|
Anzeige:
|
|
|||||||
| Viren-Forum über Viren, Dialer, Trojaner, Spyware etc. |
EM-Tippspiel
Paule bei Facebook
Paule bei Twitter
Navigation
Letzte Forenthemen
Anzeige:
|
 |
|
|
LinkBack | Themen-Optionen | Ansicht |
05.04.2011, 10:43
|
#1 (Direktlink) |
|
Erfolgreich angemeldet
 Registriert seit: 05.04.2011
Beiträge: 24
|
MS Removal Tool
Hallo Liebe Helfer!
Ich habe das Gleiche Problem wie alle anderen mit diesem angeblichen, kostenpflichtigen Anti-Viren Programm "MS Removal Tool". Ich habe mir die anderen Foren schon durchgelesen und auch schon dieses HIJACK dingens runtergeladen und meinen Vista-PC gescannt. Doch es wurde ja gesagt, dass man diese Analyse ins Forum stellen soll. Darum hab ich jetzt mal ein neues Thema eröffnet um hier meinen Bericht rein zu stellen. Mfg, Quarktasche Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:20:31, on 05.04.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWin1.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof2.dll R3 - URLSearchHook: Eazel-DE Toolbar - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaz1.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWin1.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll O2 - BHO: Eazel-DE Toolbar - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaz1.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWin1.dll O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof2.dll O3 - Toolbar: Eazel-DE Toolbar - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaz1.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files\Gameforge4D\4Story\PrePatch.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Philip\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [EADM] "C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe" O4 - HKCU\..\Run: [Recycle.Bin.exe] C:\Recycle.Bin\Recycle.Bin.exe O4 - HKCU\..\RunOnce: [kCp31001jKmOl31001] C:\ProgramData\kCp31001jKmOl31001\kCp31001jKmOl31001.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites (file missing) O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites (file missing) (HKCU) O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12390 bytes |
|
|
|
|
05.04.2011, 10:47
|
#2 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 05.04.2011
Beiträge: 24
|
Was muss ich jetzt machen?
|
|
|
|
|
05.04.2011, 11:17
|
#3 (Direktlink) |
|
Malware-Team
 Registriert seit: 30.03.2008
Alter: 25
Beiträge: 8.612
|
Systemscan mit OTL
download otl: http://oldtimer.geekstogo.com/OTL.exe Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten |
|
|
|
|
05.04.2011, 11:37
|
#4 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 05.04.2011
Beiträge: 24
|
Extras.Txt
OTL Extras logfile created on: 05.04.2011 11:23:54 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Philip\Desktop\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 327,26 Gb Free Space | 73,42% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 5,00 Gb Free Space | 25,01% Space Free | Partition Type: FAT32 Computer Name: PHILIPKRAMER-PC | User Name: Philip | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3325191093-4270842610-2651578479-1005\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\FirewallRules] "{02B19D77-266C-4116-8326-E080DC71949A}" = rport=139 | protocol=6 | dir=out | app=system | "{0E63F0DC-41B7-478E-BA62-51103AB21B6A}" = rport=5358 | protocol=6 | dir=out | app=system | "{106933CF-BA83-4CEB-BC6A-CAAA2146AD95}" = rport=137 | protocol=17 | dir=out | app=system | "{116041AA-9A67-4FD9-8189-1D6E96D9933E}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | "{16DA6AE4-DBA7-4F58-91FD-C8AACA268B63}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery | "{1BCAF367-B72E-4A55-B05B-737794FA8381}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | "{20A432D9-21F9-4173-85EF-4060A010B7E7}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher | "{25A4CA32-8173-4909-A12D-62F5583DC3DE}" = lport=139 | protocol=6 | dir=in | app=system | "{26961BF9-49F0-4C0E-8BE9-D565A01A9CB4}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | "{2EFCA7B4-2DB9-4AA2-954C-64BB125AFB12}" = lport=6920 | protocol=17 | dir=in | name=league of legends launcher | "{35560520-9FC0-40A8-8E3F-2BC66ED7D619}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher | "{377BE399-235D-4D4B-A8D1-BF558231FCF7}" = lport=6940 | protocol=17 | dir=in | name=league of legends launcher | "{3B737BA9-6216-4A22-8F30-BD604C74768F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{3F3ECE08-D866-4AD0-858C-4C64EE7D03CE}" = rport=138 | protocol=17 | dir=out | app=system | "{411C0FD3-5475-42F1-B984-7EE1EB0351B4}" = lport=6881 | protocol=17 | dir=in | name=league of legends launcher | "{4B05DD1F-BAE6-4BC0-9662-FDD97F169F4B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4B93F875-805F-4CAB-9ED5-913986153B65}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher | "{4D713AA6-0C01-4F45-AD55-790E64F3EA53}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | "{50BA9090-D624-44ED-9A55-BFDEE5B055B9}" = lport=6941 | protocol=17 | dir=in | name=league of legends launcher | "{73F5FA9B-47D2-484D-8157-FB58202796D2}" = lport=137 | protocol=17 | dir=in | app=system | "{7BB5EBEC-9D49-4D87-B81A-B441A6743AA8}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | "{7EC648AF-8776-4681-A414-4DF4B516C251}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher | "{8452BE1B-F110-4EC0-AC03-65F123AD32AD}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher | "{8A1732A6-3522-4578-A8B7-208F6457446B}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{8F2DF4FC-FD1C-4C40-8622-BE3D64349693}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery | "{92962189-9CF4-4E1A-828D-5CEAF54C497E}" = lport=138 | protocol=17 | dir=in | app=system | "{9317E70F-B91F-41BF-9228-25AA224D3914}" = lport=445 | protocol=6 | dir=in | app=system | "{9A5436E6-589E-4265-B681-29BA912D0762}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{9B4404E0-596E-497B-9C42-5A50E0EC90CE}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{9BD1BE4F-EA1C-48D5-83FD-5B012C1ED070}" = rport=445 | protocol=6 | dir=out | app=system | "{AC4BFC93-AE8B-420E-82E1-345234CD25C8}" = rport=5357 | protocol=6 | dir=out | app=system | "{AD49A959-0BA3-4A2D-9454-5B0EB2685180}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{AE507FE9-569C-4063-9902-03EEB8B438F8}" = lport=6881 | protocol=6 | dir=in | name=league of legends launcher | "{B4EFD3C8-D80A-4910-AD7C-05D775C33437}" = lport=5358 | protocol=6 | dir=in | app=system | "{B82599ED-5CC5-4C50-BAFD-1B206624EE60}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher | "{BD018F87-3905-42AB-A64D-1E05523FCF7C}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher | "{BE7B500A-DA9C-4032-975C-B31150469A65}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher | "{C901F090-AD82-4546-B5A3-7FACC1582659}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CCCE56DF-5638-48FA-A262-7E795C5F8F19}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | "{DE6C24D0-0C9C-46F0-AAB3-FD85284AD7C9}" = lport=5357 | protocol=6 | dir=in | app=system | "{DF65B463-7116-485B-8D97-691C5B77FE0F}" = lport=6941 | protocol=6 | dir=in | name=league of legends launcher | "{E67164C8-BDFD-4765-B259-CFC8B69F380E}" = lport=6940 | protocol=6 | dir=in | name=league of legends launcher | "{E8BC412E-3012-4C33-8DFA-8B342D237441}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{F8B7179F-5B67-4107-B64C-82C1C558334F}" = lport=6920 | protocol=6 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\FirewallRules] "{04E32855-3A28-48C5-8012-A336129D76DF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{05DDF5AF-74B6-4056-A677-7DC9E8D78B3D}" = protocol=17 | dir=in | app=c:\program files\league of legends\lol.launcher.exe | "{0714ED88-CC92-495F-BCCD-652F87BDDA14}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | "{0CCF9662-0CC1-45FC-BF37-CC0262DA8BF1}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{157244AF-5A02-46E0-9104-835D038CCABB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{20028EB4-015E-45BB-9BF4-0FA2400C87E5}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | "{20AB76BC-7CC1-49C7-A0D5-69FAAE1343E9}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{23141A48-3CA1-44E7-80E9-5BC4993C0C06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2510EF99-FA6C-4758-A4B2-C63BE1891785}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{2ECC1F39-BDD3-4BE4-AF8C-8AA1150ED908}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{33F25BBE-6496-4814-8F99-AC8B637B5AD5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{3929293A-F602-48C8-A13D-2E19B6FC48E6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{3AACC6DE-2AD0-46AE-A340-72986CB5C3E6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{3F50F7FC-E46B-48EC-A1B7-AD061B6497EB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{53ED6586-3286-4D38-B5EB-7938B1A053B6}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{5F729969-C49F-48A4-9793-386678AD269C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{63BC9C61-6472-49EE-88EE-6B4A808D42E5}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{65728557-D3E5-4598-B416-003410611450}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{6DCBD041-7BAF-4A5E-AE8A-932B5008E269}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{700753F8-0BC6-469F-8CAE-6069CDCC0371}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | "{73C75508-F1BD-4A28-BB67-56C57C79A573}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{7BF2D859-36AA-4EB2-B71E-A471BCEF5539}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | "{850CBDDC-B319-41D0-828D-5B182D38EBCB}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | "{8DFA4E89-7F30-4D54-A590-FA110F6CA338}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | "{9D595453-CD4A-4CFF-9FFD-136623996ED8}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | "{A96BB2BD-409A-42B9-A526-2B3717225E15}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | "{AB96C0B5-F16B-4ED8-9553-15BDF6D7CF90}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{B5A9E8A1-4646-41C1-919A-CCC1FC15FCEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{BB6EA4B7-713A-4D98-9436-EB4777E131B4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{BEB8776E-1940-443C-B0CB-5C7603B59201}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C11C453A-494E-439A-A96F-1E23028972CF}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{C2131743-A031-42C1-B898-2A96EB3D85B8}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{C6812261-0A3C-43C2-8949-9AE5157D671F}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | "{CAF18FEE-0692-45DA-99A9-716767675983}" = protocol=6 | dir=in | app=c:\program files\league of legends\lol.launcher.exe | "{CE045C1D-EF86-4148-BC7E-B0C1ACCC73B0}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{DEEC5FB4-7ADA-4394-9F88-38F8CC561F3D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{EA0662D1-DFED-449C-82DB-B334F917EB23}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{EBD9BCA6-3AC9-440E-8015-2EEA4E6AF4EC}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{F16DA657-8928-4778-8937-BB90910F5002}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | "{F3ECBA52-9DCC-47F6-A021-9E923C2C2B01}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | "{F9E579B8-ED47-41B0-B16D-E485EAD71CCF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{FB0CBA55-13A8-40B5-8221-598E452745FE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | "{FD82A080-CEF6-4DF3-A24B-AB3A0D7B7030}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "TCP Query User{1260010E-4090-419C-BD6D-5F2A9F2CB28A}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe | "TCP Query User{2A64EA99-925D-4D4E-B4A5-35D25B8F19E2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{2D6FBB45-C253-473B-B210-8BD60F9FB451}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | "TCP Query User{A01AC280-CAC1-4217-85CF-C16E7ECF4B0E}C:\users\philip\downloads\fogdownloader-rom_2_1_0_1871.exe" = protocol=6 | dir=in | app=c:\users\philip\downloads\fogdownloader-rom_2_1_0_1871.exe | "TCP Query User{A4985A8E-6CB2-4088-AE7E-754444FA223F}C:\users\philip\downloads\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\philip\downloads\loleudownloader.exe | "TCP Query User{A5A340F3-D946-433D-B5C7-F991A758B0F0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{B73187E4-0D74-4365-A8D5-ECDC4201535D}C:\users\philip\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\philip\program files\dna\btdna.exe | "TCP Query User{D2A97241-963A-4504-ADB4-ABD6FDB8E624}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{D60D4156-6BDF-4034-82DD-5BF361B1999C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{DFC9ACC2-ABBA-4FAF-8750-A9FA7F4D7F47}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{FBDC2199-DC04-4360-9B13-801DCF83721D}C:\program files\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 09\fifa09.exe | "UDP Query User{18D72740-6D7C-4DC2-AD85-1CA4220776C4}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | "UDP Query User{23E48678-95A8-4193-8095-76AAB8CCBA79}C:\program files\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 09\fifa09.exe | "UDP Query User{325B1D53-62CF-4D32-BF0E-DF545473864C}C:\users\philip\downloads\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\philip\downloads\loleudownloader.exe | "UDP Query User{549A508E-DA28-482D-9A03-736770EA6771}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{54EA0800-3FCB-4734-9AD0-6A66EB3DFA66}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{6BF90771-2947-4FF9-B070-60ABBE00483A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{711B3852-6AD6-4AF5-81EA-42C325E1136B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{7641DD66-3AAA-421D-8985-51FEA7E8926B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{78415CF4-E302-47C7-8073-B17EF27E4E5F}C:\users\philip\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\philip\program files\dna\btdna.exe | "UDP Query User{B00AEE8A-3003-4D7B-BA29-A065C3BA00D6}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe | "UDP Query User{F7CFDE58-5033-405E-BFDE-D41C6D2576A0}C:\users\philip\downloads\fogdownloader-rom_2_1_0_1871.exe" = protocol=17 | dir=in | app=c:\users\philip\downloads\fogdownloader-rom_2_1_0_1871.