| |
| |||||||
Log-Analyse und Auswertung: Windows Recovery MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.04.2011, 19:15
| #1 |
 |  Windows Recovery Malware Hallo, da mich der Windows Recovery Trojaner nun auch getroffen hat, habe ich mich hier angemeldet. Habe bereits ein Malwarebytes Scan durchlaufen lassen, dadurch wurden alle Infizierten Objekte Entfernt und der PC läuft auch wieder sehr gut. Um ganz sicher zu gehen das der PC nun auch wirklich sauber ist, sende ich hier mal die Logfiles. Malwarebytes Logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6439 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 25.04.2011 11:01:10 mbam-log-2011-04-25 (11-01-10).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 158260 Laufzeit: 8 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efHhjWihQgMsG (Trojan.FakeAlert) -> Value: efHhjWihQgMsG -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\7\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\efhhjwihqgmsg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\7\AppData\Local\Temp\tmpE2D0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\7\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\7\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\7\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. Und hier noch einer von heute: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6439 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 26.04.2011 19:06:33 mbam-log-2011-04-26 (19-06-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 319761 Laufzeit: 1 Stunde(n), 18 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\7\downloads\76735\pdtrain.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. Hoffe das ist so richtig! Gruß Geändert von Spirit_1 (26.04.2011 um 19:24 Uhr) |
|
27.04.2011, 20:16
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Recovery Malware Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
27.04.2011, 20:37
| #3 |
| | Windows Recovery Malware Hi,
__________________hab noch 2 Logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6450 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 26.04.2011 21:59:05 mbam-log-2011-04-26 (21-59-05).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 158721 Laufzeit: 9 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) -------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6458 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 27.04.2011 19:21:01 mbam-log-2011-04-27 (19-21-01).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 158518 Laufzeit: 7 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Das sind alle. Gruß |
|
28.04.2011, 09:46
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.04.2011, 17:01
| #5 |
| | Windows Recovery Malware Hier die OTL Logs: Extras.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.04.2011 17:42:09 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\7\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 64,92 Gb Free Space | 44,99% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 92,51 Gb Free Space | 64,23% Space Free | Partition Type: NTFS
Computer Name: KIMI | User Name: 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{89B4EF01-905C-48CC-8872-7CD20EB210A7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B09B40B8-2806-4B86-BC13-27DA58073611}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00881F97-EAEE-41C6-9362-AA52A41144A8}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{033BC8E4-C354-4D55-ADE3-F39FC15B3F74}" = protocol=6 | dir=in | app=d:\pc spiele\kane&lynch\kaneandlynch.exe |
"{04C0D378-871B-4F17-AFDF-EB2B1D7B6ABD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{07912DAC-1A6D-40DD-9703-0AB05261B04A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{093992C2-433C-4715-AC56-2B01AE65B7C4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{0CDBB453-DBD9-44AC-B67F-DBC1BF9514D1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{0EC49438-8F0A-4040-8AAA-ED4BC61678DF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{10667D16-2BA4-49AC-BC62-45D0DCFA505C}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{1676170B-0AB5-4149-A13D-DD55CABACF7A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{20369679-E082-4B56-9FC4-7570BD426636}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{2143CB3F-8F35-4251-8B36-FD1FE952FC09}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{2200A927-CF83-417B-A2C3-3CB547DAA989}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{2C6A8D8C-2D13-4677-A1FB-E3A555C89A2D}" = protocol=6 | dir=in | app=c:\program files\rapidsolution\rs audials one\tunebite\tunebitehelper.exe |
"{2FFFD39F-7C72-41DD-8937-ADB64058E0B6}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{37BD2B39-8B58-4E95-B74E-FF2BA84BCDDA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1196336032\ee\aolsoftware.exe |
"{38CB3C76-78F5-40E6-8341-875F147C80B0}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{39443E23-F5FD-47F8-B5DA-67E9C37F124F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{39E3C019-5F90-48F7-A011-B8025F271307}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1196697833\ee\aolsoftware.exe |
"{43508F5C-14B2-4717-B8E9-812ED9EF3C80}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{460BE376-DCC1-4871-A1DE-A9A3B96194BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{47D1AC52-BCFD-4F4A-BDD8-3996797F89C4}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{48F9ADA6-A0AE-4C0F-B6A4-06241AF57930}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{50386EB2-5E44-44B7-8845-DBF78F691BEE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{57228C1A-A6AA-4B06-9883-AB1E0AC011FC}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{5A801C4C-1F29-45EC-97AD-337D691AB30B}" = protocol=6 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{5AC42AA5-6D84-4E8C-9821-34D39894D5A4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{5DC1544A-8A3C-414A-91F8-81558962B707}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{636E765D-F601-4434-95E3-EA7F449E6912}" = protocol=6 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{63E6DDD5-DF24-4277-B22E-EF744A6516A8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{65D26928-DBB0-4E15-BCC6-E007F284B925}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{69B34F51-06B3-416B-8219-A4A10B5C4805}" = protocol=17 | dir=in | app=d:\pc spiele\gears of war\binaries\wargame-g4wlive.exe |
"{6AE190C0-5FC9-4D94-AB08-A41EFB502696}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{6B390095-D23A-42C8-A42D-7D58CE2F9D53}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{6B8A43A4-2C83-4125-89BA-13ADE7341EC2}" = protocol=17 | dir=in | app=d:\pc spiele\fear\fear.exe |
"{6C59307C-9890-492E-8569-A4FCC4F3C202}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{6D39FA59-0F18-404B-BF67-6932BA53B884}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{6E8E2A86-5796-4529-A666-0CEA2C4CEDB1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{716E9D8B-1810-431A-9B8E-B3661080BCA0}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{72FEEEAD-578B-46CE-8A9A-FEB86D175EFC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{739CFEB8-9D58-4C4C-AB81-3682ACEAE42D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{753F0EA5-B71C-45BF-AD80-57EEA5472313}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{7B2ADEC2-7FC6-421B-8A2C-AC9D38A5CCE6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{8042BB3C-8AC9-4A71-86DD-70E0D936FDE8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{85EF2E3C-CBCE-4655-B0FC-F29C1896D550}" = protocol=17 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{88B4323A-EF28-45CD-A4CB-651A2552C875}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{8B61664C-D979-4CF3-BBC2-203E2637756C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{8FC66E8E-A274-4EC9-A4A0-04AF95BD1BB4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9A53DCAE-15B1-4150-8A4F-EE672109158A}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9C87FDF3-5A6E-4164-B5E0-63B9A95E7004}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{9D88428B-69BF-42C8-8D79-9B05033BBF7B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{A0BB3638-15AB-4369-8E6F-4845858BF637}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{A62DCED7-6A06-4A1F-9E22-5615A7012006}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{A983E2E2-1D7A-4D7A-BE58-049729767CA3}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{AA4C476A-15A8-4906-A87E-E030A932E2DD}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{AB183F35-3D12-433A-83F6-C12C91EBE51A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{ABD8BF7C-C9B7-4C6E-90CE-A0305605B9B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{AC701468-614E-4C65-854D-78065A2F4622}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{B0BF9390-7BB5-465F-A2EF-6F3F68294987}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{BB4C1A59-3668-4365-8890-CAF393219A91}" = protocol=6 | dir=in | app=d:\pc spiele\gears of war\binaries\wargame-g4wlive.exe |
"{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{BED37DA5-CCC7-4127-9399-7C9540180E26}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C1CAEDF8-58A8-4EB1-A26D-0AF0F53F123F}" = protocol=17 | dir=in | app=d:\pc spiele\kane&lynch\kaneandlynch.exe |
"{C318C7B3-74B0-432F-8D18-56C555CBD326}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{C4A7F102-7ED7-4C5B-8A7A-1F882355E324}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{C6256626-0912-4990-98D4-697452CAB04F}" = protocol=17 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{C702B647-3647-4722-ABFE-7002B1C5A698}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{C783260A-EA35-441C-936E-8C808C8A99C6}" = protocol=17 | dir=in | app=c:\program files\rapidsolution\rs audials one\tunebite\tunebitehelper.exe |
