| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.05.2011, 10:07
| #1 |
| |  Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Hallo! Dieses Problem ist scheinbar nicht neu, dennoch komme ich trotz diverser Foren nicht weiter... Sporadisch leitet mich Google auf diverse Werbeseiten um. Insbesondere ASK und "Super Schnäppchen" sind googles bevorzugte Wahl. Das ist mehr als nervig. Firefox Deinstallaton und Neuinstallation brachte nix. HighjackThis fand keine Auffälligkeiten bzw. die Bereinigung brachte nix. TDSSKiller: Keine Auffälligkeiten... OTL Report: Code:
ATTFilter OTL Logfile: Geändert von 033261 (22.05.2011 um 10:25 Uhr) |
|
22.05.2011, 10:31
| #2 |
| /// TB-Ausbilder   | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich bereite jetzt einen Fix vor und melde mich so bald als möglich mit weiteren Anweisungen. |
|
22.05.2011, 10:48
| #3 | |
| /// TB-Ausbilder | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Hallo 033261,
__________________Schritt # 1: Registry Cleaner Ich sehe, dass Du sogenannte Registry Cleaner am System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Schritt # 2: Kontrolle mit VirusTotal Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Schritt # 3: aswMBR.exe ausführen Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt # 4: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
22.05.2011, 11:03
| #4 |
| | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Danke für die Hilfe! Hier der Link zu Schritt 1: hxxp://www.virustotal.com/file-scan/report.html?id=03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae-1306058345 und das Logfile zu Schritt 2: [code] aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software Run date: 2011-05-22 12:04:15 ----------------------------- 12:04:15.239 OS Version: Windows x64 6.1.7601 Service Pack 1 12:04:15.239 Number of processors: 2 586 0x170A 12:04:15.239 ComputerName: RITCHIESNB UserName: ritchies 12:04:15.926 Initialize success 12:04:25.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 12:04:25.520 Disk 0 Vendor: ST925031 0001 Size: 238475MB BusType: 3 12:04:25.520 Disk 0 MBR read error 0 12:04:25.535 Disk 0 MBR scan 12:04:25.535 Disk 0 unknown MBR code 12:04:25.535 MBR BIOS signature not found 0 12:04:25.535 Service scanning 12:04:26.830 Disk 0 trace - called modules: 12:04:26.892 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spse.sys hal.dll 12:04:26.892 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032ff790] 12:04:26.908 3 CLASSPNP.SYS[fffff88001cd443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8002e0b050] 12:04:26.908 Scan finished successfully 12:04:47.718 Disk 0 MBR has been saved successfully to "C:\Users\ritchies\Desktop\MBR.dat" 12:04:47.718 The log file has been saved successfully to "C:\Users\ritchies\Desktop\aswMBR.txt" [\code] |
|
22.05.2011, 12:13
| #5 |
| /// TB-Ausbilder | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Hallo 033261, ich bekomme noch eine Rückmeldung bezüglich CCleaner. Vielen Dank.  Schritt # 1: Fix mit OTL
Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [acxNetdrm] %LOCALAPPDATA%\advMainserv\acxNetdrm.dll ()
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
:files
%LOCALAPPDATA%\advMainserv
:Commands
[emptytemp]
Schritt # 2: ComboFix ausführen Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. Schritt # 3: Systemscan mit OTL
Schritt # 4: Scan mit MBRCheck Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
Schritt # 5: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
22.05.2011, 22:20
| #6 |
| | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Hallo! Ich habe zwar keine Ahnung, was ich hier tue... aber was solls...  1. Verstande! CCCleaner verbannt 2. Logfile OTL-Fix: [CODE] All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\acxNetdrm deleted successfully. C:\Users\ritchies\AppData\Local\advMainserv\acxNetdrm.dll moved successfully. ADS C:\ProgramData\Temp:AB689DEA deleted successfully. ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully. ADS C:\ProgramData\Temp:93DE1838 deleted successfully. ADS C:\ProgramData\Temp:0B9176C0 deleted successfully. ========== FILES ========== C:\Users\ritchies\AppData\Local\advMainserv folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: ritchies ->Temp folder emptied: 27736469 bytes ->Temporary Internet Files folder emptied: 57510328 bytes ->Java cache emptied: 12184350 bytes ->FireFox cache emptied: 296065073 bytes ->Flash cache emptied: 6152 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 118206 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 375,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05222011_221000 Files\Folders moved on Reboot... C:\Users\ritchies\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\klsA5C5.tmp not found! Registry entries deleted on Reboot... [All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\acxNetdrm deleted successfully. C:\Users\ritchies\AppData\Local\advMainserv\acxNetdrm.dll moved successfully. ADS C:\ProgramData\Temp:AB689DEA deleted successfully. ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully. ADS C:\ProgramData\Temp:93DE1838 deleted successfully. ADS C:\ProgramData\Temp:0B9176C0 deleted successfully. ========== FILES ========== C:\Users\ritchies\AppData\Local\advMainserv folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: ritchies ->Temp folder emptied: 27736469 bytes ->Temporary Internet Files folder emptied: 57510328 bytes ->Java cache emptied: 12184350 bytes ->FireFox cache emptied: 296065073 bytes ->Flash cache emptied: 6152 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 118206 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 375,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05222011_221000 Files\Folders moved on Reboot... C:\Users\ritchies\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\klsA5C5.tmp not found! Registry entries deleted on Reboot...[\code] 3. LogFile Combifix [code] Combofix Logfile: Code:
ATTFilter ComboFix 11-05-21.03 - ritchies 22.05.2011 22:21:04.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1979.807 [GMT 2:00]
ausgeführt von:: c:\users\ritchies\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ritchies\AppData\Roaming\.#
c:\windows\SysWow64\Drivers\bepyqh.sys
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-22 bis 2011-05-22 ))))))))))))))))))))))))))))))
.
.