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3 "{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1 "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.6 - Deutsch "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0 "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3 "{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "conduitEngine" = Conduit Engine "DivX Setup.divx.com" = DivX-Setup "EADM" = EA Download Manager "Eazel-DE Toolbar" = Eazel-DE Toolbar "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) "facemoods" = facemoods "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Google Desktop" = Google Desktop "Google Updater" = Google Updater "Guitar Pro 5_is1" = Guitar Pro 5.0 "HijackThis" = HijackThis 2.0.2 "ICQToolbar" = ICQ Toolbar "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Intel(R) Configuration Center" = Intel® Viiv™ Software "League of Legends_is1" = League of Legends "LetsTrade" = LetsTrade Komponenten "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18) "Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7) "Neffy" = Neffy 1,3,29,0 "Nokia PC Suite" = Nokia PC Suite "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0 "RealPlayer 6.0" = RealPlayer "softonic-de3 Toolbar" = softonic-de3 Toolbar "Winload Toolbar" = Winload Toolbar "WinRAR archiver" = WinRAR "X10Hardware" = X10 Hardware(TM) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3325191093-4270842610-2651578479-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.10.2010 08:31:52 | Computer Name = PhilipKramer-PC | Source = WinMgmt | ID = 10 Description = Error - 12.10.2010 10:14:25 | Computer Name = PhilipKramer-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.1.3909, Zeitstempel 0x4c8fdc07, fehlerhaftes Modul xul.dll, Version 1.9.1.3909, Zeitstempel 0x4c8fdbcb, Ausnahmecode 0xc0000005, Fehleroffset 0x0006df6a, Prozess-ID 0x15e4, Anwendungsstartzeit 01cb6a1743b153f0. Error - 12.10.2010 11:14:50 | Computer Name = PhilipKramer-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.1.3909, Zeitstempel 0x4c8fdc07, fehlerhaftes Modul xul.dll, Version 1.9.1.3909, Zeitstempel 0x4c8fdbcb, Ausnahmecode 0xc0000005, Fehleroffset 0x0006df6a, Prozess-ID 0xe34, Anwendungsstartzeit 01cb6a2009dc62d8. Error - 13.10.2010 09:18:03 | Computer Name = PhilipKramer-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AppleSyncNotifier.exe, Version 1.5.0.0, Zeitstempel 0x4a5d2cf8, fehlerhaftes Modul CoreFoundation.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000135, Fehleroffset 0x00009eed, Prozess-ID 0xed8, Anwendungsstartzeit 01cb6ad8f618d34b. Error - 13.10.2010 09:18:45 | Computer Name = PhilipKramer-PC | Source = WinMgmt | ID = 10 Description = Error - 13.10.2010 09:31:48 | Computer Name = PhilipKramer-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.1.3909, Zeitstempel 0x4c8fdc07, fehlerhaftes Modul xul.dll, Version 1.9.1.3909, Zeitstempel 0x4c8fdbcb, Ausnahmecode 0xc0000005, Fehleroffset 0x0006df6a, Prozess-ID 0x1658, Anwendungsstartzeit 01cb6ada3540c0d0. Error - 13.10.2010 11:16:35 | Computer Name = PhilipKramer-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AppleSyncNotifier.exe, Version 1.5.0.0, Zeitstempel 0x4a5d2cf8, fehlerhaftes Modul CoreFoundation.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000135, Fehleroffset 0x00009eed, Prozess-ID 0x894, Anwendungsstartzeit 01cb6ae99c0160b7. Error - 13.10.2010 11:17:51 | Computer Name = PhilipKramer-PC | Source = WinMgmt | ID = 10 Description = Error - 14.10.2010 08:39:21 | Computer Name = PhilipKramer-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AppleSyncNotifier.exe, Version 1.5.0.0, Zeitstempel 0x4a5d2cf8, fehlerhaftes Modul CoreFoundation.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode 0xc0000135, Fehleroffset 0x00009eed, Prozess-ID 0x828, Anwendungsstartzeit 01cb6b9cc4c98b20. Error - 14.10.2010 08:40:23 | Computer Name = PhilipKramer-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 05.04.2011 04:20:06 | Computer Name = PhilipKramer-PC | Source = Service Control Manager | ID = 7001 Description = Error - 05.04.2011 04:20:06 | Computer Name = PhilipKramer-PC | Source = Service Control Manager | ID = 7001 Description = Error - 05.04.2011 04:20:06 | Computer Name = PhilipKramer-PC | Source = Service Control Manager | ID = 7001 Description = Error - 05.04.2011 04:57:31 | Computer Name = PhilipKramer-PC | Source = DCOM | ID = 10010 Description = Error - 05.04.2011 05:01:57 | Computer Name = PhilipKramer-PC | Source = DCOM | ID = 10005 Description = Error - 05.04.2011 05:02:04 | Computer Name = PhilipKramer-PC | Source = DCOM | ID = 10005 Description = Error - 05.04.2011 05:02:06 | Computer Name = PhilipKramer-PC | Source = DCOM | ID = 10005 Description = Error - 05.04.2011 05:02:07 | Computer Name = PhilipKramer-PC | Source = DCOM | ID = 10005 Description = Error - 05.04.2011 05:03:08 | Computer Name = PhilipKramer-PC | Source = Service Control Manager | ID = 7001 Description = Error - 05.04.2011 05:03:08 | Computer Name = PhilipKramer-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > |
|
|
|
|
05.04.2011, 11:39
|
#5 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 05.04.2011
Beiträge: 24
|
OTL.txt
Der OTL Bericht hat mehr als 6000 Zeichen, deswegen muss ich den in 2 Teile Splitten!
