Solved Keep getting redirected with Google searches

K

Kahlua

Posts: 16   +0
Hi! When I search for something in google and click on the result links, the links are redirected to sites other than what the link is supposed to be. Ah, i use Firefox. Please help me find the problem! thank you!

Here is my hijack this log:

[HJT log removed by Broni]
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi!

Malwarebytes Anti-Malware:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8321

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

06.12.2011 17:53:43
mbam-log-2011-12-06 (17-53-43).txt

Scan type: Full scan (C:\|)
Objects scanned: 328861
Time elapsed: 1 hour(s), 37 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-06 18:24:17
Windows 6.0.6002 Service Pack 2
Running: b3enp238.exe; Driver: C:\Users\ADSENR~1\AppData\Local\Temp\awliauob.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2E 0x44 0x54 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x08 0xCC 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0x01 0x7A 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2E 0x44 0x54 0xE2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x08 0xCC 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0x01 0x7A 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2E 0x44 0x54 0xE2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x08 0xCC 0x0E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0x01 0x7A 0xAD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2E 0x44 0x54 0xE2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x08 0xCC 0x0E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0x01 0x7A 0xAD ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2E 0x44 0x54 0xE2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x08 0xCC 0x0E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0x01 0x7A 0xAD ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2E 0x44 0x54 0xE2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x08 0xCC 0x0E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0x01 0x7A 0xAD ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2E 0x44 0x54 0xE2 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0A 0x08 0xCC 0x0E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0x01 0x7A 0xAD ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB58523$\2538911865 0 bytes
File C:\Windows\$NtUninstallKB58523$\3072545720 0 bytes
File C:\Windows\$NtUninstallKB58523$\3072545720\L 0 bytes
File C:\Windows\$NtUninstallKB58523$\3072545720\U 0 bytes
File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes

---- EOF - GMER 1.0.15 ----


DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_29
Run by Adsen River at 18:26:47 on 2011-12-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3000.1299 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\PAStiSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\System32\drivers\Phibtn.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Users\ADSENR~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Adsen River\Downloads\b3enp238.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
mDefault_Page_URL = hxxp://de.yahoo.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_ActiveX.exe -update activex
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [TrayMin900] c:\windows\system32\drivers\Tray900.exe
mRun: [PhiBtn] c:\windows\system32\drivers\PhiBtn.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D463B63C-754D-4291-8437-01BBACBCD1A3} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\adsen river\appdata\roaming\mozilla\firefox\profiles\0zpgz8au.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_EU&apn_uid=5F162E4A-A13D-4F97-A5C4-485D740D5120&apn_ptnrs=PV&apn_sauid=B2586A47-AAB0-4234-9AE9-0C017DC32573&apn_dtid=&&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\adsen river\appdata\roaming\mozilla\firefox\profiles\0zpgz8au.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\adsen river\appdata\roaming\mozilla\firefox\profiles\0zpgz8au.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\platform\winnt\components\kikin_3_6.dll
FF - component: c:\users\adsen river\appdata\roaming\mozilla\firefox\profiles\0zpgz8au.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\adsen river\appdata\roaming\mozilla\firefox\profiles\0zpgz8au.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\adsen river\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\adsen river\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-18 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-9-14 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-14 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-14 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-23 44768]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-3-12 75048]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-8-6 707104]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-30 366152]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R3 awliauob;awliauob;c:\users\adsenr~1\appdata\local\temp\awliauob.sys [2011-12-6 100864]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-8-6 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-30 22216]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-12 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2011-2-19 69120]
S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2007-4-23 1347584]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-12 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2008-5-27 50560]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 PAC7311;Trust Webcam 14839;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-06 11:23:47 -------- d-----w- c:\program files\Rosetta Stone
2011-12-06 11:23:46 -------- d-----w- c:\programdata\Rosetta Stone
2011-12-05 15:17:53 -------- d-----w- c:\programdata\McAfee Security Scan
2011-12-05 15:17:42 -------- d-----w- c:\program files\McAfee Security Scan
2011-12-03 13:15:30 388096 ----a-r- c:\users\adsen river\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-03 13:15:29 -------- d-----w- c:\program files\Trend Micro
2011-12-03 11:48:56 476904 ----a-w- c:\program files\mozilla firefox\plugins\RENA02A.tmp
2011-12-02 19:17:00 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c58f7491-e443-4cde-8f0b-4cd18cb8e811}\offreg.dll
2011-12-02 19:16:58 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c58f7491-e443-4cde-8f0b-4cd18cb8e811}\mpengine.dll
2011-11-30 19:35:05 -------- d-----w- c:\users\adsen river\appdata\roaming\Malwarebytes
2011-11-30 19:34:51 -------- d-----w- c:\programdata\Malwarebytes
2011-11-30 19:34:46 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 19:34:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-29 11:32:04 90112 ----a-w- c:\windows\unvise32.exe
2011-11-29 11:31:13 -------- d-----w- c:\program files\The Rosetta Stone
2011-11-24 22:11:08 -------- d-----w- c:\users\adsen river\appdata\roaming\Uqasiz
2011-11-14 09:25:17 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-11-09 01:07:21 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 01:07:03 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 01:07:00 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-08 23:00:23 -------- d-----w- c:\program files\NORMA RUCK ZUCK FOTOBUCH
2011-11-07 19:01:27 -------- d-----w- c:\program files\NortonInstaller
.
==================== Find3M ====================
.
2011-12-05 15:18:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-03 11:48:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-12 00:32:36 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-12 00:32:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 18:33:33,73 ===============