2011-05-22 20:36 . 2011-05-22 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-22 20:10 . 2011-05-22 20:10 -------- d-----w- C:\_OTL
2011-05-21 20:56 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E7266E0-0C78-4D02-AB91-52BEFAC46CCD}\mpengine.dll
2011-05-19 20:10 . 2011-05-21 20:52 210944 ----a-w- c:\windows\system32\rdpclip.exe
2011-05-17 20:27 . 2011-05-17 20:27 -------- d-----w- c:\users\ritchies\AppData\Local\RapidSolution
2011-05-15 16:58 . 2011-05-15 16:58 0 ----a-w- C:\backup.reg
2011-05-13 05:47 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-13 05:47 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-12 19:43 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-12 19:43 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-12 19:43 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-12 19:43 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-12 19:43 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-12 19:43 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-12 19:43 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-12 19:43 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-12 19:43 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-04 18:09 . 2011-05-05 15:44 -------- d-----w- c:\users\ritchies\AppData\Roaming\Download Manager
2011-05-02 19:11 . 2011-05-02 19:11 -------- d-----w- c:\users\ritchies\AppData\Roaming\Malwarebytes
2011-05-02 19:11 . 2011-05-02 19:11 -------- d-----w- c:\programdata\Malwarebytes
2011-05-02 19:11 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 20:26 . 2011-05-01 20:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-28 19:13 . 2011-04-28 19:13 -------- d-----w- c:\users\ritchies\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-14 14:09 . 2010-02-28 12:59 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2011-03-11 06:34 . 2011-04-14 17:51 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-14 17:51 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-14 17:51 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 17:51 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:29 . 2011-04-14 17:50 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-14 17:50 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-07 06:31 . 2011-04-14 17:51 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 05:33 . 2011-04-14 17:51 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-07 04:24 . 2011-04-14 17:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-07 03:52 . 2011-04-14 17:51 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-04 06:19 . 2011-04-30 06:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-30 06:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-14 17:51 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-14 17:51 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-14 17:51 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-14 17:50 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-02-28 17:11 . 2011-02-28 17:11 69632 ----a-w- c:\windows\SysWow64\PXTTool80VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 4648960 ----a-w- c:\windows\SysWow64\LxXtreme70VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 27648 ----a-w- c:\windows\SysWow64\LXTPSW20VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 135168 ----a-w- c:\windows\SysWow64\LxMail30VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 1335296 ----a-w- c:\windows\SysWow64\LXTool91VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11 110592 ----a-w- c:\windows\SysWow64\LxUISettings20Native.dll
2011-02-28 17:11 . 2011-02-28 17:11 196608 ----a-w- c:\windows\SysWow64\LxBasics91VC8.dll
2011-02-24 17:27 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-24 17:27 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-24 17:08 . 2011-02-24 17:08 680960 ----a-w- c:\windows\system32\termsrv.dll
2011-02-24 06:15 . 2011-04-14 18:26 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:38 . 2011-04-14 18:26 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56 . 2011-04-14 17:50 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-14 17:50 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-14 17:50 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-14 17:50 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-14 17:50 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-14 17:50 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-14 17:50 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
.
.
------- Sigcheck -------
.
[-] 2011-02-24 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[-] 2011-02-24 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2010-12-21 16:31 3055040 ----a-w- d:\ausweisapp\siqeCardClient.ols
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"QuickTime Task"="d:\quicktime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-02 365336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~2\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 vaszok;vaszok;c:\windows\system32\drivers\bepyqh.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BthAudioHF;BthAudioHF-Dienst;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 DRHARD;DRHARD;c:\windows\system32\DRIVERS\DRHARD.SYS [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 SCL01164;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01164.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 11:54]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 11:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-01-10 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandenes PDF anfügen - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {108A12B5-B45C-4414-9BAF-A29C756F5E46} = 192.168.178.1
FF - ProfilePath - c:\users\ritchies\AppData\Roaming\Mozilla\Firefox\Profiles\f7zrzodg.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-22 22:58:31
ComboFix-quarantined-files.txt 2011-05-22 20:58
.
Vor Suchlauf: 8.340.463.616 Bytes frei
Nach Suchlauf: 8.700.223.488 Bytes frei
.
- - End Of File - - 8A70C592A0D9C5431B246E66ACA7A5FC
4. Logfile OTL (Extras.txt wurde nicht gespeichert?!? daher ohne) OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.05.2011 23:00:11 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ritchies\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 40,34 Gb Total Space | 8,17 Gb Free Space | 20,25% Space Free | Partition Type: NTFS Drive D: | 81,25 Gb Total Space | 64,10 Gb Free Space | 78,89% Space Free | Partition Type: NTFS Drive E: | 99,19 Gb Total Space | 65,08 Gb Free Space | 65,61% Space Free | Partition Type: NTFS Drive X: | 915,91 Gb Total Space | 794,16 Gb Free Space | 86,71% Space Free | Partition Type: NTFS Computer Name: RITCHIESNB | User Name: ritchies | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\ritchies\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - D:\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\ritchies\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (HFGService) -- C:\Windows\SysNative\HFGService.dll (CSR, plc) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (Norton Ghost) -- D:\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (StarWindServiceAE) -- d:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (SCL01164) -- C:\Windows\SysNative\drivers\SCL01164.sys (SCM Microsystems Inc.) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (BthAudioHF) -- C:\Windows\SysNative\drivers\BthAudioHF.sys (CSR, plc) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (AF05BDA) -- C:\Windows\SysNative\drivers\AF05BDA.sys (AfaTech ) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (symsnap) -- C:\Windows\SysNative\drivers\symsnap.sys (StorageCraft) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.) DRV:64bit: - (VProEventMonitor) -- C:\Windows\SysNative\drivers\vproeventmonitor.sys (Symantec Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (v2imount) -- C:\Windows\SysNative\drivers\v2imount.sys (Symantec Corporation) DRV:64bit: - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\SysNative\drivers\AF15BDA.sys (AfaTech ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.07 22:09:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: D:\AusweisApp\mozilla\AusweisApp_FF3x_Win [2011.01.03 20:05:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.03 21:23:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.18 18:36:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.07 22:09:50 | 000,000,000 | ---D | M] [2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Extensions [2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Extensions\{a23983c0-fd0e-11dc-95ff-0800200c9a66} [2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Fennec\Profiles\8vrehq32.default\extensions [2011.04.23 15:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Firefox\Profiles\f7zrzodg.default\extensions [2011.04.23 15:48:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\ritchies\AppData\Roaming\mozilla\Firefox\Profiles\f7zrzodg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.05.03 21:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.15 14:58:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.24 18:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.22 22:51:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.02.27 22:33:26 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2011.05.03 