|
|
|
|
|
|
05.04.2011, 11:40
|
#6 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 05.04.2011
Beiträge: 24
|
OTL.Txt Part 1
OTL logfile created on: 05.04.2011 11:23:54 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Philip\Desktop\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 327,26 Gb Free Space | 73,42% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 5,00 Gb Free Space | 25,01% Space Free | Partition Type: FAT32 Computer Name: PHILIPKRAMER-PC | User Name: Philip | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Philip\Desktop\Downloads\OTL(2).exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Philip\Desktop\Downloads\OTL(2).exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FirebirdServerMAGIXInstance) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe () SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation) SRV - (QualityManager) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe (Intel(R) Corporation) SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation) SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation) SRV - (DHTRACE) Intel(R) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation) SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation) SRV - (NMSCore) Intel(R) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation) SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe () SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe () SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\Windows\System32\drivers\s3017unic.sys (MCCI Corporation) DRV - (s3017obex) -- C:\Windows\System32\drivers\s3017obex.sys (MCCI Corporation) DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s3017mgmt.sys (MCCI Corporation) DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\Windows\System32\drivers\s3017nd5.sys (MCCI Corporation) DRV - (s3017mdm) -- C:\Windows\System32\drivers\s3017mdm.sys (MCCI Corporation) DRV - (s3017mdfl) -- C:\Windows\System32\drivers\s3017mdfl.sys (MCCI Corporation) DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\Windows\System32\drivers\s3017bus.sys (MCCI Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys () DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={input Encoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={input Encoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.) IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search IE - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Eazel-DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2096149&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "http://www.google.de/" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.733 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.7.2.0 FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.02.19 14:52:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.14 15:53:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.31 21:37:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.31 21:37:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 12:18:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 12:18:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.02.05 16:14:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.12.25 12:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\mozilla\Extensions [2009.12.25 12:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.03 15:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\flcsoqpo.default\extens ions [2010.05.30 17:10:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\flcsoqpo.default\extens ions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.23 21:49:34 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\flcsoqpo.default\extens ions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011.03.25 10:24:33 | 000,000,000 | ---D | M] (Eazel-DE Community Toolbar) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\flcsoqpo.default\extens ions\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} [2011.03.25 10:24:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\flcsoqpo.default\extens ions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.23 21:49:34 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\flcsoqpo.default\extens ions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.03.25 10:24:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\flcsoqpo.default\extens ions\engine@conduit.com [2011.01.22 14:39:17 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Philip\AppData\Roaming\mozilla\Firefox\Profiles\flcsoqpo.default\extens ions\ffxtlbr@Facemoods.com [2010.09.24 12:20:16 | 000,000,919 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\flcsoqpo.default\search plugins\conduit.xml [2011.04.03 15:08:08 | 000,000,961 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\flcsoqpo.default\search plugins\icqplugin-1.xml [2010.09.14 15:21:45 | 000,000,961 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\flcsoqpo.default\search plugins\icqplugin-2.xml [2010.10.08 19:40:02 | 000,000,961 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\flcsoqpo.default\search plugins\icqplugin-3.xml [2010.10.30 18:20:33 | 000,000,961 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\flcsoqpo.default\search plugins\icqplugin-4.xml [2010.12.19 14:31:48 | 000,000,961 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\flcsoqpo.default\search plugins\icqplugin-5.xml [2011.01.22 14:43:24 | 000,000,961 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\flcsoqpo.default\search plugins\icqplugin-6.xml [2011.03.24 12:18:31 | 000,000,961 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\flcsoqpo.default\search plugins\icqplugin-7.xml [2011.02.20 12:21:20 | 000,000,168 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\flcsoqpo.default\search plugins\icqplugin.gif [2011.02.20 12:21:20 | 000,000,618 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\flcsoqpo.default\search plugins\icqplugin.src [2010.07.12 22:12:04 | 000,001,069 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\flcsoqpo.default\search plugins\icqplugin.xml [2011.03.29 14:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.31 21:37:55 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>  -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO[2010.12.31 21:37:55 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2010.05.30 14:35:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.09.14 15:53:23 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC [2011.04.05 10:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\PHILIP\PROGRAM FILES\DNA [2010.09.29 19:11:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.29 19:11:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml [2010.09.29 19:11:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.29 19:12:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.29 19:12:00 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com) O3 - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.) O4 - HKLM..