Video Finder 1.4 Yahoo! Toolbar 2.1.1.20091029021655 OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.04.2011 13:43:04 - Run 4 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melissa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,29 Gb Total Space | 54,38 Gb Free Space | 37,68% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS Drive G: | 298,01 Gb Total Space | 127,87 Gb Free Space | 42,91% Space Free | Partition Type: FAT32 Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32 Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\System32\DivXsm.exe (DivX Inc.) PRC - D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Programme\Common Files\Marmiko Shared\MWLaMaS.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AdobeActiveFileMonitor7.0) -- D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (SIS163u) -- C:\Windows\System32\drivers\SiS163u.sys (SiS Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.12 18:27:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.23 12:55:30 | 000,000,000 | ---D | M] [2009.01.19 23:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Extensions [2011.04.23 13:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions [2010.07.09 10:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.14 11:54:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.01.25 12:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.03.28 22:07:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\illimitux@illimitux.net [2010.01.30 16:48:09 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\radiobar@toolbar [2010.02.07 02:10:02 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\searchrecs@veoh.com [2011.01.25 12:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\staged-xpis [2011.04.06 22:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.16 21:00:29 | 000,000,000 | ---D | M] (VMLoad) -- C:\Programme\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE} [2009.08.15 23:40:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.06 21:44:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2009.01.20 12:30:15 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER [2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2011.03.06 00:27:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.06 00:27:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.06 00:27:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.06 00:27:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.06 00:27:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.20 22:54:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Melissa\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - File not found O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.03 12:58:30 | 000,000,038 | -H-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.20 22:59:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.04.20 22:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.04.20 22:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.04.20 22:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.04.20 22:42:34 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.04.20 22:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.04.20 22:39:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.04.20 22:27:26 | 000,000,000 | ---D | C] -- C:\_OTL [2011.04.17 21:57:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.17 21:30:47 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe [2011.04.17 21:30:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe [2011.04.17 20:51:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe [2011.04.15 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Malwarebytes [2011.04.15 15:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.15 15:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.15 15:11:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.15 15:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.13 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2011.04.13 12:51:30 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2011.04.13 12:36:09 | 000,000,000 | ---D | C] -- C:\Windows\pss [2009.01.19 22:11:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2008.09.30 06:55:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL ========== Files - Modified Within 30 Days ========== [2011.04.23 13:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.23 12:59:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.23 12:57:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.23 12:57:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.23 12:57:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.23 12:57:16 | 1876,447,232 | -HS- | M] () -- C:\hiberfil.sys [2011.04.22 18:45:58 | 000,014,336 | ---- | M] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.20 23:33:07 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.20 23:33:07 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.20 23:33:07 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.20 23:33:07 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.20 22:54:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.04.20 22:37:54 | 004,325,372 | R--- | M] () -- C:\Users\Melissa\Desktop\ComboFix.exe [2011.04.20 00:26:48 | 000,040,504 | ---- | M] () -- C:\Users\Melissa\Desktop\Malvada.odt [2011.04.19 19:33:17 | 000,050,477 | ---- | M] () -- C:\Users\Melissa\Desktop\Defogger.exe [2011.04.19 18:49:41 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2011.04.17 21:55:23 | 000,000,737 | ---- | M] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk [2011.04.17 21:55:23 | 000,000,718 | ---- | M] () -- C:\Users\Melissa\Desktop\ERUNT.lnk [2011.04.17 21:39:24 | 000,301,568 | ---- | M] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe [2011.04.17 21:39:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe [2011.04.17 21:39:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe [2011.04.17 21:39:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe [2011.04.17 21:28:35 | 000,377,280 | ---- | M] () -- C:\Users\Melissa\Desktop\Load.exe [2011.04.16 11:30:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.16 11:30:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.16 11:30:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.15 15:11:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.15 03:30:24 | 000,328,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 12:51:32 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.04.11 20:43:57 | 092,643,550 | ---- | M] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv [2011.04.06 22:35:33 | 000,000,054 | ---- | M] () -- C:\Windows\mpsettings.ini ========== Files Created - No Company Name ========== [2011.04.20 22:42:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.04.20 22:42:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.04.20 22:42:38 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.04.20 22:42:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.04.20 