21:23:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.05.03 21:23:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.03 21:23:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.05.03 21:23:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.03 21:23:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.03 21:23:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.03 21:23:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.22 22:36:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - D:\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - Reg Error: Key error. - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.22 23:01:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.22 22:58:53 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.05.22 22:19:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.05.22 22:19:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.05.22 22:19:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.05.22 22:19:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.05.22 22:19:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.05.22 22:18:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.05.22 22:10:00 | 000,000,000 | ---D | C] -- C:\_OTL [2011.05.22 12:03:29 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\ritchies\Desktop\aswMBR.exe [2011.05.22 10:44:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\ritchies\Desktop\OTL.exe [2011.05.19 22:10:52 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe [2011.05.17 22:27:43 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Local\RapidSolution [2011.05.16 20:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011 [2011.05.16 20:48:50 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011.05.13 07:47:05 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2011.05.13 07:47:05 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2011.05.12 21:43:41 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.05.12 21:43:40 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.05.12 21:43:40 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.05.12 21:43:39 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2011.05.12 21:43:38 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2011.05.04 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\Download Manager [2011.05.02 21:11:25 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\Malwarebytes [2011.05.02 21:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.02 21:11:06 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.01 22:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.30 08:13:38 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011.04.30 08:13:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011.04.30 08:13:36 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011.04.30 08:13:36 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011.04.30 08:13:36 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011.04.30 08:13:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011.04.30 08:13:36 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011.04.30 08:13:30 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.04.30 08:13:29 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.04.30 08:13:28 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.04.30 08:13:28 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011.04.30 08:13:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2011.04.30 08:13:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2011.04.28 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\dvdcss [2009.10.23 08:50:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2011.05.22 23:02:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.22 22:36:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.05.22 22:21:16 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.22 22:21:16 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.22 22:13:51 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.22 22:13:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.22 22:13:38 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys [2011.05.22 22:08:18 | 004,352,705 | R--- | M] () -- C:\Users\ritchies\Desktop\ComboFix.exe [2011.05.22 12:04:47 | 000,000,512 | ---- | M] () -- C:\Users\ritchies\Desktop\MBR.dat [2011.05.22 12:03:32 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\ritchies\Desktop\aswMBR.exe [2011.05.22 10:44:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ritchies\Desktop\OTL.exe [2011.05.21 23:56:08 | 000,002,014 | -H-- | M] () -- E:\Dokumente\Default.rdp [2011.05.21 22:52:07 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe [2011.05.16 22:12:18 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2011.05.16 21:40:52 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2011.05.16 21:40:51 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2011.05.16 20:47:03 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.16 20:47:03 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.16 20:47:03 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.16 20:47:03 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.16 20:47:03 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.15 19:27:11 | 000,151,080 | ---- | M] () -- E:\Dokumente\cc_20110515_192702.reg [2011.05.15 18:58:41 | 000,000,000 | ---- | M] () -- C:\backup.reg [2011.05.14 16:09:04 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2011.04.28 21:15:23 | 000,000,142 | ---- | M] () -- C:\Users\ritchies\AppData\Roaming\default.rss [2011.04.28 21:15:07 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.04.26 19:33:48 | 000,026,702 | ---- | M] () -- C:\Users\ritchies\Desktop\Ikea_Einkaufsliste.pdf ========== Files Created - No Company Name ========== [2011.05.22 22:19:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.22 22:19:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.22 22:19:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.22 22:19:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.22 22:19:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.22 22:07:46 | 004,352,705 | R--- | C] () -- C:\Users\ritchies\Desktop\ComboFix.exe [2011.05.22 12:04:47 | 000,000,512 | ---- | C] () -- C:\Users\ritchies\Desktop\MBR.dat [2011.05.16 22:12:18 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2011.05.15 19:27:06 | 000,151,080 | ---- | C] () -- E:\Dokumente\cc_20110515_192702.reg [2011.05.15 18:58:41 | 000,000,000 | ---- | C] () -- C:\backup.reg [2011.05.03 21:20:43 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.26 19:33:48 | 000,026,702 | ---- | C] () -- C:\Users\ritchies\Desktop\Ikea_Einkaufsliste.pdf [2011.03.05 20:16:55 | 000,000,572 | ---- | C] () -- C:\Windows\wiso.ini [2010.12.10 18:53:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2010.07.25 18:06:48 | 000,007,601 | ---- | C] () -- C:\Users\ritchies\AppData\Local\Resmon.ResmonCfg [2010.06.11 20:20:01 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll [2010.05.21 18:59:25 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.05.21 18:59:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.05.10 22:04:29 | 000,005,632 | ---- | C] () -- C:\Users\ritchies\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.22 17:48:26 | 000,000,139 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI [2010.03.06 23:11:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.03.06 23:10:21 | 000,000,142 | ---- | C] () -- C:\Users\ritchies\AppData\Roaming\default.rss [2010.03.06 23:10:21 | 000,000,000 | ---- | C] () -- C:\Users\ritchies\AppData\Roaming\downloads.m3u [2010.02.28 14:59:20 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.02.28 14:59:20 | 000,000,008 | RHS- | C] () -- C:\ProgramData\BD6B8941C5.sys [2010.02.28 13:33:42 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.02.27 21:31:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.10.23 09:23:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.10.23 09:23:48 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.10.23 09:23:48 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.10.23 09:23:47 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.24 12:41:58 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll [2008.10.24 12:41:58 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll [2008.01.10 10:44:01 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008.01.10 10:44:01 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2008.01.10 10:44:01 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2007.10.05 20:29:00 | 000,003,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\EC168Hid.dat [2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll < End of report > Last not leas Logfile MBR: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: INSYDE
System Manufacturer: Acer
System Product Name: Aspire 1810TZ
Logical Drives Mask: 0x0080001c
Kernel Drivers (total 191):
0x0300B000 \SystemRoot\system32\ntoskrnl.exe
0x035F4000 \SystemRoot\system32\hal.dll
0x00BA1000 \SystemRoot\system32\kdcom.dll
0x00C96000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CE5000 \SystemRoot\system32\PSHED.dll
0x00CF9000 \SystemRoot\system32\CLFS.SYS
0x00E98000 \SystemRoot\system32\CI.dll
0x00F58000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00E00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01028000 \SystemRoot\System32\Drivers\spde.sys