DDs Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 06.08.2009 12:48:05
System Uptime: 30.11.2011 23:00:01 (139 hours ago)
.
Motherboard: Acer | | JV50
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 92,492 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP698: 22.11.2011 17:06:44 - Windows Update
RP699: 25.11.2011 00:02:29 - Windows Update
RP700: 25.11.2011 09:36:20 - Windows Update
RP701: 27.11.2011 20:19:06 - Installed Rosetta Stone Version 3
RP702: 27.11.2011 20:56:20 - Installed Rosetta Stone Version 3
RP703: 27.11.2011 21:02:58 - Installed Rosetta Stone Version 3
RP704: 27.11.2011 21:16:53 - Installed Java(TM) 6 Update 29
RP705: 29.11.2011 10:56:23 - Windows Update
RP706: 30.11.2011 08:46:38 - Geplanter Prüfpunkt
RP707: 01.12.2011 08:49:17 - Geplanter Prüfpunkt
RP708: 02.12.2011 20:16:06 - Windows Update
RP709: 03.12.2011 12:43:16 - Removed Java(TM) 6 Update 29
RP710: 03.12.2011 12:48:09 - Installed Java(TM) 6 Update 29
RP711: 03.12.2011 14:14:51 - Installed HiJackThis
RP712: 06.12.2011 12:23:01 - Installed Rosetta Stone Version 3
.
==== Installed Programs ======================
.
.
Acer Arcade Deluxe
Acer Backup Manager
Acer eRecovery Management
Acer GridVista
Acer PowerSmart Manager
Acer Product Registration
Acer ScreenSaver
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.4.6 - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems HDA Modem
ALPS Touch Pad Driver
Ask Toolbar
avast! Free Antivirus
Backup Manager Basic
Broadcom Gigabit NetLink Controller
Canon iP3600 series Benutzerregistrierung
Canon iP3600 series Printer Driver
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Choice Guard
Compatibility Pack für 2007 Office System
concept/design onlineTV 5
Connect
Corel PaintShop Photo Pro X3
DivX-Setup
DivX Converter
DivX Plus DirectShow Filters
DivX Version Checker
Google Earth Plug-in
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICA
Inkjet Printer/Scanner Extended Survey Program
Intel(R) Graphics Media Accelerator Driver
IPM_PSP_CL
IPM_PSP_COM
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 29
JDownloader
Junk Mail filter update
kuler
Launch Manager
LG PC Suite II
LG USB Modem driver
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 8.0 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewFreeScreensaver nfsSaintValentine05
Nokia Connectivity Cable Driver
NORMA RUCK ZUCK FOTOBUCH
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA PhysX
Octoshape Streaming Services
OGA Notifier 2.0.0048.0
PDF Settings CS4
Philips SPC 900NC PC Camera
Philips VLounge
Photoshop Camera Raw
Prince of Persia T2T
PSPPRO_DCRAW
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Rosetta Stone Version 3
Samsung Master
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Skype Click to Call
Skype™ 5.5
SopCast 3.2.4
Suite Shared Configuration CS4
The Rosetta Stone
TVUPlayer 2.5.3.1
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.0.1
Winamp
Winamp Erkennungs-Plug-in
Winamp Toolbar
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
WinRAR
XPwinExit Edition 6
Xvid Video Codec
Yahoo! Toolbar
.
==== End Of File ===========================

Thank you!
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`71100000

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

  • Double click on downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log (FRST.txt) on your desktop.
  • Please copy and paste it to your reply.
 
Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by Adsen River at 2011-12-09 13:13:20
Running from C:\Users\Adsen River\Desktop
Service Pack 2 (X86) OS Language: German Standard
Attention: Could not load system hive.FEHLER: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

========================== Registry (Whitelisted) =============

HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default\...\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default User\...\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]