22:42:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.04.20 22:35:23 | 004,325,372 | R--- | C] () -- C:\Users\Melissa\Desktop\ComboFix.exe [2011.04.19 19:33:16 | 000,050,477 | ---- | C] () -- C:\Users\Melissa\Desktop\Defogger.exe [2011.04.19 18:49:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011.04.18 21:23:54 | 000,040,504 | ---- | C] () -- C:\Users\Melissa\Desktop\Malvada.odt [2011.04.17 21:55:23 | 000,000,737 | ---- | C] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk [2011.04.17 21:55:23 | 000,000,718 | ---- | C] () -- C:\Users\Melissa\Desktop\ERUNT.lnk [2011.04.17 21:30:47 | 000,301,568 | ---- | C] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe [2011.04.17 21:28:35 | 000,377,280 | ---- | C] () -- C:\Users\Melissa\Desktop\Load.exe [2011.04.16 11:30:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.15 15:11:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.13 12:51:32 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.04.11 20:43:58 | 092,643,550 | ---- | C] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv [2011.04.06 22:35:33 | 000,000,054 | ---- | C] () -- C:\Windows\mpsettings.ini [2010.08.13 11:30:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.06.14 19:12:53 | 000,000,130 | ---- | C] () -- C:\Windows\System32\rpireica.bin [2009.11.12 20:27:13 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.11.12 20:27:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.11.12 20:27:08 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.11.12 20:27:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.11.12 20:27:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.11.09 19:19:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\swunilog.ini [2009.11.04 23:47:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll [2009.09.24 06:17:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.24 06:17:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.02 06:57:23 | 000,007,268 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat [2009.07.02 13:51:39 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat [2009.02.10 19:22:57 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.01.28 20:46:28 | 000,000,096 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat [2009.01.20 13:05:11 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2009.01.20 13:05:01 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2009.01.20 13:04:31 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.20 13:04:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2009.01.20 13:03:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.20 13:03:53 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.20 13:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2009.01.20 13:02:53 | 000,006,315 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.01.20 00:02:56 | 000,014,336 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.19 23:11:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.19 22:39:59 | 000,000,095 | ---- | C] () -- C:\Users\Melissa\AppData\Local\fusioncache.dat [2009.01.19 22:11:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.06 06:48:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.10.06 06:48:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.01.21 09:15:58 | 000,674,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,146,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.04.11 19:30:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.04.11 17:09:20 | 000,000,734 | ---- | C] () -- C:\Windows\generic.ini [2007.04.11 17:09:20 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.04.11 17:07:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.04.11 17:07:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.04.11 17:07:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.04.11 09:20:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,328,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.01.06 15:04:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2007.04.11 08:32:30 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Acer GameZone Console [2011.04.11 21:09:32 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Any Video Converter [2009.11.13 18:01:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Blitware [2009.01.29 23:08:16 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Canneverbe_Limited [2011.03.13 18:28:27 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\CD Art Display [2009.06.30 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\DAEMON Tools Lite [2009.11.05 23:11:46 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\InterTrust [2010.09.24 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Leadertech [2010.05.20 00:30:37 | 000,000,000 | -HSD | M] -- C:\Users\Melissa\AppData\Roaming\lowsec [2009.04.25 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\OpenOffice.org [2009.01.19 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\T-Online [2009.03.04 20:54:32 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Template [2011.04.06 22:58:40 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\VMLoad [2010.10.29 10:35:47 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WindSolutions [2011.04.23 12:56:07 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Entschuldige, dass ich für meine Antwort so lange gebraucht habe und nochmals vielen Dank. Gruß Shinichi |
|
23.04.2011, 18:39
| #12 | ||
| /// TB-Ausbilder | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Hallo Shinichi, Es freut mich, dass zwei Fehlermeldungen schon verschwunden sind. Zitat:
Zitat:
 Schritt # 1: CFScript mit ComboFix ausführen Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter Folder::
C:\Users\Melissa\AppData\Roaming\lowsec
FireFox::
FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\
FF - prefs.js: browser.search.defaulturl - http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
Wichtig:
Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
Schritt # 3: Java deinstallieren/neu installieren
Schritt # 4: Wichtige Updates
Schritt # 5: ESET Online Scanner Bitte während des Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt # 6: Systemscan mit OTL
Schritt # 7: Durchführung einer Sicherheitskontrolle Downloade Dir bitte SecurityCheck
Schritt # 8: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
26.04.2011, 22:24
| #13 | |||
| | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Ach schon wieder eine so späte Antwort von mir grrr... . Hallo M-K-D-B, Combofix Logfile: Code:
ATTFilter ComboFix 11-04-23.02 - Melissa 24.04.2011 17:43:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1791.1077 [GMT 2:00]
ausgeführt von:: c:\users\Melissa\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Melissa\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Melissa\AppData\Roaming\lowsec
c:\users\Melissa\AppData\Roaming\lowsec\local.ds
c:\users\Melissa\AppData\Roaming\lowsec\user.ds
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-24 bis 2011-04-24 ))))))))))))))))))))))))))))))
.