0x0115C000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01165000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01194000 \SystemRoot\system32\drivers\ACPI.sys
0x011EB000 \SystemRoot\system32\drivers\msisadrv.sys
0x01000000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E0F000 \SystemRoot\system32\drivers\pci.sys
0x0100D000 \SystemRoot\System32\drivers\partmgr.sys
0x011F5000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E42000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E4E000 \SystemRoot\system32\drivers\volmgr.sys
0x00D57000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E63000 \SystemRoot\System32\drivers\mountmgr.sys
0x012E0000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01200000 \SystemRoot\system32\drivers\atapi.sys
0x01209000 \SystemRoot\system32\drivers\ataport.SYS
0x01233000 \SystemRoot\system32\drivers\amdxata.sys
0x0123E000 \SystemRoot\system32\drivers\fltmgr.sys
0x0128A000 \SystemRoot\system32\drivers\fileinfo.sys
0x0129E000 \SystemRoot\system32\DRIVERS\symsnap.sys
0x01410000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00C00000 \SystemRoot\System32\Drivers\msrpc.sys
0x015B3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01640000 \SystemRoot\System32\Drivers\cng.sys
0x016B2000 \SystemRoot\System32\drivers\pcw.sys
0x016C3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016CD000 \SystemRoot\system32\drivers\ndis.sys
0x01827000 \SystemRoot\system32\drivers\NETIO.SYS
0x01887000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A40000 \SystemRoot\System32\drivers\tcpip.sys
0x01C44000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01E76000 \SystemRoot\system32\DRIVERS\kl1.sys
0x01E00000 \SystemRoot\system32\drivers\volsnap.sys
0x01E4C000 \SystemRoot\System32\Drivers\spldr.sys
0x01C8E000 \SystemRoot\System32\drivers\rdyboost.sys
0x01E54000 \SystemRoot\System32\Drivers\mup.sys
0x01E66000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01CC8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x025D5000 \SystemRoot\system32\DRIVERS\disk.sys
0x01D02000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01D45000 \SystemRoot\system32\DRIVERS\klif.sys
0x01DDB000 \SystemRoot\System32\Drivers\Null.SYS
0x025F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x01DE4000 \SystemRoot\System32\drivers\vga.sys
0x01A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01A25000 \SystemRoot\System32\drivers\watchdog.sys
0x01A35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01DF2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019CE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019D7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019E2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x019F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01E6F000 \SystemRoot\system32\DRIVERS\kl2.sys
0x048EB000 \SystemRoot\system32\drivers\afd.sys
0x04974000 \SystemRoot\System32\DRIVERS\netbt.sys
0x049B9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x049C2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x049E8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04800000 \SystemRoot\system32\DRIVERS\klim6.sys
0x04809000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04818000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04833000 \SystemRoot\system32\drivers\termdd.sys
0x04847000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04898000 \SystemRoot\system32\drivers\nsiproxy.sys
0x048A4000 \SystemRoot\system32\drivers\mssmbios.sys
0x048AF000 \SystemRoot\System32\drivers\discache.sys
0x048BE000 \SystemRoot\System32\Drivers\dfsc.sys
0x017C0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x017D1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01600000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x048DC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04A94000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x046BD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x047B1000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04600000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0460D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04663000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04674000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04698000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x05639000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x05CE6000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05CF3000 \SystemRoot\system32\drivers\i8042prt.sys
0x05D11000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x05D1D000 \SystemRoot\system32\drivers\kbdclass.sys
0x05D2C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05D75000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05D77000 \SystemRoot\system32\drivers\mouclass.sys
0x05D86000 \SystemRoot\System32\Drivers\am3ud4vw.SYS
0x05DC8000 \SystemRoot\system32\drivers\wmiacpi.sys
0x05DD1000 \SystemRoot\system32\drivers\CompositeBus.sys
0x05DE1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05600000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05624000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0519C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x051CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04A21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05630000 \SystemRoot\system32\drivers\swenum.sys
0x04A3B000 \SystemRoot\system32\drivers\ks.sys
0x04A7E000 \SystemRoot\system32\drivers\umbus.sys
0x05E8F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05EE9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0640D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05EFE000 \SystemRoot\system32\drivers\portcls.sys
0x05F3B000 \SystemRoot\system32\drivers\drmk.sys
0x065EC000 \SystemRoot\system32\drivers\ksthunk.sys
0x05F5D000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x05F84000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05FA1000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x065F2000 \SystemRoot\System32\drivers\Dxapi.sys
0x05FCF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x018B2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05FDD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05FF0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00710000 \SystemRoot\System32\cdd.dll
0x05E00000 \SystemRoot\system32\drivers\luafv.sys
0x05E23000 \SystemRoot\system32\drivers\WudfPf.sys
0x05E44000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03248000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0329B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x032AE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x032C6000 \SystemRoot\system32\drivers\HTTP.sys
0x0338F000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x03399000 \SystemRoot\system32\DRIVERS\bowser.sys
0x033B7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x033CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x00DB3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x060CF000 \SystemRoot\system32\drivers\peauth.sys
0x06175000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06180000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x061B1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x061C3000 \SystemRoot\system32\DRIVERS\v2imount.sys
0x06000000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07639000 \SystemRoot\System32\DRIVERS\srv.sys
0x076D1000 \SystemRoot\system32\drivers\tdtcp.sys
0x076DC000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x076EB000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x07795000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77070000 \Windows\System32\ntdll.dll
0x484C0000 \Windows\System32\smss.exe
0xFF390000 \Windows\System32\apisetschema.dll
0xFF060000 \Windows\System32\autochk.exe
0x76F70000 \Windows\System32\user32.dll
0xFF270000 \Windows\System32\msctf.dll
0xFF250000 \Windows\System32\imagehlp.dll
0xFE4C0000 \Windows\System32\shell32.dll
0xFE390000 \Windows\System32\rpcrt4.dll
0xFE260000 \Windows\System32\wininet.dll
0xFE210000 \Windows\System32\ws2_32.dll
0xFE170000 \Windows\System32\clbcatq.dll
0xFE140000 \Windows\System32\imm32.dll
0xFE0E0000 \Windows\System32\Wldap32.dll
0xFE0D0000 \Windows\System32\lpk.dll
0xFE0C0000 \Windows\System32\nsi.dll
0xFE050000 \Windows\System32\gdi32.dll
0x77240000 \Windows\System32\psapi.dll
0x77230000 \Windows\System32\normaliz.dll
0xFE030000 \Windows\System32\sechost.dll
0xFDE20000 \Windows\System32\ole32.dll
0xFDCA0000 \Windows\System32\urlmon.dll
0xFDC20000 \Windows\System32\difxapi.dll
0xFDB80000 \Windows\System32\comdlg32.dll
0xFDB00000 \Windows\System32\shlwapi.dll
0xFD920000 \Windows\System32\setupapi.dll
0x76E50000 \Windows\System32\kernel32.dll
0xFD6C0000 \Windows\System32\iertutil.dll
0xFD5E0000 \Windows\System32\advapi32.dll
0xFD510000 \Windows\System32\usp10.dll
0xFD470000 \Windows\System32\msvcrt.dll
0xFD390000 \Windows\System32\oleaut32.dll
0xFD350000 \Windows\System32\cfgmgr32.dll
0xFD2B0000 \Windows\System32\comctl32.dll
0xFD290000 \Windows\System32\devobj.dll
0xFD220000 \Windows\System32\KernelBase.dll
0xFD0B0000 \Windows\System32\crypt32.dll
0xFD070000 \Windows\System32\wintrust.dll
0xFD060000 \Windows\System32\msasn1.dll
0x76C20000 \Windows\SysWOW64\normaliz.dll
Processes (total 68):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
500 csrss.exe
540 C:\Windows\System32\wininit.exe
552 csrss.exe