"{CE6C5139-02AB-420D-89DB-941D13902D42}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{D351B421-BB61-46E0-A4F9-9B71E717A3D1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D39353BA-952A-4798-8D76-40B595920E04}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{D3F60A33-9B6A-4598-BE63-A0D44A2594A1}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{D6C1A101-9FDF-4849-A2EC-D3B2B51E8D94}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{D7261367-0EB4-4E9E-B03C-A5D7B459F59E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D84CEABD-9BD6-49DD-87B1-503474E37904}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{DF69DF74-ABBB-4F95-9B5C-997D55348E93}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{E874F2E9-0CA2-48DC-ACBC-2C3E76EFAC7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{E99353F8-2131-483D-9BCA-C8E33D7FC3D7}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{EAAA9DE9-7DA1-4583-8119-8AFAEC1CE63D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1196697833\ee\aolsoftware.exe |
"{ECA0D9FE-2F62-4C10-B25E-6B61704E9E16}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
"{EFD48411-205C-4ADD-85D4-B5D73E9AE19B}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{F1566BAF-C5BF-48EE-9E0A-CD71351E5E8C}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{F22A275C-3996-4B68-9DDD-C2F26D7DFE9E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1196336032\ee\aolsoftware.exe |
"{F6F6DA57-BA61-4367-A504-BD3EC8D1351E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{F95C589B-C1D3-4B77-ABE5-7D0ACE38B25C}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{F9E0BBA9-9818-4CF7-9AD2-EC5AED7FEBCA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{FC2FE601-4E44-402C-9888-4C80411F0066}" = protocol=6 | dir=in | app=d:\pc spiele\fear\fear.exe |
"{FD254CEB-12B4-48DF-8913-A99BFC0FFC8A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{FDE4CF68-1D98-4DB1-A7AF-E5B105519B83}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{FF58AE98-5FF4-4A9F-833D-377DC5180D4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"TCP Query User{01E31ECE-0085-4B72-B20E-3C12BA46A1D3}D:\pc spiele\fear\fpupdate.exe" = protocol=6 | dir=in | app=d:\pc spiele\fear\fpupdate.exe |
"TCP Query User{090D0BA8-B644-46E8-B74E-35784BCF3068}D:\vga\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\vga\icq6.5\icq.exe |
"TCP Query User{0EAD0715-7848-4603-83D5-DE6CFEEBEE14}D:\pc spiele\bin32\farcry.exe" = protocol=6 | dir=in | app=d:\pc spiele\bin32\farcry.exe |
"TCP Query User{52D450CE-4B9D-4E90-A986-86982EAED7B3}D:\pc spiele\pes 2009\pes2009.exe" = protocol=6 | dir=in | app=d:\pc spiele\pes 2009\pes2009.exe |
"TCP Query User{65097D5C-FFF4-443F-995F-E057B360C2A3}C:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe |
"TCP Query User{6563F20A-CCAE-4AB5-8DD0-7237C40BB7B8}D:\pc spiele\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=d:\pc spiele\far cry\bin32\farcry.exe |
"TCP Query User{66F4EF41-2A1D-4EE7-9D04-98E9BB36BFF3}C:\test drive\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\test drive\testdriveunlimited.exe |
"TCP Query User{6AAA06DC-5610-4300-98F0-2E520A67F83D}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{766864EC-B6BC-473A-8ADF-4CF4D7E6815F}F:\kituri\torent\utorrent.exe" = protocol=6 | dir=in | app=f:\kituri\torent\utorrent.exe |
"TCP Query User{A96EACA2-B7DF-4C1E-B5ED-10E1F36A2997}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{AF5126A3-6396-4291-B79B-383482B04A98}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B681F4F1-30D2-49F3-B339-31AEF74E9CB8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C0149211-4F1B-48C9-A1D0-3DA71AA1933D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{C0DEF41C-1468-4075-AF47-2F77922CDDB5}D:\pc spiele\moh pacific\mohpa.exe" = protocol=6 | dir=in | app=d:\pc spiele\moh pacific\mohpa.exe |
"TCP Query User{D1FAAEBA-DBDA-4628-98DE-82C66E933EE1}C:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=6 | dir=in | app=c:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"TCP Query User{FCDA7CF5-EC7A-43AB-AD29-F4DB1D840FCF}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"TCP Query User{FD31CD66-4500-4512-9940-494900798374}D:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=d:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe |
"UDP Query User{0702EAAA-0508-42DA-98D5-B7C7B563D43E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{15DD011C-A065-471D-BDDD-5D35A57EBDC2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{2C0B62B4-E381-46A7-A7B4-6FC42593CA0D}D:\pc spiele\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=d:\pc spiele\far cry\bin32\farcry.exe |
"UDP Query User{2C65ABE8-612F-460C-A135-EEE620FF5ABD}D:\pc spiele\pes 2009\pes2009.exe" = protocol=17 | dir=in | app=d:\pc spiele\pes 2009\pes2009.exe |
"UDP Query User{2FD7310F-C0E3-459D-B3C2-53CC93AF577F}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"UDP Query User{38E638F3-6B24-4E67-A874-8BAAF264C253}C:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe |
"UDP Query User{47064FD9-B422-4E91-97C5-BD3BB49BA6D1}D:\pc spiele\fear\fpupdate.exe" = protocol=17 | dir=in | app=d:\pc spiele\fear\fpupdate.exe |
"UDP Query User{5F61E3A3-3B58-4970-B30D-76A9B7CDAA47}D:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=d:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe |
"UDP Query User{5FC7B76C-EB10-4538-8F6D-0F6EDE746A3B}C:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=17 | dir=in | app=c:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"UDP Query User{674093BC-7F76-4158-9613-C3A81B9DAF03}D:\pc spiele\moh pacific\mohpa.exe" = protocol=17 | dir=in | app=d:\pc spiele\moh pacific\mohpa.exe |
"UDP Query User{9A73F0A4-032C-43D6-8071-524596EA7742}D:\pc spiele\bin32\farcry.exe" = protocol=17 | dir=in | app=d:\pc spiele\bin32\farcry.exe |
"UDP Query User{A1D514EA-D8D6-4791-B34E-F19DA4098975}F:\kituri\torent\utorrent.exe" = protocol=17 | dir=in | app=f:\kituri\torent\utorrent.exe |
"UDP Query User{AC741147-98D3-4BF2-BAF9-654521B013FF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{BF14F94C-C984-4CCE-A5C1-AF5166303232}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D2C7E5D6-0501-46B1-8A68-B78B1139B176}C:\test drive\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\test drive\testdriveunlimited.exe |
"UDP Query User{E1968F26-2526-4A32-9EE1-A127430AC318}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{EBFCE35B-F715-468C-B136-660C6718D8EF}D:\vga\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\vga\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{345CDDCB-8241-4E76-9D3B-155F2FD6F07E}" = Sony Ericsson PC Suite
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D93BD2D-BA71-491A-926C-37FE1580CEE0}" = The Witcher Enhanced Edition - "Nebenwirkungen"
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{76D6737F-CF8D-4e9c-B3FE-1C65604804E1}" = FotoUp
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9639A939-076D-4fdc-8F0C-F9D531E0E2A6}" = W3FotoUp
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B2D7C787-7BFD-47b3-AE85-60146221015D}" = C4380_Help
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Sitecom Wireless Network USB Adapter Turbo G WL-172
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F40C0988-E8B1-479b-80BD-D5FADAB9697A}" = C4380_doccd
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"2D96D7FEFC2FEFB9F9D638DA8C3C6ECD3BDF9531" = Windows-Treiberpaket - Atheros Communications Inc. (athrusb) Net (03/26/2008 2.2.0.15)
"3868648A8462AE872BD70533258F5196B59F7823" = Windows-Treiberpaket - Realtek Semiconductor Corp. (RTL8187B) Net (09/04/2007 6.1102.0904.2007)
"58A20748E54772454ED3FD879ADF67B0F2F740AD" = Windows-Treiberpaket - Ralink (netr28u) Net (04/21/2008 2.01.06.0000)
"76ED8308D49DD425D85813FD8C2AFC6AA75D1099" = Windows-Treiberpaket - Ralink (rt70x86) Net (10/09/2007 3.01.00.0000)
"7-Zip" = 7-Zip 4.57
"93A6F6D028ABE440673A298C1022FF011EF69A50" = Windows-Treiberpaket - Realtek Semiconductor Corp. (RTL8187) Net (01/30/2007 6.1281.0130.2007)
"A4608AD9231CF116CF8816A4DF61FB9E497FBACA" = Windows-Treiberpaket - Ralink Technology, Corp. (netr28) Net (05/19/2008 2.00.06.0000)
"A7FCE32D22855DCF300C7415E453EFBE8549AC46" = Windows-Treiberpaket - Ralink (netr73) Net (02/26/2008 3.01.04.0000)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Premium
"C06E598F706862939966091EF919ACEB82037A3F" = Windows-Treiberpaket - Ralink Technology, Inc. (RT2500) Net (06/01/2006 3.02.00.0000)
"CCleaner" = CCleaner (remove only)
"Clickster161" = Clickster
"D63EA7FA1ED78B2B5396F0C16AD513F162102F14" = Windows-Treiberpaket - Ralink Technology Corp. (rt61x86) Net (09/28/2007 2.01.00.0000)
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v4.60
"facemoods" = facemoods
"Free Fire Screensaver" = Free Fire Screensaver
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Updater" = Google Updater
"Grand Theft Auto IV Screenshot" = Grand Theft Auto IV Screenshot Screen Saver
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"lvdrivers_11.90" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Nano" = Nano 1.1.1
"NAVIGON Fresh" = NAVIGON Fresh 1.4.6
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer Basic
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SeaStorm 3D Screensaver" = SeaStorm 3D Screensaver (remove only)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Messenger" = Yahoo! Messenger
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.04.2011 11:03:26 | Computer Name = KIMI | Source = LoadPerf | ID = 3012
Description =
Error - 27.04.2011 11:03:26 | Computer Name = KIMI | Source = LoadPerf | ID = 3011
Description =
Error - 27.04.2011 11:10:47 | Computer Name = KIMI | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 15.4.3508.1109, Zeitstempel
0x4cda7240, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00310045, Prozess-ID 0xfd0, Anwendungsstartzeit
01cc04eb461ff6e8.
Error - 27.04.2011 15:22:28 | Computer Name = KIMI | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'GAVID_SRV' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0x5