================================ Services (Whitelisted) ==================


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-09 13:13 - 2011-12-09 13:13 - 0000000 ____D C:\FRST
2011-12-09 13:12 - 2011-12-09 13:12 - 0858348 ____A C:\Users\Adsen River\Desktop\FRST.exe
2011-12-08 20:56 - 2011-12-08 20:56 - 1874076 ____A C:\Users\Adsen River\Downloads\VICSammelkarte.pdf
2011-12-08 15:07 - 2011-12-08 15:28 - 0050979 ____A C:\Users\Adsen River\Desktop\bootkit_remover_debug_log.txt
2011-12-07 21:53 - 2011-12-09 13:06 - 3146584064 __ASH C:\hiberfil.sys
2011-12-07 20:29 - 2011-12-07 20:30 - 4331784 ____A (Swearware) C:\Users\Adsen River\Desktop\ComboFix.exe
2011-12-07 17:42 - 2011-12-07 17:45 - 1916416 ____A (AVAST Software) C:\Users\Adsen River\Desktop\aswMBR.exe
2011-12-06 15:57 - 2011-12-06 15:57 - 0607260 ____R (Swearware) C:\Users\Adsen River\Desktop\dds.scr
2011-12-06 15:38 - 2011-12-06 18:24 - 0008023 ____A C:\Users\Adsen River\Documents\gmer.log
2011-12-06 14:13 - 2011-12-06 14:13 - 0302592 ____A C:\Users\Adsen River\Downloads\b3enp238.exe
2011-12-06 12:23 - 2011-12-06 12:28 - 0000000 ____D C:\Users\All Users\Rosetta Stone
2011-12-06 12:23 - 2011-12-06 12:28 - 0000000 ____D C:\ProgramData\Rosetta Stone
2011-12-06 12:23 - 2011-12-06 12:23 - 0000000 ____D C:\Program Files\Rosetta Stone
2011-12-06 12:21 - 2011-12-06 12:21 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta Stone 3.4.7
2011-12-06 12:20 - 2011-12-06 12:20 - 0030915 ____A C:\Users\Adsen River\Downloads\Konto_240580506-Auszug_2011_026_pdf.pdf
2011-12-06 12:14 - 2011-12-06 12:19 - 124342397 ____A C:\Users\Adsen River\Downloads\Rosetta Stone 3.4.7.rar
2011-12-06 09:07 - 2011-12-06 09:07 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.5
2011-12-06 09:06 - 2011-12-06 09:06 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.4
2011-12-06 09:05 - 2011-12-06 09:05 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.3
2011-12-06 09:00 - 2011-12-06 09:00 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.2
2011-12-06 08:58 - 2011-12-06 08:58 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.1
2011-12-05 23:50 - 2011-12-06 00:10 - 445789714 ____A C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.5.rar
2011-12-05 23:06 - 2011-12-05 23:27 - 396152172 ____A C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.4.rar
2011-12-05 22:02 - 2011-12-05 22:40 - 412170978 ____A C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.3.rar
2011-12-05 20:50 - 2011-12-05 21:26 - 398017455 ____A C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.2.rar
2011-12-05 19:38 - 2011-12-05 20:02 - 426041507 ____A C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.1.rar
2011-12-03 14:15 - 2011-12-05 18:54 - 0002535 ____A C:\Users\Adsen River\Desktop\HiJackThis.lnk
2011-12-03 14:15 - 2011-12-03 14:15 - 0000000 ____D C:\Program Files\Trend Micro
2011-12-03 14:14 - 2011-12-03 14:14 - 1402880 ____A C:\Users\Adsen River\Desktop\HiJackThis-2-04.msi
2011-12-03 14:13 - 2011-12-03 14:13 - 0319568 ____A (Softonic) C:\Users\Adsen River\Downloads\SoftonicDownloader_fuer_hijackthis.exe
2011-12-03 12:48 - 2011-12-03 12:48 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2011-12-03 12:48 - 2011-12-03 12:48 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2011-12-03 12:48 - 2011-12-03 12:48 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2011-12-03 12:47 - 2011-12-03 12:47 - 0910624 ____A (Sun Microsystems, Inc.) C:\Users\Adsen River\Downloads\jxpiinstall.exe
2011-11-30 20:35 - 2011-11-30 20:35 - 0000000 ____D C:\Users\Adsen River\AppData\Roaming\Malwarebytes
2011-11-30 20:34 - 2011-11-30 20:34 - 0000910 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-30 20:34 - 2011-11-30 20:34 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-30 20:34 - 2011-11-30 20:34 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-30 20:34 - 2011-11-30 20:34 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-11-30 20:34 - 2011-08-31 17:00 - 0022216 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-11-30 20:30 - 2011-11-30 20:31 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\Adsen River\Downloads\mbam-setup-1.51.2.1300.exe
2011-11-29 12:32 - 2004-03-29 16:23 - 0090112 ____A (MindVision Software) C:\Windows\unvise32.exe
2011-11-29 12:31 - 2011-11-29 12:31 - 0001996 ____A C:\Users\Adsen River\Desktop\The Rosetta Stone.lnk
2011-11-29 12:31 - 2011-11-29 12:31 - 0000000 ____D C:\Program Files\The Rosetta Stone
2011-11-28 17:28 - 2011-11-28 17:28 - 1261774 ____A C:\Users\Adsen River\Downloads\A4_grat.pdf
2011-11-27 21:22 - 2011-11-27 21:22 - 0000000 ____D C:\Program Files\Common Files\Java
2011-11-27 21:18 - 2011-11-27 21:21 - 0003177 ____A C:\Windows\System32\jupdate-1.6.0_29-b11.log
2011-11-27 20:16 - 2011-12-08 19:59 - 0000000 ____D C:\Users\Adsen River\Downloads\Vânia
2011-11-25 21:08 - 2011-11-25 21:08 - 0291942 ____A C:\Users\Adsen River\Documents\Bundespolizei_Trojaner_in_10_Schritten_sicher_entfernen.pdf
2011-11-25 09:19 - 2011-11-25 09:19 - 0001844 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2011-11-24 23:41 - 2011-11-24 23:41 - 0000000 ____A C:\Users\Adsen River\AppData\Local\{CFC09021-3A6A-4906-BB28-237F393E8DB4}
2011-11-24 23:11 - 2011-11-24 23:15 - 0000000 ____D C:\Users\Adsen River\AppData\Roaming\Uqasiz
2011-11-17 12:46 - 2011-11-17 12:46 - 1025632 ____A C:\Users\Adsen River\Documents\formybaby.docx
2011-11-17 11:09 - 2011-11-17 11:09 - 0028715 ____A C:\Users\Adsen River\Documents\Konto_240580506-Auszug_2011_025_pdf.pdf
2011-11-14 10:25 - 2011-11-14 10:25 - 0002560 ____A C:\Windows\_MSRSTRT.EXE
2011-11-14 10:07 - 2011-11-14 10:09 - 0007599 ____A C:\Users\Adsen River\Documents\Uninstall Dragon Age Origins.log
2011-11-09 02:07 - 2011-09-20 22:02 - 0905088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-11-09 00:00 - 2011-11-09 00:00 - 0000000 ____D C:\Program Files\NORMA RUCK ZUCK FOTOBUCH