588 C:\Windows\System32\services.exe
628 C:\Windows\System32\winlogon.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\spoolsv.exe
1264 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\taskhost.exe
1528 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1640 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
1868 C:\Windows\System32\dwm.exe
1904 C:\Windows\explorer.exe
2044 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1096 C:\Windows\System32\svchost.exe
1512 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1752 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
1576 C:\Windows\System32\svchost.exe
1932 D:\Norton Ghost\Agent\VProSvc.exe
2172 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2200 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
2248 C:\Windows\System32\svchost.exe
2316 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2420 C:\Windows\System32\svchost.exe
2444 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2552 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2892 C:\Windows\System32\SearchIndexer.exe
2924 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3456 C:\Windows\notepad.exe
3672 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3712 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3724 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
3740 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3816 C:\Windows\System32\igfxtray.exe
3824 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3848 C:\Windows\System32\hkcmd.exe
3880 C:\Windows\System32\igfxpers.exe
3904 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3948 C:\Windows\System32\igfxsrvc.exe
3112 C:\Windows\System32\igfxext.exe
960 C:\Windows\System32\wbem\unsecapp.exe
3532 WmiPrvSE.exe
3176 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
700 C:\Program Files (x86)\Launch Manager\LManager.EXE
4032 D:\iTunes\iTunesHelper.exe
4276 C:\Windows\System32\svchost.exe
4680 C:\Program Files\iPod\bin\iPodService.exe
5052 dllhost.exe
4376 C:\Program Files\Windows Media Player\wmpnetwk.exe
2836 C:\Windows\notepad.exe
4668 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2036 C:\Windows\notepad.exe
4892 C:\Windows\System32\SearchProtocolHost.exe
892 C:\Windows\System32\SearchFilterHost.exe
1708 C:\Users\ritchies\Desktop\MBRCheck.exe
2092 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`1c5afa00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000021`6c985800 (NTFS)
PhysicalDrive0 Model Number: ST9250315AS, Rev: 0001SDM1
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
8MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: INSYDE
System Manufacturer: Acer
System Product Name: Aspire 1810TZ
Logical Drives Mask: 0x0080001c
Kernel Drivers (total 191):
0x0300B000 \SystemRoot\system32\ntoskrnl.exe
0x035F4000 \SystemRoot\system32\hal.dll
0x00BA1000 \SystemRoot\system32\kdcom.dll
0x00C96000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CE5000 \SystemRoot\system32\PSHED.dll
0x00CF9000 \SystemRoot\system32\CLFS.SYS
0x00E98000 \SystemRoot\system32\CI.dll
0x00F58000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00E00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01028000 \SystemRoot\System32\Drivers\spde.sys
0x0115C000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01165000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01194000 \SystemRoot\system32\drivers\ACPI.sys
0x011EB000 \SystemRoot\system32\drivers\msisadrv.sys
0x01000000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E0F000 \SystemRoot\system32\drivers\pci.sys
0x0100D000 \SystemRoot\System32\drivers\partmgr.sys
0x011F5000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E42000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E4E000 \SystemRoot\system32\drivers\volmgr.sys
0x00D57000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E63000 \SystemRoot\System32\drivers\mountmgr.sys
0x012E0000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01200000 \SystemRoot\system32\drivers\atapi.sys
0x01209000 \SystemRoot\system32\drivers\ataport.SYS
0x01233000 \SystemRoot\system32\drivers\amdxata.sys
0x0123E000 \SystemRoot\system32\drivers\fltmgr.sys
0x0128A000 \SystemRoot\system32\drivers\fileinfo.sys
0x0129E000 \SystemRoot\system32\DRIVERS\symsnap.sys
0x01410000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00C00000 \SystemRoot\System32\Drivers\msrpc.sys
0x015B3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01640000 \SystemRoot\System32\Drivers\cng.sys
0x016B2000 \SystemRoot\System32\drivers\pcw.sys
0x016C3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016CD000 \SystemRoot\system32\drivers\ndis.sys
0x01827000 \SystemRoot\system32\drivers\NETIO.SYS
0x01887000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A40000 \SystemRoot\System32\drivers\tcpip.sys
0x01C44000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01E76000 \SystemRoot\system32\DRIVERS\kl1.sys
0x01E00000 \SystemRoot\system32\drivers\volsnap.sys
0x01E4C000 \SystemRoot\System32\Drivers\spldr.sys
0x01C8E000 \SystemRoot\System32\drivers\rdyboost.sys
0x01E54000 \SystemRoot\System32\Drivers\mup.sys
0x01E66000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01CC8000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x025D5000 \SystemRoot\system32\DRIVERS\disk.sys
0x01D02000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01D45000 \SystemRoot\system32\DRIVERS\klif.sys
0x01DDB000 \SystemRoot\System32\Drivers\Null.SYS
0x025F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x01DE4000 \SystemRoot\System32\drivers\vga.sys
0x01A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01A25000 \SystemRoot\System32\drivers\watchdog.sys
0x01A35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01DF2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019CE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019D7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019E2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x019F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01E6F000 \SystemRoot\system32\DRIVERS\kl2.sys
0x048EB000 \SystemRoot\system32\drivers\afd.sys
0x04974000 \SystemRoot\System32\DRIVERS\netbt.sys
0x049B9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x049C2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x049E8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04800000 \SystemRoot\system32\DRIVERS\klim6.sys
0x04809000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04818000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04833000 \SystemRoot\system32\drivers\termdd.sys
0x04847000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04898000 \SystemRoot\system32\drivers\nsiproxy.sys
0x048A4000 \SystemRoot\system32\drivers\mssmbios.sys
0x048AF000 \SystemRoot\System32\drivers\discache.sys
0x048BE000 \SystemRoot\System32\Drivers\dfsc.sys
0x017C0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x017D1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01600000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x048DC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04A94000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x046BD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x047B1000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04600000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0460D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04663000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04674000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04698000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x05639000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x05CE6000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05CF3000 \SystemRoot\system32\drivers\i8042prt.sys
0x05D11000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x05D1D000 \SystemRoot\system32\drivers\kbdclass.sys
0x05D2C000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05D75000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05D77000 \SystemRoot\system32\drivers\mouclass.sys
0x05D86000 \SystemRoot\System32\Drivers\am3ud4vw.SYS
0x05DC8000 \SystemRoot\system32\drivers\wmiacpi.sys
0x05DD1000 \SystemRoot\system32\drivers\CompositeBus.sys
0x05DE1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05600000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05624000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0519C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x051CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04A21000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05630000 \SystemRoot\system32\drivers\swenum.sys
0x04A3B000 \SystemRoot\system32\drivers\ks.sys
0x04A7E000 \SystemRoot\system32\drivers\umbus.sys
0x05E8F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05EE9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0640D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05EFE000 \SystemRoot\system32\drivers\portcls.sys
0x05F3B000 \SystemRoot\system32\drivers\drmk.sys
0x065EC000 \SystemRoot\system32\drivers\ksthunk.sys
0x05F5D000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x05F84000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05FA1000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x065F2000 \SystemRoot\System32\drivers\Dxapi.sys