Error - 27.04.2011 15:22:28 | Computer Name = KIMI | Source = Avira AntiVir | ID = 4122
Description = Die Datei GAVID_SRV konnte nicht geladen werden. Fehlercode: 0x5
Error - 27.04.2011 15:23:02 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.04.2011 15:23:02 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.04.2011 11:02:36 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.04.2011 11:02:36 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.04.2011 11:04:14 | Computer Name = KIMI | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 15.4.3508.1109, Zeitstempel
0x4cda7240, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xf9c, Anwendungsstartzeit
01cc05b5428dda90.
[ System Events ]
Error - 07.04.2011 16:04:09 | Computer Name = KIMI | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.04.2011 um 22:02:28 unerwartet heruntergefahren.
Error - 10.04.2011 04:20:15 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description =
Error - 16.04.2011 14:14:47 | Computer Name = KIMI | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.04.2011 um 20:13:11 unerwartet heruntergefahren.
Error - 20.04.2011 15:24:52 | Computer Name = KIMI | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{A276DE79-56F2-4C3D-9808-91BDD051C09A} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 23.04.2011 09:43:39 | Computer Name = KIMI | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 23.04.2011 15:59:17 | Computer Name = KIMI | Source = Service Control Manager | ID = 7009
Description =
Error - 25.04.2011 03:24:40 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description =
Error - 25.04.2011 03:32:52 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description =
Error - 25.04.2011 04:00:14 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description =
Error - 25.04.2011 04:30:14 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description =
< End of report >
----------------------------------------------------------------------------------- OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 28.04.2011 17:42:08 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\7\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,29 Gb Total Space | 64,92 Gb Free Space | 44,99% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 92,51 Gb Free Space | 64,23% Space Free | Partition Type: NTFS Computer Name: KIMI | User Name: 7 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\7\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe () PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft) PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\7\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (gmer) -- C:\Windows\System32\drivers\gmer.sys (GMER) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.) DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation) DRV - (s116obex) -- C:\Windows\System32\drivers\s116obex.sys (MCCI Corporation) DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation) DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s116mgmt.sys (MCCI Corporation) DRV - (s116mdm) -- C:\Windows\System32\drivers\s116mdm.sys (MCCI Corporation) DRV - (s116mdfl) -- C:\Windows\System32\drivers\s116mdfl.sys (MCCI Corporation) DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.) DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI) DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI) DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*hxxp://de.search.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*hxxp://de.search.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*hxxp://de.search.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/7/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_498ebeee.pac" FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "www.yahoo.de" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.28 13:50:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.25 16:34:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.25 16:34:39 | 000,000,000 | ---D | M] [2008.12.01 18:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\7\AppData\Roaming\mozilla\Extensions [2011.04.26 17:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions [2011.04.25 10:19:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.25 21:38:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.04.26 17:14:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.25 10:19:08 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\ffxtlbr@Facemoods.com [2011.04.25 10:19:09 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\gutscheinmieze@synatix-gmbh.de [2011.04.23 19:32:20 | 000,001,056 | ---- | M] () -- C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\icqplugin.xml [2010.01.25 20:07:02 | 000,003,915 | ---- | M] () -- C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\sweetim.xml [2011.04.25 16:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.27 20:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.10 10:48:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.25 18:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.10 10:09:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.18 22:53:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2010.04.11 19:16:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.27 20:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.10 10:48:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.25 18:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.10 10:09:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.18 22:53:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml [2010.11.22 20:43:34 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM () O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O24 - Desktop WallPaper: C:\Users\7\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\7\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.28 17:12:16 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.28 17:03:20 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{16EB5C1E-DAC2-4587-826D-69894AC40C3E} [2011.04.27 21:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest [2011.04.27 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{501E7A4A-E1A5-4A3B-937C-C76EED02733E} [2011.04.26 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8BB93BEB-4B45-4B02-AE09-B0D37CE4EF35} [2011.04.26 17:12:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{66DB1119-8650-4A22-99A9-6A74E608241A} [2011.04.25 10:48:06 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\Malwarebytes [2011.04.25 10:47:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.25 10:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.25 10:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.25 10:47:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.25 10:47:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.25 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{39C73259-6ADD-456E-9B16-6594E9E662D8} [2011.04.24 10:06:43 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{6608C630-1C30-47A7-A210-181D369EC1F6} [2011.04.23 21:59:23 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{FFA6E56B-78E6-42FC-A910-BA317800EA60} [2011.04.23 19:19:50 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{ED0C1408-14A3-402B-B500-63FBB58786D3} [2011.04.23 15:44:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7640FEA8-762E-4977-BFBF-155073DA73F3} [2011.04.22 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{49160889-ABD3-47B5-BFF1-11D96AE74F48} [2011.04.21 17:09:01 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{5A8DFD98-2E91-4FB6-90F5-3A3A281D1B5E} [2011.04.20 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8C39F67C-7BE6-4724-9882-8184FA661881} [2011.04.19 17:01:21 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{A9242E20-77ED-4FAB-9B2F-B2F875559784} [2011.04.19 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{55D1AF0B-03FE-4E96-85BB-9D0C5FDB8262} [2011.04.18 14:30:50 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{B34016DD-8A7C-4FAE-9211-1AAA597F8249} [2011.04.17 10:22:40 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{97E4E3D2-0073-4E19-89EB-FDA32DF3B62D} [2011.04.16 09:22:39 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{C51E5897-08D9-4F5C-9635-3145D24FBBAE} [2011.04.15 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{DD97A9BC-A942-4F48-8898-494E5A862591} [2011.04.14 17:16:46 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{D82BC95B-8430-4559-A296-B5989B43BB9D} [2011.04.13 21:30:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 21:30:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 21:29:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 21:29:58 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 21:29:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 21:29:52 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 17:13:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{4F925A13-2B50-4306-B6E2-45C10D95F5AB} [2011.04.12 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{6442C79A-30A0-40F8-A8D6-92883DD808A5} [2011.04.11 21:46:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{147AB97D-BBF3-4083-AA91-69691C6C8667} [2011.04.11 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F7DEEE5A-811D-4403-9EE9-40480BA248F5} [2011.04.10 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F181078E-0662-44D0-B116-E511F89D028C} [2011.04.09 08:55:43 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{EB1E6DB1-475B-45B8-8E30-0E1C11AD5AEA} [2011.04.07 21:48:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.07 21:48:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.07 21:48:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.07 21:48:19 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.07 21:48:19 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.07 21:48:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.07 21:48:19 