============ 3 Months Modified Files and Folders ===============

2011-12-09 13:13 - 2011-12-09 13:13 - 0000000 ____D C:\FRST
2011-12-09 13:12 - 2011-12-09 13:12 - 0858348 ____A C:\Users\Adsen River\Desktop\FRST.exe
2011-12-09 13:11 - 2006-11-02 13:47 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2011-12-09 13:11 - 2006-11-02 13:47 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2011-12-09 13:06 - 2011-12-07 21:53 - 3146584064 __ASH C:\hiberfil.sys
2011-12-09 13:06 - 2011-04-12 08:55 - 0001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-12-09 13:06 - 2006-11-02 14:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-12-09 12:16 - 2009-08-06 11:43 - 1143772 ____A C:\Windows\WindowsUpdate.log
2011-12-09 12:16 - 2006-11-02 14:01 - 0032510 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-12-09 11:23 - 2011-04-12 08:55 - 0001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-12-09 09:16 - 2011-09-20 20:49 - 0000000 ____D C:\Users\Adsen River\AppData\Roaming\SoftGrid Client
2011-12-09 08:14 - 2006-11-02 11:33 - 1446822 ____A C:\Windows\System32\PerfStringBackup.INI
2011-12-09 08:13 - 2006-11-02 13:52 - 0200609 ____A C:\Windows\setupact.log
2011-12-08 20:56 - 2011-12-08 20:56 - 1874076 ____A C:\Users\Adsen River\Downloads\VICSammelkarte.pdf
2011-12-08 19:59 - 2011-11-27 20:16 - 0000000 ____D C:\Users\Adsen River\Downloads\Vânia
2011-12-08 15:28 - 2011-12-08 15:07 - 0050979 ____A C:\Users\Adsen River\Desktop\bootkit_remover_debug_log.txt
2011-12-08 15:06 - 2011-09-21 18:11 - 0003641 ____A C:\Users\Adsen River\Desktop\readme_ru.txt
2011-12-08 15:06 - 2011-09-21 18:11 - 0003114 ____A C:\Users\Adsen River\Desktop\readme_en.txt
2011-12-08 15:06 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Users\Adsen River\Desktop\boot_cleaner.exe
2011-12-07 21:51 - 2011-09-25 22:11 - 0169860 ____A C:\Windows\ntbtlog.txt
2011-12-07 21:28 - 2010-12-25 17:19 - 0000000 ____D C:\Users\All Users\CanonIJPLM
2011-12-07 21:28 - 2010-12-25 17:19 - 0000000 ____D C:\ProgramData\CanonIJPLM
2011-12-07 20:30 - 2011-12-07 20:29 - 4331784 ____A (Swearware) C:\Users\Adsen River\Desktop\ComboFix.exe
2011-12-07 17:45 - 2011-12-07 17:42 - 1916416 ____A (AVAST Software) C:\Users\Adsen River\Desktop\aswMBR.exe
2011-12-07 15:50 - 2008-01-21 03:47 - 0815216 ____A C:\Windows\PFRO.log
2011-12-07 15:46 - 2006-11-02 11:23 - 0002577 ____A C:\Windows\System32\config.nt
2011-12-07 09:47 - 2009-10-05 15:43 - 0004600 ____A C:\Users\Adsen River\AppData\Roaming\wklnhst.dat
2011-12-06 18:24 - 2011-12-06 15:38 - 0008023 ____A C:\Users\Adsen River\Documents\gmer.log
2011-12-06 15:57 - 2011-12-06 15:57 - 0607260 ____R (Swearware) C:\Users\Adsen River\Desktop\dds.scr
2011-12-06 14:20 - 2009-09-14 18:44 - 0000000 ____D C:\Users\Adsen River\Desktop\Programme
2011-12-06 14:17 - 2010-03-04 15:03 - 0000000 ____D C:\Users\All Users\Symantec
2011-12-06 14:17 - 2010-03-04 15:03 - 0000000 ____D C:\Users\All Users\Norton
2011-12-06 14:17 - 2010-03-04 15:03 - 0000000 ____D C:\ProgramData\Symantec
2011-12-06 14:17 - 2010-03-04 15:03 - 0000000 ____D C:\ProgramData\Norton
2011-12-06 14:13 - 2011-12-06 14:13 - 0302592 ____A C:\Users\Adsen River\Downloads\b3enp238.exe
2011-12-06 12:28 - 2011-12-06 12:23 - 0000000 ____D C:\Users\All Users\Rosetta Stone
2011-12-06 12:28 - 2011-12-06 12:23 - 0000000 ____D C:\ProgramData\Rosetta Stone
2011-12-06 12:23 - 2011-12-06 12:23 - 0000000 ____D C:\Program Files\Rosetta Stone
2011-12-06 12:21 - 2011-12-06 12:21 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta Stone 3.4.7
2011-12-06 12:20 - 2011-12-06 12:20 - 0030915 ____A C:\Users\Adsen River\Downloads\Konto_240580506-Auszug_2011_026_pdf.pdf
2011-12-06 12:19 - 2011-12-06 12:14 - 124342397 ____A C:\Users\Adsen River\Downloads\Rosetta Stone 3.4.7.rar
2011-12-06 09:07 - 2011-12-06 09:07 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.5
2011-12-06 09:06 - 2011-12-06 09:06 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.4
2011-12-06 09:05 - 2011-12-06 09:05 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.3
2011-12-06 09:00 - 2011-12-06 09:00 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.2
2011-12-06 08:58 - 2011-12-06 08:58 - 0000000 ____D C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.1
2011-12-06 00:10 - 2011-12-05 23:50 - 445789714 ____A C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.5.rar
2011-12-05 23:27 - 2011-12-05 23:06 - 396152172 ____A C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.4.rar
2011-12-05 22:40 - 2011-12-05 22:02 - 412170978 ____A C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.3.rar
2011-12-05 21:26 - 2011-12-05 20:50 - 398017455 ____A C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.2.rar
2011-12-05 20:02 - 2011-12-05 19:38 - 426041507 ____A C:\Users\Adsen River\Downloads\Rosetta.Stone.German.V3.Level.1.rar