0x05FCF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x018B2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05FDD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05FF0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00710000 \SystemRoot\System32\cdd.dll
0x05E00000 \SystemRoot\system32\drivers\luafv.sys
0x05E23000 \SystemRoot\system32\drivers\WudfPf.sys
0x05E44000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03248000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0329B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x032AE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x032C6000 \SystemRoot\system32\drivers\HTTP.sys
0x0338F000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x03399000 \SystemRoot\system32\DRIVERS\bowser.sys
0x033B7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x033CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x00DB3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x060CF000 \SystemRoot\system32\drivers\peauth.sys
0x06175000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06180000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x061B1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x061C3000 \SystemRoot\system32\DRIVERS\v2imount.sys
0x06000000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07639000 \SystemRoot\System32\DRIVERS\srv.sys
0x076D1000 \SystemRoot\system32\drivers\tdtcp.sys
0x076DC000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x076EB000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x07795000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77070000 \Windows\System32\ntdll.dll
0x484C0000 \Windows\System32\smss.exe
0xFF390000 \Windows\System32\apisetschema.dll
0xFF060000 \Windows\System32\autochk.exe
0x76F70000 \Windows\System32\user32.dll
0xFF270000 \Windows\System32\msctf.dll
0xFF250000 \Windows\System32\imagehlp.dll
0xFE4C0000 \Windows\System32\shell32.dll
0xFE390000 \Windows\System32\rpcrt4.dll
0xFE260000 \Windows\System32\wininet.dll
0xFE210000 \Windows\System32\ws2_32.dll
0xFE170000 \Windows\System32\clbcatq.dll
0xFE140000 \Windows\System32\imm32.dll
0xFE0E0000 \Windows\System32\Wldap32.dll
0xFE0D0000 \Windows\System32\lpk.dll
0xFE0C0000 \Windows\System32\nsi.dll
0xFE050000 \Windows\System32\gdi32.dll
0x77240000 \Windows\System32\psapi.dll
0x77230000 \Windows\System32\normaliz.dll
0xFE030000 \Windows\System32\sechost.dll
0xFDE20000 \Windows\System32\ole32.dll
0xFDCA0000 \Windows\System32\urlmon.dll
0xFDC20000 \Windows\System32\difxapi.dll
0xFDB80000 \Windows\System32\comdlg32.dll
0xFDB00000 \Windows\System32\shlwapi.dll
0xFD920000 \Windows\System32\setupapi.dll
0x76E50000 \Windows\System32\kernel32.dll
0xFD6C0000 \Windows\System32\iertutil.dll
0xFD5E0000 \Windows\System32\advapi32.dll
0xFD510000 \Windows\System32\usp10.dll
0xFD470000 \Windows\System32\msvcrt.dll
0xFD390000 \Windows\System32\oleaut32.dll
0xFD350000 \Windows\System32\cfgmgr32.dll
0xFD2B0000 \Windows\System32\comctl32.dll
0xFD290000 \Windows\System32\devobj.dll
0xFD220000 \Windows\System32\KernelBase.dll
0xFD0B0000 \Windows\System32\crypt32.dll
0xFD070000 \Windows\System32\wintrust.dll
0xFD060000 \Windows\System32\msasn1.dll
0x76C20000 \Windows\SysWOW64\normaliz.dll
Processes (total 68):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
500 csrss.exe
540 C:\Windows\System32\wininit.exe
552 csrss.exe
588 C:\Windows\System32\services.exe
628 C:\Windows\System32\winlogon.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
780 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\spoolsv.exe
1264 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\taskhost.exe
1528 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1640 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
1868 C:\Windows\System32\dwm.exe
1904 C:\Windows\explorer.exe
2044 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1096 C:\Windows\System32\svchost.exe
1512 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1752 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
1576 C:\Windows\System32\svchost.exe
1932 D:\Norton Ghost\Agent\VProSvc.exe
2172 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2200 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
2248 C:\Windows\System32\svchost.exe
2316 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2420 C:\Windows\System32\svchost.exe
2444 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2552 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2892 C:\Windows\System32\SearchIndexer.exe
2924 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3456 C:\Windows\notepad.exe
3672 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3712 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3724 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
3740 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3816 C:\Windows\System32\igfxtray.exe
3824 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3848 C:\Windows\System32\hkcmd.exe
3880 C:\Windows\System32\igfxpers.exe
3904 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3948 C:\Windows\System32\igfxsrvc.exe
3112 C:\Windows\System32\igfxext.exe
960 C:\Windows\System32\wbem\unsecapp.exe
3532 WmiPrvSE.exe
3176 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
700 C:\Program Files (x86)\Launch Manager\LManager.EXE
4032 D:\iTunes\iTunesHelper.exe
4276 C:\Windows\System32\svchost.exe
4680 C:\Program Files\iPod\bin\iPodService.exe
5052 dllhost.exe
4376 C:\Program Files\Windows Media Player\wmpnetwk.exe
2836 C:\Windows\notepad.exe
4668 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2036 C:\Windows\notepad.exe
4892 C:\Windows\System32\SearchProtocolHost.exe
892 C:\Windows\System32\SearchFilterHost.exe
1708 C:\Users\ritchies\Desktop\MBRCheck.exe
2092 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`1c5afa00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000021`6c985800 (NTFS)
PhysicalDrive0 Model Number: ST9250315AS, Rev: 0001SDM1
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
Ich hoffe, das wars jetzt und kann mir mal jemand erklären, was ich hier überhaupt getan habe??  Gruß und danke! Mark |
|
23.05.2011, 13:59
| #7 | ||||
| /// TB-Ausbilder | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Hallo Mark, Zitat:
Aber wir versuchen das später gleich noch mal. Zitat:
Wir wollen doch sicher stellen, dass keine Malware mehr auf deinem Rechner ist. Zitat:
Zitat:
Ich setze spezielle Analyse- und Bereinigungsprogramme ein, um die von dir beschriebenen Probleme zu beheben und Malware zu entfernen. Das Erlernen des Auswertens solcher Daten erfordert ein Studium von mehreren Monaten. Bist du daran noch mehr interessiert? Wenn ja, lass es mich bitte wisssen. Schritt # 1: Fix mit OTL
Code:
ATTFilter :OTL
DRV - (vaszok) -- C:\Windows\system32\drivers\bepyqh.sys ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
:Commands
[emptytemp]
Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM) Downloade Dir bitte Malwarebytes' Anti-Malware
Schritt # 3: Java deinstallieren/neu installieren
Schritt # 4: ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%ProgramFiles%\Eset\Eset Online Scanner\log.txt"
Schritt # 5: Systemscan mit OTL
Schritt # 6: Durchführung einer Sicherheitskontrolle Downloade Dir bitte SecurityCheck
Schritt # 7: Fragen beantworten Bitte beantworte mir folgende Fragen:
Schritt # 8: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
24.05.2011, 23:39
| #8 |
| | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Also... nach div. Stunden des Wartens, hier die ersten Ergebnisse: OTL-Fix Protokoll: [CODE] All processes killed ========== OTL ========== Service vaszok stopped successfully! Service vaszok deleted successfully! File C:\Windows\system32\drivers\bepyqh.sys not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: ritchies ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 19941724 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 96780 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 232984 bytes Total Files Cleaned = 19,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05232011_220707 Files\Folders moved on Reboot... C:\Users\ritchies\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\klsE621.tmp not found! Registry entries deleted on Reboot... [\CODE] Logfile MBAM [CODE] Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6657 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 23.05.2011 22:18:39 mbam-log-2011-05-23 (22-18-39).