.
2011-04-24 15:53 . 2011-04-24 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-22 09:05 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CE1489B-8C67-4389-9C4E-174291BB3AA8}\mpengine.dll
2011-04-20 20:27 . 2011-04-20 20:27 -------- d-----w- C:\_OTL
2011-04-19 16:49 . 2011-04-19 16:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-04-17 19:55 . 2011-04-17 19:55 -------- d-----w- c:\program files\ERUNT
2011-04-15 13:11 . 2011-04-15 13:11 -------- d-----w- c:\users\Melissa\AppData\Roaming\Malwarebytes
2011-04-15 13:11 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-15 13:11 . 2011-04-15 13:11 -------- d-----w- c:\programdata\Malwarebytes
2011-04-15 13:11 . 2011-04-15 13:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-15 13:11 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 00:05 . 2011-02-02 16:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-13 10:51 . 2011-04-13 10:51 -------- d-----w- c:\program files\Defraggler
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 14:13 . 2011-03-23 12:14 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 12:14 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 12:14 797696 ----a-w- c:\windows\system32\FntCache.dll
2010-09-09 23:35 . 2009-11-02 17:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-09 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 149280]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-04-29 268800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-1-20 110647]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-11 535336]
Wireless Configuration Utility HW.32.lnk - c:\windows\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2009-11-5 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2008-01-09 16:43 326176 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-02 04:00 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- d:\daemon tools lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoCockpit]
2009-04-29 14:11 268800 ------w- c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\ic_start.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-06 19:43 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-01-26 17:46 2633976 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;D:\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-09 30192]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2008-04-17 560640]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2008-04-17 15616]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-29 721904]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-10-01 162304]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 13:57]
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 13:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - c:\progra~1\SECRET~1\\SECRET~1.EXE
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar
FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: Veoh Web Player Video Finder: web@veoh.com - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-24 17:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2682020467-2822555498-3201927298-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}*]
"hapjlkfbdnghfncc"=hex:6b,61,62,67,67,61,6c,69,63,64,6c,6c,65,6b,69,70,6a,6b,
6f,63,67,6b,00,00
.
Zeit der Fertigstellung: 2011-04-24 17:57:37
ComboFix-quarantined-files.txt 2011-04-24 15:57
.
Vor Suchlauf: 18 Verzeichnis(se), 56.358.625.280 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 56.336.216.064 Bytes frei
.
- - End Of File - - 7EFDB1B9A9A9D47E13EF8FFF143BD1BF
Zitat:
Zitat:
Code:
ATTFilter OTL logfile created on: 26.04.2011 23:04:32 - Run 5 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melissa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 53,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,29 Gb Total Space | 52,69 Gb Free Space | 36,52% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS Drive G: | 298,01 Gb Total Space | 127,87 Gb Free Space | 42,91% Space Free | Partition Type: FAT32 Drive H: | 148,79 Gb Total Space | 55,93 Gb Free Space | 37,59% Space Free | Partition Type: FAT32 Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32 Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Programme\Common Files\Marmiko Shared\MWLaMaS.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de) PRC - C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AdobeActiveFileMonitor7.0) -- D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (SIS163u) -- C:\Windows\System32\drivers\SiS163u.sys (SiS Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.12 18:27:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.25 20:38:51 | 000,000,000 | ---D | M] [2009.01.19 23:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Extensions [2011.04.26 20:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions [2010.07.09 10:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.14 11:54:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.03.28 22:07:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\illimitux@illimitux.net [2010.01.30 16:48:09 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\radiobar@toolbar [2010.02.07 02:10:02 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\searchrecs@veoh.com [2011.01.25 12:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\staged-xpis [2011.04.26 09:20:20 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\toolbar@ask.com [2011.04.25 20:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.16 21:00:29 | 000,000,000 | ---D | M] (VMLoad) -- C:\Programme\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE} [2011.04.25 20:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.04.25 20:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2009.12.06 21:44:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2009.01.20 12:30:15 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER [2011.04.25 20:36:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2011.03.06 00:27:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.06 00:27:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.06 00:27:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.06 00:27:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.06 00:27:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.24 17:53:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Melissa\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>) O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - File not found O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.11.03 12:58:30 | 000,000,038 | -H-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.26 20:00:02 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.04.26 19:58:13 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Melissa\Desktop\esetsmartinstaller_enu.exe [2011.04.25 20:42:30 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Foxit Software [2011.04.25 20:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2011.04.25 20:40:46 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2011.04.25 20:40:36 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software [2011.04.25 20:38:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.25 20:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.04.25 20:36:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.04.25 20:36:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.04.25 20:36:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.25 20:36:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.25 20:36:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.24 17:57:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.04.24 17:40:53 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.04.24 17:40:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.04.20 22:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.04.20 22:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.04.20 22:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.04.20 22:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.04.20 22:27:26 | 000,000,000 | ---D | C] -- C:\_OTL [2011.04.17 21:57:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.17 21:30:47 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe [2011.04.17 21:30:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe [2011.04.17 20:51:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe [2011.04.16 11:30:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.16 11:30:02 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.16 11:30:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.16 11:30:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.16 11:30:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.16 11:30:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.16 11:30:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.16 11:30:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.16 11:30:01 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.16 11:30:01 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.16 11:30:00 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.16 11:30:00 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.16 11:30:00 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.16 11:30:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.16 11:30:00 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.16 11:30:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.16 11:30:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.16 11:30:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.16 11:30:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.16 11:30:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.16 11:30:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.16 11:29:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.16 11:29:59 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.16 11:29:59 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.16 11:29:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.16 11:29:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.16 11:29:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.16 11:29:59 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.16 11:29:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.16 11:29:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.16 11:29:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.16 11:29:58 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.16 11:29:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.16 11:29:58 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.16 11:29:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.16 11:29:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.16 11:29:58 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.16 11:29:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.16 11:29:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Malwarebytes [2011.04.15 15:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.15 15:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.15 15:11:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.15 15:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.14 09:01:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 09:01:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 09:01:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 09:01:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 09:01:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 09:01:37 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 02:05:14 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.04.13 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler [2011.04.13 12:51:30 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler [2011.04.13 12:36:09 | 000,000,000 | ---D | C] -- C:\Windows\pss [2009.01.19 22:11:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2008.09.30 06:55:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL ========== Files - Modified Within 30 Days ========== [2011.04.26 22:14:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.26 21:17:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 21:17:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 19:58:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Melissa\Desktop\esetsmartinstaller_enu.exe [2011.04.26 19:14:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.26 09:45:11 | 000,028,672 | ---- | M] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.26 09:17:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.26 09:17:24 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys [2011.04.25 20:40:59 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.04.25 20:36:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.04.25 20:36:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.25 20:36:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.25 20:36:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.24 17:53:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.04.24 16:24:30 | 004,328,459 | R--- | M] () -- C:\Users\Melissa\Desktop\ComboFix.exe [2011.04.20 23:33:07 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.20 23:33:07 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.20 23:33:07 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.20 23:33:07 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.20 00:26:48 | 000,040,504 | ---- | M] () -- C:\Users\Melissa\Desktop\Malvada.odt [2011.04.19 19:33:17 | 000,050,477 | ---- | M] () -- C:\Users\Melissa\Desktop\Defogger.exe [2011.04.19 18:49:41 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2011.04.17 21:55:23 | 000,000,737 | ---- | M] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk [2011.04.17 21:55:23 | 000,000,718 | ---- | M] () -- C:\Users\Melissa\Desktop\ERUNT.lnk [2011.04.17 21:39:24 | 000,301,568 | ---- | M] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe [2011.04.17 21:39:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe [2011.04.17 21:39:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe [2011.04.17 21:39:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe [2011.04.17 21:28:35 | 000,377,280 | ---- | M] () -- C:\Users\Melissa\Desktop\Load.exe [2011.04.16 11:30:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.16 11:30:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.16 11:30:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.16 11:30:02 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.16 11:30:02 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.16 11:30:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.16 11:30:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.16 11:30:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.16 11:30:02 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.16 11:30:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.16 11:30:01 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.16 11:30:01 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.16 11:30:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.16 11:30:00 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.16 11:30:00 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.16 11:30:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.16 11:30:00 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.16 11:30:00 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.16 11:30:00 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.16 11:30:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.16 11:30:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.16 