2011-12-05 18:54 - 2011-12-03 14:15 - 0002535 ____A C:\Users\Adsen River\Desktop\HiJackThis.lnk
2011-12-05 16:18 - 2011-07-22 19:52 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2011-12-05 16:17 - 2009-03-12 03:46 - 0000000 ____D C:\Users\All Users\McAfee
2011-12-05 16:17 - 2009-03-12 03:46 - 0000000 ____D C:\ProgramData\McAfee
2011-12-03 14:15 - 2011-12-03 14:15 - 0000000 ____D C:\Program Files\Trend Micro
2011-12-03 14:14 - 2011-12-03 14:14 - 1402880 ____A C:\Users\Adsen River\Desktop\HiJackThis-2-04.msi
2011-12-03 14:13 - 2011-12-03 14:13 - 0319568 ____A (Softonic) C:\Users\Adsen River\Downloads\SoftonicDownloader_fuer_hijackthis.exe
2011-12-03 12:48 - 2011-12-03 12:48 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2011-12-03 12:48 - 2011-12-03 12:48 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2011-12-03 12:48 - 2011-12-03 12:48 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2011-12-03 12:48 - 2010-11-25 14:08 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2011-12-03 12:47 - 2011-12-03 12:47 - 0910624 ____A (Sun Microsystems, Inc.) C:\Users\Adsen River\Downloads\jxpiinstall.exe
2011-11-30 22:58 - 2006-11-02 12:18 - 0000000 ____D C:\Windows\Speech
2011-11-30 20:35 - 2011-11-30 20:35 - 0000000 ____D C:\Users\Adsen River\AppData\Roaming\Malwarebytes
2011-11-30 20:34 - 2011-11-30 20:34 - 0000910 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-11-30 20:34 - 2011-11-30 20:34 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-11-30 20:34 - 2011-11-30 20:34 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-11-30 20:34 - 2011-11-30 20:34 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-11-30 20:31 - 2011-11-30 20:30 - 9852544 ____A (Malwarebytes Corporation ) C:\Users\Adsen River\Downloads\mbam-setup-1.51.2.1300.exe
2011-11-30 11:11 - 2010-03-07 18:51 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2011-11-29 12:31 - 2011-11-29 12:31 - 0001996 ____A C:\Users\Adsen River\Desktop\The Rosetta Stone.lnk
2011-11-29 12:31 - 2011-11-29 12:31 - 0000000 ____D C:\Program Files\The Rosetta Stone
2011-11-28 19:01 - 2010-11-23 12:34 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2011-11-28 19:01 - 2009-09-14 11:32 - 0199816 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2011-11-28 18:53 - 2011-04-18 15:51 - 0435032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2011-11-28 18:53 - 2009-09-14 11:33 - 0314456 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2011-11-28 18:52 - 2009-09-14 11:33 - 0052952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2011-11-28 18:52 - 2009-09-14 11:33 - 0034392 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2011-11-28 18:52 - 2009-09-14 11:32 - 0055128 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2011-11-28 18:51 - 2009-09-14 11:33 - 0020568 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2011-11-28 17:28 - 2011-11-28 17:28 - 1261774 ____A C:\Users\Adsen River\Downloads\A4_grat.pdf
2011-11-27 21:22 - 2011-11-27 21:22 - 0000000 ____D C:\Program Files\Common Files\Java
2011-11-27 21:21 - 2011-11-27 21:18 - 0003177 ____A C:\Windows\System32\jupdate-1.6.0_29-b11.log
2011-11-27 21:21 - 2009-09-14 15:29 - 0000000 ____D C:\Program Files\Java
2011-11-27 20:16 - 2010-05-14 08:06 - 0000000 ____D C:\Users\Adsen River\Downloads\Anwendungen
2011-11-26 00:39 - 2009-09-11 18:21 - 0000000 ____D C:\Users\Adsen River\AppData\LocalLow
2011-11-25 21:08 - 2011-11-25 21:08 - 0291942 ____A C:\Users\Adsen River\Documents\Bundespolizei_Trojaner_in_10_Schritten_sicher_entfernen.pdf
2011-11-25 10:29 - 2009-09-14 11:53 - 0000000 ____D C:\Users\Adsen River\AppData\Roaming\Skype
2011-11-25 09:47 - 2006-11-02 12:18 - 0000000 ____D C:\Windows\System32\config\TxR
2011-11-25 09:27 - 2009-09-11 18:21 - 0000000 ____D C:\Program Files\Google
2011-11-25 09:19 - 2011-11-25 09:19 - 0001844 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2011-11-25 09:15 - 2009-09-11 18:21 - 0000000 ____D C:\users\Adsen River
2011-11-25 09:12 - 2011-03-14 12:37 - 0000000 ____D C:\Users\All Users\FLEXnet
2011-11-25 09:12 - 2011-03-14 12:37 - 0000000 ____D C:\ProgramData\FLEXnet
2011-11-25 09:12 - 2009-09-14 18:42 - 0000000 ____D C:\Users\Adsen River\AppData\Roaming\IrfanView
2011-11-25 09:12 - 2009-09-14 12:28 - 0000000 ____D C:\Users\Adsen River\AppData\Roaming\Winamp
2011-11-25 09:12 - 2009-09-11 18:22 - 0000000 ____D C:\Users\Public\Documents\Acer
2011-11-25 09:12 - 2006-11-02 12:18 - 0000000 ____D C:\Windows\System32\spool
2011-11-25 09:12 - 2006-11-02 12:18 - 0000000 ____D C:\Windows\System32\Msdtc
2011-11-25 09:12 - 2006-11-02 12:18 - 0000000 ____D C:\Windows\registration
2011-11-25 09:12 - 2006-11-02 11:22 - 40370176 ____A C:\Windows\System32\config\software_previous
2011-11-25 09:12 - 2006-11-02 11:22 - 39059456 ____A C:\Windows\System32\config\components_previous