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 167209 Laufzeit: 5 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) [\CODE] ESET Logfile (hatte 6 Treffer): [CODE] ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=7702eaa55d88d74a90c9130346adc1c6 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-23 08:31:30 # local_time=2011-05-23 10:31:30 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1280 16777215 100 0 610739 610739 0 0 # compatibility_mode=5893 16776573 100 94 171303 57812534 0 0 # compatibility_mode=8192 67108863 100 0 115 115 0 0 # scanned=232 # found=0 # cleaned=0 # scan_time=5 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=7702eaa55d88d74a90c9130346adc1c6 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-23 09:27:29 # local_time=2011-05-23 11:27:29 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1280 16777215 100 0 610794 610794 0 0 # compatibility_mode=5893 16776573 100 94 171358 57812589 0 0 # compatibility_mode=8192 67108863 100 0 170 170 0 0 # scanned=57724 # found=1 # cleaned=0 # scan_time=3310 C:\Program Files (x86)\Common Files\Nero\AdvrCntr4\patch.exe Win32/Agent.QKL trojan (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=7702eaa55d88d74a90c9130346adc1c6 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-24 10:14:31 # local_time=2011-05-25 12:14:31 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1280 16777215 100 0 690378 690378 0 0 # compatibility_mode=5893 16776573 100 94 250942 57892173 0 0 # compatibility_mode=8192 67108863 100 0 79754 79754 0 0 # scanned=205046 # found=6 # cleaned=0 # scan_time=12948 C:\Program Files (x86)\Common Files\Nero\AdvrCntr4\patch.exe Win32/Agent.QKL trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\05222011_221000\C_Users\ritchies\AppData\Local\advMainserv\acxNetdrm.dll a variant of Win32/Sefnit.BE trojan (unable to clean) 00000000000000000000000000000000 I D:\Nero\Nero 9\Nero Burning ROM\patch.exe Win32/Agent.QKL trojan (unable to clean) 00000000000000000000000000000000 I D:\Treiber und Setups\Ahead Nero 9 Reloaded v9.4.17.0 Multilanguage Dvd-Restore.iso Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I D:\Treiber und Setups\Ahead Nero 9 Reloaded v9.4.17.0 Multilanguage Dvd-Restore\BackItUp and Burn\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I E:\Dokumente\patch.txt.exe Win32/Agent.QKL trojan (unable to clean) 00000000000000000000000000000000 I [\CODE] OTL Log (hat erneut KEINE EXTRAS.txt erstellt!): OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.05.2011 00:24:45 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ritchies\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 40,34 Gb Total Space | 7,19 Gb Free Space | 17,82% Space Free | Partition Type: NTFS Drive D: | 81,25 Gb Total Space | 64,18 Gb Free Space | 78,99% Space Free | Partition Type: NTFS Drive E: | 99,19 Gb Total Space | 65,03 Gb Free Space | 65,57% Space Free | Partition Type: NTFS Drive X: | 915,91 Gb Total Space | 793,73 Gb Free Space | 86,66% Space Free | Partition Type: NTFS Computer Name: RITCHIESNB | User Name: ritchies | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\ritchies\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - D:\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\ritchies\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (HFGService) -- C:\Windows\SysNative\HFGService.dll (CSR, plc) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (Norton Ghost) -- D:\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (StarWindServiceAE) -- d:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (SCL01164) -- C:\Windows\SysNative\drivers\SCL01164.sys (SCM Microsystems Inc.) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (BthAudioHF) -- C:\Windows\SysNative\drivers\BthAudioHF.sys (CSR, plc) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (AF05BDA) -- C:\Windows\SysNative\drivers\AF05BDA.sys (AfaTech ) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (symsnap) -- C:\Windows\SysNative\drivers\symsnap.sys (StorageCraft) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.) DRV:64bit: - (VProEventMonitor) -- C:\Windows\SysNative\drivers\vproeventmonitor.sys (Symantec Corporation) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (v2imount) -- C:\Windows\SysNative\drivers\v2imount.sys (Symantec Corporation) DRV:64bit: - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\SysNative\drivers\AF15BDA.sys (AfaTech ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.07 22:09:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: D:\AusweisApp\mozilla\AusweisApp_FF3x_Win [2011.01.03 20:05:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.03 21:23:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.18 18:36:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.07 22:09:50 | 000,000,000 | ---D | M] [2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Extensions [2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Extensions\{a23983c0-fd0e-11dc-95ff-0800200c9a66} [2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Fennec\Profiles\8vrehq32.default\extensions [2011.04.23 15:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Firefox\Profiles\f7zrzodg.default\extensions [2011.04.23 15:48:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\ritchies\AppData\Roaming\mozilla\Firefox\Profiles\f7zrzodg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.05.23 22:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.15 14:58:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.24 18:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.05.23 22:27:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2010.02.27 22:33:26 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2011.05.03 21:23:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.23 22:26:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.05.03 21:23:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.03 21:23:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.05.03 21:23:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.03 21:23:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.03 21:23:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.03 21:23:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.22 22:36:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - D:\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - Reg Error: Key error. - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.23 22:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.05.23 22:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.05.23 22:27:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.05.23 22:27:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.05.23 22:27:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.05.23 22:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.05.23 22:12:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.23 22:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.23 22:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.22 23:01:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.22 22:58:53 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.05.22 22:19:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.05.22 22:19:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.05.22 22:19:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.05.22 22:19:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.05.22 22:19:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.05.22 22:18:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.05.22 22:10:00 | 000,000,000 | ---D | C] -- C:\_OTL [2011.05.22 12:03:29 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\ritchies\Desktop\aswMBR.exe [2011.05.22 10:44:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\ritchies\Desktop\OTL.exe [2011.05.19 22:10:52 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe [2011.05.17 22:27:43 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Local\RapidSolution [2011.05.16 20:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011 [2011.05.13 07:47:05 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2011.05.13 07:47:05 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2011.05.12 21:43:41 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.05.12 21:43:40 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.05.12 21:43:40 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.05.12 21:43:39 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2011.05.12 21:43:38 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2011.05.04 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\Download Manager [2011.05.02 21:11:25 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\Malwarebytes [2011.05.02 21:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.02 21:11:06 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.01 22:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.04.30 08:13:38 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011.04.30 08:13:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011.04.30 08:13:36 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011.04.30 08:13:36 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011.04.30 08:13:36 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011.04.30 08:13:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011.04.30 08:13:36 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011.04.30 08:13:30 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.04.30 08:13:29 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.04.30 08:13:28 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.04.30 08:13:28 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011.04.30 08:13:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2011.04.30 08:13:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2011.04.28 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\dvdcss [2009.10.23 08:50:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2011.05.25 00:02:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.24 20:45:19 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.24 20:36:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.23 22:26:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.05.23 22:26:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.05.23 22:26:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.05.23 22:26:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.05.23 