11:30:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.16 11:30:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.16 11:30:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.16 11:29:59 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.16 11:29:59 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.16 11:29:59 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.16 11:29:59 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.16 11:29:59 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.16 11:29:59 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.16 11:29:59 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.16 11:29:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.16 11:29:59 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.16 11:29:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.16 11:29:58 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.16 11:29:58 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.16 11:29:58 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.16 11:29:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.16 11:29:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.16 11:29:58 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.16 11:29:58 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.16 11:29:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 15:11:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.15 03:30:24 | 000,328,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 12:51:32 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.04.11 20:43:57 | 092,643,550 | ---- | M] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv [2011.04.06 22:35:33 | 000,000,054 | ---- | M] () -- C:\Windows\mpsettings.ini ========== Files Created - No Company Name ========== [2011.04.25 20:40:59 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2011.04.24 16:24:14 | 004,328,459 | R--- | C] () -- C:\Users\Melissa\Desktop\ComboFix.exe [2011.04.20 22:42:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.04.20 22:42:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.04.20 22:42:38 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.04.20 22:42:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.04.20 22:42:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.04.19 19:33:16 | 000,050,477 | ---- | C] () -- C:\Users\Melissa\Desktop\Defogger.exe [2011.04.19 18:49:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011.04.18 21:23:54 | 000,040,504 | ---- | C] () -- C:\Users\Melissa\Desktop\Malvada.odt [2011.04.17 21:55:23 | 000,000,737 | ---- | C] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk [2011.04.17 21:55:23 | 000,000,718 | ---- | C] () -- C:\Users\Melissa\Desktop\ERUNT.lnk [2011.04.17 21:30:47 | 000,301,568 | ---- | C] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe [2011.04.17 21:28:35 | 000,377,280 | ---- | C] () -- C:\Users\Melissa\Desktop\Load.exe [2011.04.16 11:30:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.15 15:11:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.13 12:51:32 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2011.04.11 20:43:58 | 092,643,550 | ---- | C] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv [2011.04.06 22:35:33 | 000,000,054 | ---- | C] () -- C:\Windows\mpsettings.ini [2010.08.13 11:30:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.06.14 19:12:53 | 000,000,130 | ---- | C] () -- C:\Windows\System32\rpireica.bin [2009.11.12 20:27:13 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.11.12 20:27:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.11.12 20:27:08 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.11.12 20:27:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.11.12 20:27:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.11.09 19:19:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\swunilog.ini [2009.11.04 23:47:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll [2009.09.24 06:17:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.24 06:17:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.02 06:57:23 | 000,007,268 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat [2009.07.02 13:51:39 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat [2009.02.10 19:22:57 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.01.28 20:46:28 | 000,000,096 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat [2009.01.20 13:05:11 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini [2009.01.20 13:05:01 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2009.01.20 13:04:31 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.20 13:04:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2009.01.20 13:03:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.20 13:03:53 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.20 13:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2009.01.20 13:02:53 | 000,006,315 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.01.20 00:02:56 | 000,028,672 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.19 23:11:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.19 22:39:59 | 000,000,095 | ---- | C] () -- C:\Users\Melissa\AppData\Local\fusioncache.dat [2009.01.19 22:11:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.06 06:48:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.10.06 06:48:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.01.21 09:15:58 | 000,674,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,146,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.04.11 19:30:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.04.11 17:09:20 | 000,000,734 | ---- | C] () -- C:\Windows\generic.ini [2007.04.11 17:09:20 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.04.11 17:07:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.04.11 17:07:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.04.11 17:07:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.04.11 09:20:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,328,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.01.06 15:04:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll < End of report > Zitat:
Shinichi |
|
27.04.2011, 08:56
| #14 | ||
| /// TB-Ausbilder | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Hallo Shinichi, bevor wir zum Abschluss kommen, hätte ich noch folgende Anliegen an dich: Schritt # 1: Deinstallation von Programmen Bei der Installation von Foxit Reader hast du dir anscheinend die Ask Toolbar mit installiert. Diese erfüllt keinen sinnvollen Zweck. Daher bitte ich dich, diese Toolbar wieder zu deinstallieren. Achte grundsätzlich immer darauf, welche zusätzlichen "Tools" du beim Installations-Setup auswählst.
Schritt # 2: Fix mit OTL
Code:
ATTFilter :OTL
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011.04.25 20:40:46 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
:files
C:\Program Files\Windows Live\Messenger\msimg32.dll
C:\Program Files\Windows Live\Messenger\riched20.dll
:Commands
[emptytemp]
Schritt # 3: Fragen beantworten Bitte beantworte mir folgende Fragen:
Schritt # 4: Systemscan mit OTL
Schritt # 5: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
01.05.2011, 20:41
| #15 |
| /// TB-Ausbilder | C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
| Themen zu C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll |
| appdata, bereich, bli, computer, das angegebene modul wurde nicht gefunden, datei, fehlermeldung, fehlermeldungen, forum, gelöscht, hochfahren, laden, löschen, maleware, malwarebytes, meldungen, modul, neues, nicht gefunden, nicht mehr, nicht vorhanden, problem, report, schonmal, system, temp, thema, worte |
Textbox.
Button.
Linear-Darstellung