2011-11-25 09:12 - 2006-11-02 11:22 - 35651584 ____A C:\Windows\System32\config\system_previous
2011-11-25 09:12 - 2006-11-02 11:22 - 0262144 ____A C:\Windows\System32\config\security_previous
2011-11-25 09:12 - 2006-11-02 11:22 - 0262144 ____A C:\Windows\System32\config\sam_previous
2011-11-25 09:12 - 2006-11-02 11:22 - 0262144 ____A C:\Windows\System32\config\default_previous
2011-11-24 23:43 - 2011-09-25 22:02 - 0000000 ____D C:\Windows\Minidump
2011-11-24 23:41 - 2011-11-24 23:41 - 0000000 ____A C:\Users\Adsen River\AppData\Local\{CFC09021-3A6A-4906-BB28-237F393E8DB4}
2011-11-24 23:15 - 2011-11-24 23:11 - 0000000 ____D C:\Users\Adsen River\AppData\Roaming\Uqasiz
2011-11-17 12:46 - 2011-11-17 12:46 - 1025632 ____A C:\Users\Adsen River\Documents\formybaby.docx
2011-11-17 11:09 - 2011-11-17 11:09 - 0028715 ____A C:\Users\Adsen River\Documents\Konto_240580506-Auszug_2011_025_pdf.pdf
2011-11-14 10:26 - 2009-09-30 13:52 - 0000000 ____D C:\Program Files\OXXOGames
2011-11-14 10:25 - 2011-11-14 10:25 - 0002560 ____A C:\Windows\_MSRSTRT.EXE
2011-11-14 10:23 - 2009-02-11 21:16 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2011-11-14 10:22 - 2009-03-12 04:28 - 0000000 ____D C:\Program Files\Cyberlink
2011-11-14 10:22 - 2009-03-12 04:26 - 0000000 ____D C:\Users\All Users\CyberLink
2011-11-14 10:22 - 2009-03-12 04:26 - 0000000 ____D C:\ProgramData\CyberLink
2011-11-14 10:18 - 2009-09-14 12:28 - 0000000 ____D C:\Program Files\Winamp
2011-11-14 10:17 - 2009-09-14 11:42 - 0000000 ____D C:\Program Files\Mozilla Firefox
2011-11-14 10:11 - 2009-09-30 13:52 - 0000000 ____D C:\Program Files\DEUTSCHLAND SPIELT
2011-11-14 10:09 - 2011-11-14 10:07 - 0007599 ____A C:\Users\Adsen River\Documents\Uninstall Dragon Age Origins.log
2011-11-14 10:09 - 2009-09-11 18:21 - 0000000 ____D C:\Users\Adsen River\AppData\Local\Google
2011-11-14 10:08 - 2010-01-27 19:26 - 0000000 ____D C:\Users\All Users\BioWare
2011-11-14 10:08 - 2010-01-27 19:26 - 0000000 ____D C:\ProgramData\BioWare
2011-11-14 10:08 - 2009-12-13 20:49 - 0000000 ____D C:\Users\All Users\Media Center Programs
2011-11-14 10:08 - 2009-12-13 20:49 - 0000000 ____D C:\ProgramData\Media Center Programs
2011-11-14 10:03 - 2009-08-06 12:06 - 0000000 ____D C:\Program Files\eSobi
2011-11-14 10:01 - 2009-10-02 22:00 - 0000000 ____D C:\Windows\System32\SupportAppCB
2011-11-14 10:00 - 2009-10-02 22:00 - 0028502 ____A C:\Windows\ZTEInstallInfo.log
2011-11-14 09:59 - 2009-10-14 15:11 - 0000000 ____D C:\Magic
2011-11-14 09:56 - 2009-11-02 22:21 - 0000000 ____D C:\Program Files\UBISOFT
2011-11-14 09:53 - 2010-03-06 21:22 - 0000000 ____D C:\Program Files\Common Files\Real
2011-11-14 09:52 - 2010-03-06 21:22 - 0000000 ____D C:\Users\Adsen River\AppData\Roaming\Real
2011-11-14 09:52 - 2010-03-06 21:22 - 0000000 ____D C:\Program Files\Real
2011-11-14 09:49 - 2011-03-28 17:50 - 0000000 ____D C:\Users\Adsen River\Documents\bitComposer Games
2011-11-14 09:48 - 2010-02-25 18:42 - 0000000 ____D C:\Program Files\Zattoo4
2011-11-12 01:32 - 2009-01-21 00:41 - 0499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2011-11-12 01:32 - 2009-01-21 00:41 - 0348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2011-11-11 13:23 - 2009-09-18 00:06 - 0199168 ____A C:\Users\Adsen River\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-11 11:41 - 2011-09-20 23:02 - 0000000 ____D C:\Users\All Users\VirtualizedApplications
2011-11-11 11:41 - 2011-09-20 23:02 - 0000000 ____D C:\ProgramData\VirtualizedApplications
2011-11-09 03:03 - 2006-11-02 11:24 - 50295240 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-11-09 03:01 - 2006-11-02 12:18 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-09 00:00 - 2011-11-09 00:00 - 0000000 ____D C:\Program Files\NORMA RUCK ZUCK FOTOBUCH
2011-11-08 14:32 - 2011-11-08 14:32 - 0386787 ____A C:\Users\Adsen River\Documents\orientierungskurs-lernkarten.pdf
2011-11-07 21:57 - 2011-11-07 21:57 - 0076718 ____A C:\Users\Adsen River\Documents\bestaetigung.pdf
2011-11-07 17:02 - 2010-05-05 18:04 - 0000000 ____D C:\Users\All Users\DivX
2011-11-07 17:02 - 2010-05-05 18:04 - 0000000 ____D C:\ProgramData\DivX
2011-11-07 17:02 - 2009-09-14 12:30 - 0000000 ____D C:\Program Files\DivX
2011-11-06 18:12 - 2011-06-30 08:21 - 0000000 ____D C:\Users\All Users\boost_interprocess
2011-11-06 18:12 - 2011-06-30 08:21 - 0000000 ____D C:\ProgramData\boost_interprocess
2011-10-27 20:31 - 2009-09-14 11:48 - 0000000 ___RD C:\Program Files\Skype
2011-10-24 14:05 - 2010-03-06 20:59 - 0000000 ____D C:\Program Files\Ask.com
2011-10-24 11:29 - 2011-06-01 13:21 - 0000000 ____D C:\Users\Adsen River\AppData\Roaming\vlc
2011-10-13 02:49 - 2006-11-02 12:18 - 0000000 ____D C:\Windows\rescache
2011-10-13 02:44 - 2006-11-02 12:18 - 0000000 ____D C:\Windows\Microsoft.NET
2011-10-13 02:33 - 2006-11-02 13:47 - 2222424 ____A C:\Windows\System32\FNTCACHE.DAT