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.07 21:48:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.07 21:48:18 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.07 21:48:18 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.07 21:48:18 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.07 21:48:17 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.07 21:48:17 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.07 21:48:17 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.07 21:48:17 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.07 21:48:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.07 21:48:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.07 21:48:17 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.07 21:48:17 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.07 21:48:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.07 21:48:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.07 21:48:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.07 21:48:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.07 21:48:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.07 21:48:16 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.07 21:48:16 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.07 21:48:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.07 21:48:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.07 21:48:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.07 21:48:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.07 21:48:15 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.07 21:48:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.07 21:48:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.07 21:48:15 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.07 21:48:15 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.07 21:48:15 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.07 21:48:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.07 21:48:15 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.07 21:48:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.07 17:19:03 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{AE37ABB7-8E51-4EB5-B7C9-D6BF0462D71B} [2011.04.07 17:18:27 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{1AA7FFF1-CFE5-45FE-B44A-B54784232588} [2011.04.06 17:57:32 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8C3D2F3B-94D1-48AF-AB94-CFA637DB736B} [2011.04.05 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{E1C408E6-86CC-4F43-A999-E93C851AB0FD} [2011.04.04 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{81697491-542F-4C0E-A1A1-B81BCA4FC230} [2011.04.03 09:04:25 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{87E89821-5BFE-4AF1-A1E8-13D9EAC7D055} [2011.04.02 12:43:51 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7FB87039-6520-43C4-B908-ADEF4D2832BC} [2011.04.01 16:58:42 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F76F653E-1196-4CF6-8DC9-D58EDC6C5D4B} [2011.03.31 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{E3F59802-CA46-4507-ACA9-B6AF9529669C} [2011.03.30 17:11:01 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7284C2D3-E83E-4578-B4CA-27EA0343E498} [2009.11.30 19:35:48 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe7119.dll [2007.10.29 16:40:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007.07.26 11:29:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.28 17:05:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.28 17:04:31 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.28 17:01:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.28 17:01:55 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 17:01:55 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 17:01:51 | 000,036,533 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.04.28 17:01:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.27 17:03:30 | 020,142,370 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.27 17:03:30 | 006,595,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.27 17:03:30 | 006,461,834 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.27 17:03:30 | 005,836,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.26 19:43:49 | 000,000,784 | ---- | M] () -- C:\Users\7\Desktop\OTL - Verknüpfung.lnk [2011.04.25 16:58:41 | 000,000,554 | ---- | M] () -- C:\Users\7\Desktop\unhide - Verknüpfung.lnk [2011.04.25 16:34:44 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.25 10:47:35 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.25 09:29:21 | 000,000,392 | ---- | M] () -- C:\ProgramData\34594568 [2011.04.25 09:27:06 | 000,000,120 | ---- | M] () -- C:\ProgramData\~34594568 [2011.04.25 09:27:05 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34594568r [2011.04.25 09:19:29 | 000,036,533 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.04.24 16:57:05 | 000,008,592 | ---- | M] () -- C:\Users\7\AppData\Local\d3d9caps.dat [2011.04.16 20:14:41 | 185,343,855 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.14 17:13:27 | 000,324,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.07 21:48:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.07 21:48:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.07 21:48:20 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.07 21:48:20 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.07 21:48:19 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.07 21:48:19 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.07 21:48:19 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.07 21:48:19 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.07 21:48:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.07 21:48:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.07 21:48:18 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.07 21:48:18 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.07 21:48:18 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.07 21:48:17 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.07 21:48:17 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.07 21:48:17 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.07 21:48:17 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.07 21:48:17 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.07 21:48:17 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.07 21:48:17 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.07 21:48:17 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.07 21:48:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.07 21:48:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.07 21:48:17 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.07 21:48:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.07 21:48:17 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.07 21:48:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.07 21:48:16 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.07 21:48:16 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.07 21:48:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.07 21:48:16 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.07 21:48:16 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.07 21:48:16 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.07 21:48:15 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.07 21:48:15 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.07 21:48:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.07 21:48:15 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.07 21:48:15 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.07 21:48:15 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.07 21:48:15 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.07 21:48:15 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.07 21:48:15 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.26 19:43:49 | 000,000,784 | ---- | C] () -- C:\Users\7\Desktop\OTL - Verknüpfung.lnk [2011.04.25 16:58:41 | 000,000,554 | ---- | C] () -- C:\Users\7\Desktop\unhide - Verknüpfung.lnk [2011.04.25 16:34:44 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.25 16:34:44 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.25 10:47:35 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.25 09:27:05 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34594568r [2011.04.25 09:27:05 | 000,000,120 | ---- | C] () -- C:\ProgramData\~34594568 [2011.04.25 09:26:42 | 000,000,392 | ---- | C] () -- C:\ProgramData\34594568 [2011.04.07 21:48:17 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.07.28 13:49:41 | 000,023,657 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.07.15 15:56:34 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini [2009.12.29 21:23:32 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll [2009.12.03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.26 18:03:16 | 000,036,533 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.26 18:01:11 | 000,036,533 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.08.26 15:40:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.26 15:40:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.10 20:15:11 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.04.30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.01.12 19:14:17 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.16 22:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2008.12.16 22:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll [2008.10.08 10:57:49 | 000,000,464 | ---- | C] () -- C:\Users\7\AppData\Roaming\Patch-Master.exe.ini [2008.10.08 10:57:49 | 000,000,000 | ---- | C] () -- C:\Users\7\AppData\Roaming\Patch-Master.exe.dat [2008.08.14 13:15:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.03 11:49:41 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2008.07.03 11:49:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2008.05.20 07:57:30 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll [2008.02.27 11:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631 [2008.02.15 17:07:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.02.07 21:50:15 | 000,585,791 | ---- | C] () -- C:\Windows\gmer.dll [2008.02.07 21:50:15 | 000,581,632 | ---- | C] () -- C:\Windows\gmer.exe [2008.02.07 21:50:15 | 000,000,250 | ---- | C] () -- C:\Windows\gmer.ini [2008.01.08 17:28:47 | 000,048,640 | ---- | C] () -- C:\Windows\AKDeInstall.exe [2008.01.02 19:25:41 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.01.02 19:25:39 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2007.12.20 14:50:52 | 000,640,957 | ---- | C] () -- C:\Windows\unins000.exe [2007.12.20 14:50:52 | 000,000,789 | ---- | C] () -- C:\Windows\unins000.dat [2007.12.14 12:32:52 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2007.12.14 10:37:32 | 000,008,592 | ---- | C] () -- C:\Users\7\AppData\Local\d3d9caps.dat [2007.12.13 21:56:50 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.12.08 20:53:41 | 000,000,216 | ---- | C] () -- C:\Windows\Ulead32.ini [2007.12.06 14:28:21 | 000,035,840 | ---- | C] () -- C:\Users\7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.05 19:58:32 | 000,000,089 | ---- | C] () -- C:\Users\7\AppData\Local\fusioncache.dat [2007.11.29 15:15:33 | 000,166,995 | ---- | C] () -- C:\Windows\hpoins21.dat [2007.11.29 15:15:33 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat [2007.11.28 13:13:38 | 000,000,819 | ---- | C] () -- C:\Windows\aolback.exe.lnk [2007.11.28 13:11:43 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2007.11.23 10:57:14 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.11.23 10:57:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007.11.20 21:44:18 | 000,001,650 | ---- | C] () -- C:\Users\7\AppData\Roaming\wklnhst.dat [2007.11.19 23:08:06 | 000,000,022 | ---- | C] () -- C:\Windows\msoffice.ini [2007.10.29 16:42:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2007.10.29 16:42:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2007.10.29 16:40:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.07.26 21:28:01 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.07.26 19:31:59 | 000,000,742 | ---- | C] () -- C:\Windows\generic.ini [2007.07.26 19:31:59 | 000,000,128 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.07.26 19:31:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007.07.26 11:29:30 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 17:33:31 | 020,142,370 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 006,461,834 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,324,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 006,595,066 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 005,836,508 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.02.05 21:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll [2005.01.25 16:15:42 | 000,010,240 | R--- | C] () -- C:\Windows\System32\PA207USD.DLL [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2011.04.25 10:19:07 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Bioshock [2007.11.21 10:37:03 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\eSobi [2009.02.09 23:18:31 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\GlarySoft [2011.04.25 10:19:07 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\gtk-2.0 [2010.11.17 22:04:40 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Guitar Pro 6 [2011.04.25 10:19:07 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Gutscheinmieze [2011.02.04 19:18:24 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\ICQ [2008.08.19 13:19:53 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Leadertech [2010.05.11 08:39:28 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Lexware [2011.04.25 10:19:10 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\ProtectDisc [2011.04.25 10:19:10 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Stellarium [2007.12.05 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\T-Online [2008.06.01 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Teleca [2007.11.20 21:44:32 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Template [2009.11.22 12:11:10 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Tobit [2009.02.08 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Tunebite [2007.12.08 21:02:52 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Ulead Systems [2008.12.15 16:14:20 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\uTorrent [2008.12.01 21:38:48 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Windows-Optimierer [2008.04.09 18:02:52 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Xilisoft Corporation [2011.04.27 22:12:54 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Gruß |
|
28.04.2011, 18:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.04.25 09:27:05 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34594568r
[2011.04.25 09:27:05 | 000,000,120 | ---- | C] () -- C:\ProgramData\~34594568
[2011.04.25 09:26:42 | 000,000,392 | ---- | C] () -- C:\ProgramData\34594568
[2011.04.07 17:19:03 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{AE37ABB7-8E51-4EB5-B7C9-D6BF0462D71B}
[2011.04.07 17:18:27 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{1AA7FFF1-CFE5-45FE-B44A-B54784232588}
[2011.04.06 17:57:32 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8C3D2F3B-94D1-48AF-AB94-CFA637DB736B}
[2011.04.05 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{E1C408E6-86CC-4F43-A999-E93C851AB0FD}
[2011.04.04 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{81697491-542F-4C0E-A1A1-B81BCA4FC230}
[2011.04.03 09:04:25 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{87E89821-5BFE-4AF1-A1E8-13D9EAC7D055}
[2011.04.02 12:43:51 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7FB87039-6520-43C4-B908-ADEF4D2832BC}
[2011.04.01 16:58:42 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F76F653E-1196-4CF6-8DC9-D58EDC6C5D4B}
[2011.03.31 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{E3F59802-CA46-4507-ACA9-B6AF9529669C}
[2011.03.30 17:11:01 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7284C2D3-E83E-4578-B4CA-27EA0343E498}
[2011.04.28 17:03:20 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{16EB5C1E-DAC2-4587-826D-69894AC40C3E}
[2011.04.27 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{501E7A4A-E1A5-4A3B-937C-C76EED02733E}
[2011.04.26 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8BB93BEB-4B45-4B02-AE09-B0D37CE4EF35}
[2011.04.26 17:12:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{66DB1119-8650-4A22-99A9-6A74E608241A}
[2011.04.25 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{39C73259-6ADD-456E-9B16-6594E9E662D8}
[2011.04.24 10:06:43 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{6608C630-1C30-47A7-A210-181D369EC1F6}
[2011.04.23 21:59:23 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{FFA6E56B-78E6-42FC-A910-BA317800EA60}
[2011.04.23 19:19:50 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{ED0C1408-14A3-402B-B500-63FBB58786D3}
[2011.04.23 15:44:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7640FEA8-762E-4977-BFBF-155073DA73F3}
[2011.04.22 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{49160889-ABD3-47B5-BFF1-11D96AE74F48}
[2011.04.21 17:09:01 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{5A8DFD98-2E91-4FB6-90F5-3A3A281D1B5E}
[2011.04.20 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8C39F67C-7BE6-4724-9882-8184FA661881}
[2011.04.19 17:01:21 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{A9242E20-77ED-4FAB-9B2F-B2F875559784}
[2011.04.19 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{55D1AF0B-03FE-4E96-85BB-9D0C5FDB8262}
[2011.04.18 14:30:50 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{B34016DD-8A7C-4FAE-9211-1AAA597F8249}
[2011.04.17 10:22:40 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{97E4E3D2-0073-4E19-89EB-FDA32DF3B62D}
[2011.04.16 09:22:39 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{C51E5897-08D9-4F5C-9635-3145D24FBBAE}
[2011.04.15 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{DD97A9BC-A942-4F48-8898-494E5A862591}
[2011.04.14 17:16:46 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{D82BC95B-8430-4559-A296-B5989B43BB9D}
[2011.04.13 17:13:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{4F925A13-2B50-4306-B6E2-45C10D95F5AB}
[2011.04.12 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{6442C79A-30A0-40F8-A8D6-92883DD808A5}
[2011.04.11 21:46:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{147AB97D-BBF3-4083-AA91-69691C6C8667}
[2011.04.11 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F7DEEE5A-811D-4403-9EE9-40480BA248F5}
[2011.04.10 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F181078E-0662-44D0-B116-E511F89D028C}
[2011.04.09 08:55:43 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{EB1E6DB1-475B-45B8-8E30-0E1C11AD5AEA}
O32 - HKLM CDRom: AutoRun - 1
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
[2011.04.25 10:19:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.25 21:38:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.26 17:14:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.25 10:19:08 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\ffxtlbr@Facemoods.com
[2011.04.25 10:19:09 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\gutscheinmieze@synatix-gmbh.de
[2011.04.23 19:32:20 | 000,001,056 | ---- | M] () -- C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\icqplugin.xml
[2010.01.25 20:07:02 | 000,003,915 | ---- | M] () -- C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\sweetim.xml
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.de/"
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Windows Recovery Malware |
|
28.04.2011, 20:55
| #7 |