22:15:53 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.23 22:15:53 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.23 22:12:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.23 22:08:10 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys [2011.05.22 23:07:09 | 000,080,384 | ---- | M] () -- C:\Users\ritchies\Desktop\MBRCheck.exe [2011.05.22 22:36:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.05.22 22:08:18 | 004,352,705 | R--- | M] () -- C:\Users\ritchies\Desktop\ComboFix.exe [2011.05.22 12:04:47 | 000,000,512 | ---- | M] () -- C:\Users\ritchies\Desktop\MBR.dat [2011.05.22 12:03:32 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\ritchies\Desktop\aswMBR.exe [2011.05.22 10:44:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ritchies\Desktop\OTL.exe [2011.05.21 23:56:08 | 000,002,014 | -H-- | M] () -- E:\Dokumente\Default.rdp [2011.05.21 22:52:07 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe [2011.05.16 22:12:18 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2011.05.16 21:40:52 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2011.05.16 21:40:51 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2011.05.16 20:47:03 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.16 20:47:03 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.16 20:47:03 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.16 20:47:03 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.16 20:47:03 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.15 19:27:11 | 000,151,080 | ---- | M] () -- E:\Dokumente\cc_20110515_192702.reg [2011.05.15 18:58:41 | 000,000,000 | ---- | M] () -- C:\backup.reg [2011.05.14 16:09:04 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2011.04.28 21:15:23 | 000,000,142 | ---- | M] () -- C:\Users\ritchies\AppData\Roaming\default.rss [2011.04.28 21:15:07 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.04.26 19:33:48 | 000,026,702 | ---- | M] () -- C:\Users\ritchies\Desktop\Ikea_Einkaufsliste.pdf ========== Files Created - No Company Name ========== [2011.05.23 22:12:38 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.22 23:07:08 | 000,080,384 | ---- | C] () -- C:\Users\ritchies\Desktop\MBRCheck.exe [2011.05.22 22:19:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.22 22:19:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.22 22:19:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.22 22:19:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.22 22:19:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.22 22:07:46 | 004,352,705 | R--- | C] () -- C:\Users\ritchies\Desktop\ComboFix.exe [2011.05.22 12:04:47 | 000,000,512 | ---- | C] () -- C:\Users\ritchies\Desktop\MBR.dat [2011.05.16 22:12:18 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2011.05.15 19:27:06 | 000,151,080 | ---- | C] () -- E:\Dokumente\cc_20110515_192702.reg [2011.05.15 18:58:41 | 000,000,000 | ---- | C] () -- C:\backup.reg [2011.05.03 21:20:43 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.26 19:33:48 | 000,026,702 | ---- | C] () -- C:\Users\ritchies\Desktop\Ikea_Einkaufsliste.pdf [2011.03.05 20:16:55 | 000,000,572 | ---- | C] () -- C:\Windows\wiso.ini [2010.12.10 18:53:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2010.07.25 18:06:48 | 000,007,601 | ---- | C] () -- C:\Users\ritchies\AppData\Local\Resmon.ResmonCfg [2010.06.11 20:20:01 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll [2010.05.21 18:59:25 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.05.21 18:59:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.05.10 22:04:29 | 000,005,632 | ---- | C] () -- C:\Users\ritchies\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.22 17:48:26 | 000,000,139 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI [2010.03.06 23:11:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.03.06 23:10:21 | 000,000,142 | ---- | C] () -- C:\Users\ritchies\AppData\Roaming\default.rss [2010.03.06 23:10:21 | 000,000,000 | ---- | C] () -- C:\Users\ritchies\AppData\Roaming\downloads.m3u [2010.02.28 14:59:20 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.02.28 14:59:20 | 000,000,008 | RHS- | C] () -- C:\ProgramData\BD6B8941C5.sys [2010.02.28 13:33:42 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.02.27 21:31:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.10.23 09:23:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.10.23 09:23:48 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.10.23 09:23:48 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.10.23 09:23:47 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.24 12:41:58 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll [2008.10.24 12:41:58 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll [2008.01.10 10:44:01 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008.01.10 10:44:01 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2008.01.10 10:44:01 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini [2007.10.05 20:29:00 | 000,003,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\EC168Hid.dat [2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll < End of report > Logfile Securitycheck: [CODE] Results of screen317's Security Check version 0.99.11 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: ESET Online Scanner v3 Kaspersky Anti-Virus 2011 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java(TM) 6 Update 25 Adobe Flash Player 10.2.159.1 Adobe Reader X (10.0.1) - Deutsch Mozilla Firefox (x86 de..) ```````````````````````````````` Process Check: objlist.exe by Laurent Kaspersky Lab Kaspersky Anti-Virus 2011 avp.exe ``````````End of Log```````````` [\CODE] Ob nach wie vor sporadisch Werbung erscheint, muss ich noch testen. Kann ein bis zwei Tage dauern. Werde berichten. Rechner läuft - soweit ich das aktuell beurteilen kann - normal. Gute Nacht! Mark |
|
25.05.2011, 13:37
| #9 | |
| /// TB-Ausbilder | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Hallo Mark, Schritt # 1: Benutzerkontensteuerung aktivieren
Schritt # 2: Wichtige Updates
Schritt # 3: Fragen beantworten Bitte beantworte mir folgende Fragen:
Schritt # 4: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
25.05.2011, 18:10
| #10 |
| | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Hallo! Benutzerkontensteuerung ist aktiviert. IE9 habe ich bisher nicht runtergeladen, da ich den IE nicht nutze. Ich nutze zum Browsen ausschließlich den Firefox (aktuell 4.01). Muss/Soll ich den IE9 dennoch installieren? Ich bin i. d. R. kein IE-Freund... Trojaner im Nero?? Eine gute Frage. Nutze Nero schon seit Zenturien und hatte nie Probleme damit. Unerwünschte Werbung kam bisher nicht. Es wäre m. E. aber noch zu früh um komplett Entwarnung geben zu können, glaube ich. Mark |
|
25.05.2011, 19:02
| #11 | |||
| /// TB-Ausbilder | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Hallo Mark, Zitat:
Zitat:
Für gewöhnlich beende ich die Unterstützung sofort, wenn ich Anzeichen für illegale Software finde. Da wir mit der Bereinigung (bis auf die Trojaner in Nero) fertig sind, empfehle ich dir, die infizierten Dateien zu entfernen und in Zukunft die Finger davon zu lassen! Schritt # 1: ComboFix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücken. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt # 2: Systembereinigung mit OTL Als Nächstes müssen wir alle Programme, die zur Malwarebeseitigung notwendig waren, entfernen:
Schritt # 3: Programme deinstallieren/löschen
Schritt # 4: ESET Online Scanner
Schritt # 5: Windows Update aktivieren Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.
Schritt # 6: Schutz vor weiteren Infektionen Damit du in Zukunft vor ähnlichen Infektionen geschützt bist, empfehle ich dir noch ein paar nützliche Programme inklusive ein paar Tipps.
Zitat:
Bitte lesen: Cracks, Keygens und andere illegale Software Dateien, wie crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte. Außerdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zum Neu aufsetzten. Damit ist das Thema beendet. |
|
25.05.2011, 20:44
| #12 |
| | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Update: Neues Problem. Firefox geht, geht nicht, geht, geht nicht... Übersetzt. Findet keine Internetseiten (egal welche). :-( |
|
26.05.2011, 20:03
| #13 | |
| /// TB-Ausbilder | Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... Hallo Mark, es scheint, als hättest du meinen letzten Post entweder nicht vollständig gelesen oder du verstehst mich nicht. In einem deiner Logfiles wurde folgendes beanstandet: Zitat:
Bitte lesen: Cracks, Keygens und andere illegale Software Die einzige Hilfe, die Leute in diesem Forum bei Anzeichen von illegaler Software bekommen, ist folgende: Anleitung zum Neu aufsetzten |
|
| Themen zu Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... |
| 64-bit, alternate, avp.exe, bho, bonjour, c:\windows\system32\rundll32.exe, converter, error, excel.exe, firefox, flash player, google, helper, highjackthis, home, install.exe, intranet, kaspersky, launch, lexware, logfile, microsoft office word, mozilla, mp3, office 2007, oldtimer, plug-in, problem, realtek, registry, scan, searchplugins, security, security update, server, shell32.dll, shortcut, software, sptd.sys, start menu, super, symantec, syswow64, tastatur, webcheck, windows |
Textbox.
Button.
Linear-Darstellung