2011-10-13 02:29 - 2006-11-02 12:18 - 0000000 ____D C:\Windows\System32\de-DE
2011-10-09 11:07 - 2011-10-09 11:07 - 0000000 ____D C:\Users\Adsen River\Downloads\Plakart
2011-10-03 19:48 - 2010-05-15 16:37 - 0000000 ____D C:\Users\Adsen River\Downloads\Movies
2011-10-01 00:06 - 2011-10-12 20:16 - 1212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-10-01 00:06 - 2011-10-12 20:16 - 0916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-10-01 00:06 - 2011-10-12 20:16 - 0105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-10-01 00:04 - 2011-10-12 20:16 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-10-01 00:03 - 2011-10-12 20:16 - 0611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-10-01 00:02 - 2011-10-12 20:16 - 5971456 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-10-01 00:02 - 2011-10-12 20:16 - 0602112 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-10-01 00:02 - 2011-10-12 20:16 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-10-01 00:02 - 2011-10-12 20:16 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-10-01 00:02 - 2011-10-12 20:16 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-10-01 00:01 - 2011-10-12 20:16 - 2000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-10-01 00:01 - 2011-10-12 20:16 - 1469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-10-01 00:01 - 2011-10-12 20:16 - 11081728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-10-01 00:01 - 2011-10-12 20:16 - 0387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-10-01 00:01 - 2011-10-12 20:16 - 0184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-10-01 00:01 - 2011-10-12 20:16 - 0164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-10-01 00:01 - 2011-10-12 20:16 - 0109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-10-01 00:01 - 2011-10-12 20:16 - 0071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-10-01 00:01 - 2011-10-12 20:16 - 0055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-10-01 00:01 - 2011-10-12 20:16 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-09-30 23:07 - 2011-10-12 20:16 - 0385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-09-30 22:29 - 2011-10-12 20:16 - 0174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-09-30 22:29 - 2011-10-12 20:16 - 0133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-09-30 22:29 - 2011-10-12 20:16 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-09-30 22:28 - 2011-10-12 20:16 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-09-30 17:55 - 2011-09-07 11:09 - 0000000 ____D C:\Users\Adsen River\Documents\bewerbungen etc
2011-09-29 15:09 - 2009-09-14 11:42 - 0000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2011-09-27 07:52 - 2010-11-12 22:28 - 0000000 ____D C:\Users\Adsen River\Downloads\Series
2011-09-26 21:51 - 2011-09-26 21:51 - 0141808 ____A C:\Windows\Minidump\Mini092611-02.dmp
2011-09-26 21:51 - 2011-09-25 22:02 - 201202932 ____A C:\Windows\MEMORY.DMP
2011-09-26 21:50 - 2011-09-26 21:50 - 0141808 ____A C:\Windows\Minidump\Mini092611-01.dmp
2011-09-25 22:17 - 2011-09-01 17:17 - 0002377 ____A C:\Users\Public\Desktop\Skype.lnk
2011-09-25 22:17 - 2009-09-14 14:52 - 0001356 ____A C:\Users\Adsen River\AppData\Local\d3d9caps.dat
2011-09-25 22:11 - 2011-09-25 22:11 - 0141808 ____A C:\Windows\Minidump\Mini092511-05.dmp
2011-09-25 22:09 - 2011-09-25 22:09 - 0141808 ____A C:\Windows\Minidump\Mini092511-04.dmp
2011-09-25 22:08 - 2011-09-25 22:08 - 0141808 ____A C:\Windows\Minidump\Mini092511-03.dmp
2011-09-25 22:03 - 2011-09-25 22:03 - 0141808 ____A C:\Windows\Minidump\Mini092511-02.dmp
2011-09-25 22:02 - 2011-09-25 22:02 - 0141808 ____A C:\Windows\Minidump\Mini092511-01.dmp
2011-09-23 14:57 - 2011-09-23 12:37 - 0436906 ____A C:\Users\Adsen River\Documents\cats.docx
2011-09-23 08:49 - 2011-09-23 08:49 - 0000000 ____D C:\Users\Adsen River\AppData\Local\Unity
2011-09-22 02:03 - 2011-09-20 20:47 - 0000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2011-09-20 22:02 - 2011-11-09 02:07 - 0905088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-20 20:56 - 2011-09-20 20:56 - 0000000 __RHD C:\MSOCache
2011-09-20 20:49 - 2011-09-20 20:49 - 0000000 ____D C:\Users\Adsen River\AppData\Local\SoftGrid Client
2011-09-20 20:49 - 2011-09-20 20:46 - 0000000 ____D C:\Users\Adsen River\AppData\Roaming\TP
2011-09-20 20:47 - 2011-09-20 20:47 - 0000000 ____D C:\Program Files\Common Files\DESIGNER
2011-09-20 20:47 - 2009-03-12 04:11 - 0000000 ____D C:\Program Files\Microsoft Office
2011-09-20 20:47 - 2006-11-02 12:18 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-09-12 20:28 - 2011-09-12 20:28 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ccdcmb_01005.Wdf
2011-09-12 17:30 - 2011-09-09 16:34 - 0012288 ____A C:\Users\Adsen River\Documents\lebenslaufVânia.wps