| | Windows Recovery Malware Hier der OTL Fix Log: All processes killed ========== OTL ========== File C:\ProgramData\~34594568r not found. File C:\ProgramData\~34594568 not found. File C:\ProgramData\34594568 not found. Folder C:\Users\7\AppData\Local\{AE37ABB7-8E51-4EB5-B7C9-D6BF0462D71B}\ not found. Folder C:\Users\7\AppData\Local\{1AA7FFF1-CFE5-45FE-B44A-B54784232588}\ not found. Folder C:\Users\7\AppData\Local\{8C3D2F3B-94D1-48AF-AB94-CFA637DB736B}\ not found. Folder C:\Users\7\AppData\Local\{E1C408E6-86CC-4F43-A999-E93C851AB0FD}\ not found. Folder C:\Users\7\AppData\Local\{81697491-542F-4C0E-A1A1-B81BCA4FC230}\ not found. Folder C:\Users\7\AppData\Local\{87E89821-5BFE-4AF1-A1E8-13D9EAC7D055}\ not found. Folder C:\Users\7\AppData\Local\{7FB87039-6520-43C4-B908-ADEF4D2832BC}\ not found. Folder C:\Users\7\AppData\Local\{F76F653E-1196-4CF6-8DC9-D58EDC6C5D4B}\ not found. Folder C:\Users\7\AppData\Local\{E3F59802-CA46-4507-ACA9-B6AF9529669C}\ not found. Folder C:\Users\7\AppData\Local\{7284C2D3-E83E-4578-B4CA-27EA0343E498}\ not found. Folder C:\Users\7\AppData\Local\{16EB5C1E-DAC2-4587-826D-69894AC40C3E}\ not found. Folder C:\Users\7\AppData\Local\{501E7A4A-E1A5-4A3B-937C-C76EED02733E}\ not found. Folder C:\Users\7\AppData\Local\{8BB93BEB-4B45-4B02-AE09-B0D37CE4EF35}\ not found. Folder C:\Users\7\AppData\Local\{66DB1119-8650-4A22-99A9-6A74E608241A}\ not found. Folder C:\Users\7\AppData\Local\{39C73259-6ADD-456E-9B16-6594E9E662D8}\ not found. Folder C:\Users\7\AppData\Local\{6608C630-1C30-47A7-A210-181D369EC1F6}\ not found. Folder C:\Users\7\AppData\Local\{FFA6E56B-78E6-42FC-A910-BA317800EA60}\ not found. Folder C:\Users\7\AppData\Local\{ED0C1408-14A3-402B-B500-63FBB58786D3}\ not found. Folder C:\Users\7\AppData\Local\{7640FEA8-762E-4977-BFBF-155073DA73F3}\ not found. Folder C:\Users\7\AppData\Local\{49160889-ABD3-47B5-BFF1-11D96AE74F48}\ not found. Folder C:\Users\7\AppData\Local\{5A8DFD98-2E91-4FB6-90F5-3A3A281D1B5E}\ not found. Folder C:\Users\7\AppData\Local\{8C39F67C-7BE6-4724-9882-8184FA661881}\ not found. Folder C:\Users\7\AppData\Local\{A9242E20-77ED-4FAB-9B2F-B2F875559784}\ not found. Folder C:\Users\7\AppData\Local\{55D1AF0B-03FE-4E96-85BB-9D0C5FDB8262}\ not found. Folder C:\Users\7\AppData\Local\{B34016DD-8A7C-4FAE-9211-1AAA597F8249}\ not found. Folder C:\Users\7\AppData\Local\{97E4E3D2-0073-4E19-89EB-FDA32DF3B62D}\ not found. Folder C:\Users\7\AppData\Local\{C51E5897-08D9-4F5C-9635-3145D24FBBAE}\ not found. Folder C:\Users\7\AppData\Local\{DD97A9BC-A942-4F48-8898-494E5A862591}\ not found. Folder C:\Users\7\AppData\Local\{D82BC95B-8430-4559-A296-B5989B43BB9D}\ not found. Folder C:\Users\7\AppData\Local\{4F925A13-2B50-4306-B6E2-45C10D95F5AB}\ not found. Folder C:\Users\7\AppData\Local\{6442C79A-30A0-40F8-A8D6-92883DD808A5}\ not found. Folder C:\Users\7\AppData\Local\{147AB97D-BBF3-4083-AA91-69691C6C8667}\ not found. Folder C:\Users\7\AppData\Local\{F7DEEE5A-811D-4403-9EE9-40480BA248F5}\ not found. Folder C:\Users\7\AppData\Local\{F181078E-0662-44D0-B116-E511F89D028C}\ not found. Folder C:\Users\7\AppData\Local\{EB1E6DB1-475B-45B8-8E30-0E1C11AD5AEA}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found. File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found. File C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File C:\Programme\softonic-de3\tbsoft.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found. File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found. File C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ not found. File C:\Windows\System32\eDStoolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File de3\tbsoft.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found. File C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found. File C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found. File C:\Windows\System32\eDStoolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found. File de3\tbsoft.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found. File C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Folder C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found. Folder C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found. Folder C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\ not found. Folder C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\ffxtlbr@Facemoods.com\ not found. Folder C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\gutscheinmieze@synatix-gmbh.de\ not found. File C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\icqplugin.xml not found. File C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\sweetim.xml not found. Prefs.js: "foxsearch" removed from browser.search.defaultenginename Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl Prefs.js: "foxsearch" removed from browser.search.order.1 Prefs.js: "foxsearch" removed from browser.search.selectedEngine Prefs.js: "hxxp://www.yahoo.de/" removed from browser.startup.homepage HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File C:\Programme\softonic-de3\tbsoft.dll not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SEARCH PAGE| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. File C:\Programme\softonic-de3\tbsoft.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found. File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: 7 ->Temp folder emptied: 87146 bytes ->Temporary Internet Files folder emptied: 33287 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 7246161 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 100167278 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 103,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04282011_215015 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
28.04.2011, 21:02
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2011, 21:19
| #9 |
| | Windows Recovery Malware Hier das Kaspersky Log: 2011/04/28 22:15:33.0440 6068 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/28 22:15:34.0080 6068 ================================================================================ 2011/04/28 22:15:34.0080 6068 SystemInfo: 2011/04/28 22:15:34.0080 6068 2011/04/28 22:15:34.0080 6068 OS Version: 6.0.6002 ServicePack: 2.0 2011/04/28 22:15:34.0080 6068 Product type: Workstation 2011/04/28 22:15:34.0080 6068 ComputerName: KIMI 2011/04/28 22:15:34.0080 6068 UserName: 7 2011/04/28 22:15:34.0080 6068 Windows directory: C:\Windows 2011/04/28 22:15:34.0080 6068 System windows directory: C:\Windows 2011/04/28 22:15:34.0080 6068 Processor architecture: Intel x86 2011/04/28 22:15:34.0080 6068 Number of processors: 2 2011/04/28 22:15:34.0080 6068 Page size: 0x1000 2011/04/28 22:15:34.0080 6068 Boot type: Normal boot 2011/04/28 22:15:34.0080 6068 ================================================================================ 2011/04/28 22:15:35.0156 6068 Initialize success 2011/04/28 22:16:26.0106 4532 ================================================================================ 2011/04/28 22:16:26.0106 4532 Scan started 2011/04/28 22:16:26.0106 4532 Mode: Manual; 2011/04/28 22:16:26.0106 4532 ================================================================================ 2011/04/28 22:16:26.0761 4532 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\ACEDRV07.sys 2011/04/28 22:16:26.0808 4532 acedrv11 (27f954120babb8a00f8745d8f5bc9b82) C:\Windows\system32\drivers\acedrv11.sys 2011/04/28 22:16:26.0948 4532 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/04/28 22:16:27.0198 4532 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/04/28 22:16:27.0323 4532 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/04/28 22:16:27.0354 4532 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/04/28 22:16:27.0432 4532 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/04/28 22:16:27.0619 4532 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/04/28 22:16:27.0681 4532 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/04/28 22:16:27.0822 4532 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/28 22:16:27.0884 4532 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/04/28 22:16:28.0009 4532 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/04/28 22:16:28.0181 4532 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/04/28 22:16:28.0337 4532 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/04/28 22:16:28.0477 4532 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/04/28 22:16:28.0664 4532 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/04/28 22:16:28.0727 4532 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/04/28 22:16:28.0898 4532 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/28 22:16:28.0961 4532 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/04/28 22:16:29.0070 4532 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys 2011/04/28 22:16:29.0179 4532 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/04/28 22:16:29.0288 4532 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/28 22:16:29.0335 4532 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/28 22:16:29.0460 4532 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/28 22:16:29.0553 4532 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/28 22:16:29.0663 4532 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/28 22:16:29.0694 4532 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/28 22:16:29.0741 4532 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/28 22:16:29.0865 4532 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/28 22:16:29.0897 4532 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/28 22:16:29.0928 4532 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/28 22:16:30.0037 4532 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/28 22:16:30.0099 4532 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/28 22:16:30.0209 4532 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/28 22:16:30.0271 4532 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/04/28 22:16:30.0318 4532 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/04/28 22:16:30.0458 