\Run: [4StoryPrePatch] C:\Programme\Gameforge4D\4Story\PrePatch.exe (Zamiinc) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation) O4 - HKLM..\Run: [Performance Center] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005..\Run: [BitTorrent DNA] C:\Users\Philip\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005..\Run: [EADM] C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts) O4 - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005..\Run: [Recycle.Bin.exe] File not found O4 - HKLM..\RunOnce: [] File not found O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-3325191093-4270842610-2651578479-1005\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Philip\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Philip\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - File not found Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.04.05 11:17:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.05 11:17:15 | 000,000,000 | --SD | C] -- C:\ComboFix [2011.04.05 11:16:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.04.05 11:02:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.05 11:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.05 11:02:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.05 10:19:28 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2011.04.05 10:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis [2011.04.05 10:14:28 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Philip\Desktop\HJTInstall.exe [2011.04.03 15:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\kCp31001jKmOl31001 [2011.03.23 09:33:50 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 09:33:50 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.03.09 17:40:59 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 17:40:59 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 17:40:58 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 17:40:58 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.06 18:55:45 | 000,000,000 | ---D | C] -- C:\Users\Philip\Documents\HanbitOn [2011.03.06 18:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HanbitON [2011.03.06 18:52:40 | 000,000,000 | ---D | C] -- C:\HanbitOn [2010.06.21 17:15:51 | 814,143,398 | ---- | C] (GOA ) -- C:\Programme\loleusetup.exe [2009.12.03 19:44:34 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC531.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.05 11:02:55 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.05 11:01:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.05 11:00:10 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.04.05 11:00:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.05 11:00:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.05 10:56:41 | 000,034,997 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.04.05 10:56:29 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.05 10:56:22 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.05 10:40:15 | 000,673,596 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.05 10:40:15 | 000,633,790 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.05 10:40:15 | 000,145,650 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.05 10:40:15 | 000,119,354 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.05 10:30:51 | 000,008,592 | ---- | M] () -- C:\Users\Philip\AppData\Local\d3d9caps.dat [2011.04.05 10:19:28 | 000,001,878 | ---- | M] () -- C:\Users\Philip\Desktop\HijackThis.lnk [2011.04.05 10:14:28 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Philip\Desktop\HJTInstall.exe [2011.04.04 10:36:37 | 000,018,432 | ---- | M] () -- C:\Windows\System32\umstartup.etl [2011.04.04 10:27:11 | 000,043,008 | ---- | M] () -- C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.03 14:42:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.25 18:50:15 | 000,000,052 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Default.PLS [2011.03.16 18:28:24 | 000,000,186 | ---- | M] () -- C:\Users\Philip\Desktop\RECOVER (D) - Verknüpfung.lnk [2011.03.16 18:13:07 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.05 11:02:55 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.05 10:19:28 | 000,001,878 | ---- | C] () -- C:\Users\Philip\Desktop\HijackThis.lnk [2011.03.16 18:28:24 | 000,000,186 | ---- | C] () -- C:\Users\Philip\Desktop\RECOVER (D) - Verknüpfung.lnk [2010.12.16 20:22:07 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2010.11.05 15:54:04 | 000,000,000 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\wklnhst.dat [2010.09.30 17:46:22 | 000,144,460 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.05.06 19:36:18 | 000,000,052 | ---- | C] () -- C:\Users\Philip\AppData\Roaming\Default.PLS [2010.01.31 14:25:35 | 000,043,008 | ---- | C] () -- C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.27 15:26:07 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.12.27 15:26:04 | 000,034,997 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.12.25 12:45:39 | 000,008,592 | ---- | C] () -- C:\Users\Philip\AppData\Local\d3d9caps.dat [2009.12.25 12:09:41 | 000,000,094 | ---- | C] () -- C:\Users\Philip\AppData\Local\fusioncache.dat [2009.10.21 17:39:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.21 17:39:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.08.04 19:34:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.02.19 16:49:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.02.19 16:49:48 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.02.19 16:49:48 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.02.19 15:05:59 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.02.19 15:05:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.02.19 13:39:39 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2008.02.19 11:28:59 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2008.01.21 09:15:58 | 000,673,596 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,145,650 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,396,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,633,790 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,119,354 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.06.23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll |
|
|
|
|
05.04.2011, 11:41
|
#7 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 05.04.2011
Beiträge: 24
|
OTL.Txt Part 2
========== LOP Check ==========
[2009.10.11 11:10:54 | 000,000,000 | -HSD | M] -- C:\Users\florian kramer\AppData\Roaming\.# [2008.08.02 13:57:35 | 000,000,000 | ---D | M] -- C:\Users\florian kramer\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2009.06.28 18:56:12 | 000,000,000 | ---D | M] -- C:\Users\florian kramer\AppData\Roaming\ICQ [2008.10.20 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\florian kramer\AppData\Roaming\Leadertech [2008.10.14 19:54:19 | 000,000,000 | ---D | M] -- C:\Users\florian kramer\AppData\Roaming\Sony [2010.10.30 19:51:08 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\BITS [2009.12.25 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.12.16 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Degener [2011.04.05 10:56:31 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\DNA [2010.02.01 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\FlashGet [2010.01.31 14:22:56 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\FOG Downloader [2010.07.13 22:24:15 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\GetRightToGo [2011.04.03 11:01:13 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\ICQ [2010.12.31 21:37:57 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Local [2010.05.12 18:55:01 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\LolClient [2009.12.25 16:36:45 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784F A6.1 [2010.09.14 16:20:21 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Nokia [2010.03.12 18:30:54 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\OpenOffice.org [2010.09.14 16:02:23 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\PC Suite [2011.03.12 18:53:09 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\SPORE [2010.11.05 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Template [2009.12.25 12:58:50 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Thunderbird [2011.04.05 11:00:32 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.11 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Adobe [2010.01.05 13:59:37 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Apple Computer [2010.11.20 19:47:18 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Avira [2010.10.30 19:51:08 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\BITS [2009.12.25 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.05.06 19:36:19 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\CyberLink [2010.12.16 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Degener [2011.02.16 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\DivX [2011.04.05 10:56:31 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\DNA [2010.02.01 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\FlashGet [2010.01.31 14:22:56 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\FOG Downloader [2010.07.13 22:24:15 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\GetRightToGo [2010.02.04 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Google [2009.12.25 12:09:00 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\GTek [2011.04.03 11:01:13 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\ICQ [2009.12.25 12:08:41 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Identities [2010.12.31 21:37:57 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Local [2010.05.12 18:55:01 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\LolClient [2009.12.25 16:36:45 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784F A6.1 [2009.12.25 12:13:27 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Macromedia [2010.10.30 12:52:58 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Media Center Programs [2010.11.28 20:01:18 | 000,000,000 | --SD | M] -- C:\Users\Philip\AppData\Roaming\Microsoft [2009.12.25 12:56:18 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Mozilla [2011.02.22 15:55:02 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Nero [2010.09.14 16:20:21 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Nokia [2010.03.12 18:30:54 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\OpenOffice.org [2010.09.14 16:02:23 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\PC Suite [2009.12.25 12:46:46 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Real [2009.12.25 16:59:24 | 000,000,000 | RH-D | M] -- C:\Users\Philip\AppData\Roaming\SecuROM [2011.03.12 18:53:09 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\SPORE [2010.11.05 15:54:05 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Template [2009.12.25 12:58:50 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Thunderbird [2010.09.13 21:15:28 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.21 17:49:15 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Philip\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bb eb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647b bd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261ea b99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a218 9ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\HomeCinema\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys [2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys [2007.10.09 01:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af1152788 7c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327be fea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\sce cli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\sce cli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Was nun? Und danke schonmal für die Hilfe
|
|
|
|
|
05.04.2011, 11:43
|
#8 (Direktlink) |
|
Malware-Team
Registriert seit: 30.03.2008
Alter: 25
Beiträge: 8.612
|
wer hatt geschrieben das du malwarebytes nutzen sollst?
nutze nur die von mir genannten programme. poste das malwarebytes log, öffne dazu malwarebytes und dann logdateien. machst du onlinebanking /einkäufe oder sonst was wichtiges mit dem pc |
|
|
|
|
05.04.2011, 11:51
|
#9 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 05.04.2011
Beiträge: 24
|
In irgend einem anderen Threat stand, dass man Malwarebytes noch zusätzlich nutzen sollte, habe das nur provisorisch gemacht, aber der suchlauf ist noch nicht beendet.