4532 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/04/28 22:16:30.0489 4532 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 2011/04/28 22:16:30.0536 4532 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/04/28 22:16:30.0583 4532 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/04/28 22:16:30.0739 4532 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/04/28 22:16:30.0801 4532 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/04/28 22:16:30.0926 4532 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2011/04/28 22:16:31.0051 4532 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2011/04/28 22:16:31.0113 4532 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/04/28 22:16:31.0238 4532 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/28 22:16:31.0332 4532 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/28 22:16:31.0457 4532 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/28 22:16:31.0597 4532 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/04/28 22:16:31.0691 4532 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/04/28 22:16:31.0862 4532 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/04/28 22:16:31.0925 4532 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/04/28 22:16:32.0034 4532 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/28 22:16:32.0096 4532 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/28 22:16:32.0221 4532 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/28 22:16:32.0252 4532 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/28 22:16:32.0299 4532 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/04/28 22:16:32.0439 4532 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/28 22:16:32.0502 4532 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/28 22:16:32.0611 4532 gmer (35b24c17f8aea65cabc4a4e63e88ac45) C:\Windows\system32\DRIVERS\gmer.sys 2011/04/28 22:16:32.0689 4532 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/28 22:16:32.0814 4532 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/28 22:16:32.0861 4532 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/28 22:16:32.0970 4532 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/28 22:16:33.0032 4532 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/28 22:16:33.0141 4532 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/04/28 22:16:33.0219 4532 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/04/28 22:16:33.0329 4532 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/04/28 22:16:33.0391 4532 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/28 22:16:33.0500 4532 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\Windows\system32\drivers\iastor.sys 2011/04/28 22:16:33.0547 4532 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/04/28 22:16:33.0703 4532 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/28 22:16:33.0843 4532 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys 2011/04/28 22:16:34.0124 4532 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/28 22:16:34.0249 4532 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/28 22:16:34.0296 4532 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/28 22:16:34.0343 4532 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/28 22:16:34.0483 4532 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/28 22:16:34.0545 4532 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/28 22:16:34.0639 4532 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/28 22:16:34.0701 4532 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/04/28 22:16:34.0748 4532 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/28 22:16:34.0842 4532 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/28 22:16:34.0904 4532 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/28 22:16:34.0951 4532 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/28 22:16:35.0060 4532 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/28 22:16:35.0123 4532 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys 2011/04/28 22:16:35.0169 4532 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/28 22:16:35.0325 4532 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/04/28 22:16:35.0372 4532 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/28 22:16:35.0450 4532 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/28 22:16:35.0528 4532 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/28 22:16:35.0575 4532 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/28 22:16:35.0622 4532 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/28 22:16:35.0731 4532 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\Windows\system32\Drivers\LVPr2Mon.sys 2011/04/28 22:16:35.0793 4532 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys 2011/04/28 22:16:35.0918 4532 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys 2011/04/28 22:16:36.0121 4532 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys 2011/04/28 22:16:36.0386 4532 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/04/28 22:16:36.0449 4532 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/28 22:16:36.0573 4532 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys 2011/04/28 22:16:36.0620 4532 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/28 22:16:36.0651 4532 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/28 22:16:36.0745 4532 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/28 22:16:36.0792 4532 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/28 22:16:36.0854 4532 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/04/28 22:16:36.0948 4532 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/28 22:16:37.0010 4532 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/28 22:16:37.0088 4532 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/28 22:16:37.0197 4532 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/28 22:16:37.0260 4532 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/28 22:16:37.0307 4532 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/28 22:16:37.0416 4532 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/04/28 22:16:37.0431 4532 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/04/28 22:16:37.0525 4532 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/28 22:16:37.0634 4532 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/28 22:16:37.0697 4532 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/28 22:16:37.0790 4532 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/28 22:16:37.0837 4532 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/28 22:16:37.0884 4532 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/04/28 22:16:38.0009 4532 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/28 22:16:38.0055 4532 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/28 22:16:38.0165 4532 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/04/28 22:16:38.0258 4532 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/28 22:16:38.0383 4532 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/04/28 22:16:38.0461 4532 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/28 22:16:38.0539 4532 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/28 22:16:38.0601 4532 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/28 22:16:38.0648 4532 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/28 22:16:38.0773 4532 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/28 22:16:38.0851 4532 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/28 22:16:38.0976 4532 netr73 (91d44aa2a61006136da32118a179bf12) C:\Windows\system32\DRIVERS\netr73.sys 2011/04/28 22:16:39.0054 4532 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/28 22:16:39.0179 4532 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/04/28 22:16:39.0241 4532 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/28 22:16:39.0350 4532 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/04/28 22:16:39.0459 4532 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 2011/04/28 22:16:39.0506 4532 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/28 22:16:39.0615 4532 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/28 22:16:39.0927 4532 nvlddmkm (01544d3e8b6c8c490f57317ad5e4e9ff) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/28 22:16:40.0271 4532 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/04/28 22:16:40.0317 4532 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/04/28 22:16:40.0427 4532 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/04/28 22:16:40.0536 4532 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/28 22:16:40.0676 4532 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 2011/04/28 22:16:40.0723 4532 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/04/28 22:16:40.0754 4532 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 2011/04/28 22:16:40.0863 4532 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/04/28 22:16:40.0926 4532 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2011/04/28 22:16:41.0051 4532 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/28 22:16:41.0129 4532 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/28 22:16:41.0347 4532 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/28 22:16:41.0409 4532 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/04/28 22:16:41.0565 4532 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/28 22:16:41.0612 4532 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys 2011/04/28 22:16:41.0643 4532 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys 2011/04/28 22:16:41.0753 4532 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys 2011/04/28 22:16:41.0799 4532 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 2011/04/28 22:16:41.0862 4532 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/04/28 22:16:41.0987 4532 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/28 22:16:42.0049 4532 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/28 22:16:42.0080 4532 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/28 22:16:42.0205 4532 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/28 22:16:42.0267 4532 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/28 22:16:42.0330 4532 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/28 22:16:42.0423 4532 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/28 22:16:42.0470 4532 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/28 22:16:42.0595 4532 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/04/28 22:16:42.0642 4532 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/28 22:16:42.0782 4532 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/04/28 22:16:42.0876 4532 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 2011/04/28 22:16:42.0985 4532 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/28 22:16:43.0032 4532 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\Windows\system32\DRIVERS\rt73.sys 2011/04/28 22:16:43.0094 4532 RTL8169 (13e97cf38286b8a1d7605d3175db28ee) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/04/28 22:16:43.0203 4532 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys 2011/04/28 22:16:43.0235 4532 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\Windows\system32\DRIVERS\s116mdfl.sys 2011/04/28 22:16:43.0281 4532 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\Windows\system32\DRIVERS\s116mdm.sys 2011/04/28 22:16:43.0391 4532 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\Windows\system32\DRIVERS\s116mgmt.sys 2011/04/28 22:16:43.0437 4532 s116nd5 (306f85733671fe507470f0273025e768) C:\Windows\system32\DRIVERS\s116nd5.sys 2011/04/28 22:16:43.0484 4532 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\Windows\system32\DRIVERS\s116obex.sys 2011/04/28 22:16:43.0515 4532 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\Windows\system32\DRIVERS\s116unic.sys 2011/04/28 22:16:43.0640 4532 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/28 22:16:43.0703 4532 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/28 22:16:43.0827 4532 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys 2011/04/28 22:16:43.0874 4532 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/28 22:16:43.0937 4532 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 2011/04/28 22:16:44.0030 4532 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/28 22:16:44.0108 4532 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/04/28 22:16:44.0139 4532 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/28 22:16:44.0233 4532 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/28 22:16:44.0249 4532 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/28 22:16:44.0295 4532 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/04/28 22:16:44.0342 4532 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/04/28 22:16:44.0373 4532 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/04/28 22:16:44.0529 4532 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/04/28 22:16:44.0607 4532 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys 2011/04/28 22:16:44.0748 4532 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/28 22:16:44.0810 4532 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/04/28 22:16:44.0919 4532 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/28 22:16:44.0951 4532 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/28 22:16:44.0997 4532 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/28 22:16:45.0060 4532 ssm_bus (df5c19f053eff7f8ba25d73aea899656) C:\Windows\system32\DRIVERS\ssm_bus.sys 2011/04/28 22:16:45.0153 4532 ssm_mdfl (5347169fa449eabc4d0728ae39fab926) C:\Windows\system32\DRIVERS\ssm_mdfl.sys 2011/04/28 22:16:45.0216 4532 ssm_mdm (7aae23dd105eed15c4f45fc269fa42a9) C:\Windows\system32\DRIVERS\ssm_mdm.sys 2011/04/28 22:16:45.0341 4532 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/28 22:16:45.0403 4532 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/28 22:16:45.0481 4532 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/28 22:16:45.0512 4532 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/28 22:16:45.0575 4532 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\Windows\system32\drivers\tbhsd.sys 2011/04/28 22:16:45.0684 4532 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/04/28 22:16:45.0762 4532 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/28 22:16:45.0840 4532 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/28 22:16:45.0887 4532 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/28 22:16:45.0980 4532 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/28 22:16:46.0089 4532 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/28 22:16:46.0152 4532 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/28 22:16:46.0261 4532 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/28 22:16:46.0355 4532 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/28 22:16:46.0417 4532 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/28 22:16:46.0464 4532 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/04/28 22:16:46.0542 4532 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/28 22:16:46.0620 4532 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/28 22:16:46.0682 4532 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/04/28 22:16:46.0745 4532 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/28 22:16:46.0791 4532 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/28 22:16:46.0854 4532 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/28 22:16:46.0947 4532 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/04/28 22:16:47.0057 4532 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/28 22:16:47.0119 4532 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/28 22:16:47.0213 4532 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/28 22:16:47.0259 4532 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/28 22:16:47.0306 4532 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/28 22:16:47.0369 4532 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/28 22:16:47.0462 4532 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/28 22:16:47.0556 4532 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/28 22:16:47.0649 4532 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/28 22:16:47.0727 4532 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/28 22:16:47.0790 4532 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/28 22:16:47.0868 4532 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/04/28 22:16:47.0930 4532 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/04/28 22:16:47.0961 4532 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/04/28 22:16:48.0024 4532 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/28 22:16:48.0133 4532 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/04/28 22:16:48.0211 4532 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/04/28 22:16:48.0273 4532 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/04/28 22:16:48.0383 4532 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/28 22:16:48.0445 4532 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/28 22:16:48.0476 4532 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/28 22:16:48.0585 4532 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys 2011/04/28 22:16:48.0648 4532 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/04/28 22:16:48.0726 4532 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/28 22:16:48.0944 4532 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2011/04/28 22:16:49.0038 4532 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/28 22:16:49.0100 4532 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/28 22:16:49.0241 4532 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/28 22:16:49.0287 4532 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys 2011/04/28 22:16:49.0381 4532 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl 2011/04/28 22:16:49.0568 4532 ================================================================================ 2011/04/28 22:16:49.0568 4532 Scan finished 2011/04/28 22:16:49.0568 4532 ================================================================================ Gruß Geändert von Spirit_1 (28.04.2011 um 21:26 Uhr) |
|
29.04.2011, 09:43
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2011, 18:30
| #11 |
| | Windows Recovery Malware So, hab nun schon vier mal probiert ComboFix laufen zu lassen, allerdings stürzt der PC jedesmal kurz vor ende des Scans mit einem BlueScreen ab. Der Virenscanner ist Deaktiviert und andere Hintergrundwächter sind nicht Installiert, auch Maus und Tastatur wurden während des Scans nicht benutzt. Werde es weiter probieren! Gruß |
|
29.04.2011, 20:51
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware Starte Windows neu, lösch die alte cofi.exe, lade CF neu als cofi.exe runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.04.2011, 08:36
| #13 |
| | Windows Recovery Malware Klappt auch so nicht, es kommt erneut kurz vor ende des Scans(Stufe 32) zu einem BlueScreen. Es ist wirklich zum haare raufen. |
|
01.05.2011, 12:15
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Malware Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2011, 13:01
| #15 | |
| | Windows Recovery MalwareZitat:
Sorry, aber wo kann ich Qoobox finden? hab alles durchsucht, kann den Ordner aber nicht finden. Gruß Edit:So hat jetzt alles prima geklappt, Datei wurde Erfolgreich Hochgeladen! Geändert von Spirit_1 (01.05.2011 um 13:22 Uhr) |
|
| Themen zu Windows Recovery Malware |
| anti-malware, appdata, dateien, desktop, entfernt, explorer, heute, infizierte, install, malwar, malware, malwarebytes, microsoft, recovery, richtig, roaming, scan, service, software, start, start menu, temp, trojan.fakealert, trojaner, version, windows, wirklich |
Linear-Darstellung