 Nein, Online Banking betreibe ich nicht.Also Suchlauf beenden und log Daten posten? |
|
|
|
|
05.04.2011, 11:57
|
#10 (Direktlink) |
|
Malware-Team
Registriert seit: 30.03.2008
Alter: 25
Beiträge: 8.612
|
aber was in anderen threads steht muss nicht zwangsläufig auf dich zutreffen.
außerdem immer ein programm nach dem andern laufen lassen, wenn du die falschen zusammen laufen lässt zerschießt du dir das system. was ist mit einkäufen? ja logs posten nach beendigung |
|
|
|
|
|
05.04.2011, 12:02
|
#11 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 05.04.2011
Beiträge: 24
|
Tut mit leid
Also wichtige Einkäufe betreibe ich nicht über diesen Computer. |
|
|
|
|
05.04.2011, 12:04
|
#12 (Direktlink) |
|
Malware-Team
Registriert seit: 30.03.2008
Alter: 25
Beiträge: 8.612
|
was heißt wichtige einkäufe... kaufst du ein oder nicht
|
|
|
|
|
05.04.2011, 12:07
|
#13 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 05.04.2011
Beiträge: 24
|
Ich habe schon einmal Einkäufe über diesen PC getätigt, also nur bei Amazon.de oder ähnliche.
Hier die log Daten: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6273 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19019 05.04.2011 12:05:08 mbam-log-2011-04-05 (12-05-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 323657 Laufzeit: 34 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kCp31001jKmO l31001 (Trojan.Downloader) -> Value: kCp31001jKmOl31001 -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Recycle.Bin.exe (Trojan.SpyEyes) -> Value: Recycle.Bin.exe -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> No action taken. |
|
|
|
|
05.04.2011, 12:12
|
#14 (Direktlink) |
|
Malware-Team
Registriert seit: 30.03.2008
Alter: 25
Beiträge: 8.612
|
das log ist nicht vollständig, infizierte dateien fehlt.
willst du wieder mit diesem pc einkaufen? dann müssen wir ihn aufgrund des spyeye trojans neu aufsetzen. denn sonst kannst du nie wieder einkäufe mit dem gerät tätigen, da wir nie 100 %ig bei dieser malware garantieren können das das system sauber wird |
|
|
|
|
05.04.2011, 12:16
|
#15 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 05.04.2011
Beiträge: 24
|
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes Datenbank Version: 6273 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19019 05.04.2011 12:05:08 mbam-log-2011-04-05 (12-05-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 323657 Laufzeit: 34 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\kCp31001jKmO l31001 (Trojan.Downloader) -> Value: kCp31001jKmOl31001 -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Recycle.Bin.exe (Trojan.SpyEyes) -> Value: Recycle.Bin.exe -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> No action taken. Infizierte Dateien: c:\programdata\kcp31001jkmol31001\kcp31001jkmol31001.exe (Trojan.Downloader) -> No action taken. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> No action taken. Da ist der ganze log Nein, ich brauche keine Einkäufe mehr tätigen, ich habe noch einen zweit PC von dem aus ich das machen kann. Was muss ich jetzt machen? Geändert von Quarktasche (05.04.2011 um 12:35 Uhr) |
|
|
|
|
|
|
| Lesezeichen |
| Stichworte |
| ms removal tool, virus |
| Themen-Optionen | |
| Ansicht | |
|
|
|
Ähnliche Themen
|
||||
| Thema | Autor | Forum | Antworten | Letzter Beitrag |
| VIRUS MS Removal Tool | zicky | Viren-Forum | 3 | 07.04.2011 22:18 |
| [Windows Vista-32 bit] MS Removal Tool | Unregistriert Jerome | Viren-Forum | 21 | 07.04.2011 18:49 |
| [Windows Vista-64 bit] VIRUS MS Removal Tool [#GELÖST] | Ben12345 | Viren-Forum | 11 | 04.04.2011 18:39 |
| Kaspersky Virus Removal Tool | Newbie | Windows XP | 4 | 18.10.2008 11:22 |
Forum
Empfohlen: 
Linear-Darstellung