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 49%
Total physical RAM: 3000.09 MB
Available physical RAM: 1508.86 MB
Total Pagefile: 6206.43 MB
Available Pagefile: 4471.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.63 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:223.12 GB) (Free:98.71 GB) NTFS ==>[System = boot components]
3 Drive f: () (Removable) (Total:0.95 GB) (Free:0.94 GB) FAT

Datentr ### Status GrӇe Frei Dyn GPT
-------- ---------- ------- ------- --- ---
0 Online 233 GB 0 B
1 Online 975 MB 0 B

Datentr„gerpartitionierung wird beendet...


==========================================================

Last Boot: 2011-12-09 13:12

======================= End Of Log ==========================
 
That looks normal.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
21:47:26.0759 4348 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
21:47:27.0064 4348 ============================================================
21:47:27.0065 4348 Current date / time: 2011/12/10 21:47:27.0064
21:47:27.0065 4348 SystemInfo:
21:47:27.0065 4348
21:47:27.0065 4348 OS Version: 6.0.6002 ServicePack: 2.0
21:47:27.0065 4348 Product type: Workstation
21:47:27.0065 4348 ComputerName: ADSENRIVER-PC
21:47:27.0065 4348 UserName: Adsen River
21:47:27.0065 4348 Windows directory: C:\Windows
21:47:27.0065 4348 System windows directory: C:\Windows
21:47:27.0065 4348 Processor architecture: Intel x86
21:47:27.0065 4348 Number of processors: 2
21:47:27.0065 4348 Page size: 0x1000
21:47:27.0065 4348 Boot type: Normal boot
21:47:27.0065 4348 ============================================================
21:47:27.0667 4348 Initialize success
21:47:56.0893 3848 ============================================================
21:47:56.0893 3848 Scan started
21:47:56.0893 3848 Mode: Manual;
21:47:56.0893 3848 ============================================================
21:47:58.0063 3848 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:47:58.0063 3848 ACPI - ok
21:47:58.0407 3848 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:47:58.0407 3848 adp94xx - ok
21:47:58.0594 3848 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:47:58.0609 3848 adpahci - ok
21:47:58.0999 3848 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:47:59.0031 3848 adpu160m - ok
21:47:59.0109 3848 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:47:59.0109 3848 adpu320 - ok
21:47:59.0343 3848 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:47:59.0343 3848 AFD - ok
21:48:00.0091 3848 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
21:48:00.0123 3848 AgereSoftModem - ok
21:48:00.0606 3848 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:48:00.0622 3848 agp440 - ok
21:48:00.0778 3848 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:48:00.0793 3848 aic78xx - ok
21:48:00.0856 3848 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:48:00.0887 3848 aliide - ok
21:48:00.0965 3848 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:48:00.0965 3848 amdagp - ok
21:48:00.0996 3848 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:48:00.0996 3848 amdide - ok
21:48:01.0137 3848 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:48:01.0137 3848 AmdK7 - ok
21:48:01.0261 3848 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:48:01.0293 3848 AmdK8 - ok
21:48:01.0542 3848 ApfiltrService (91b05bbb609c79d73e2332b6e5f99aea) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:48:01.0573 3848 ApfiltrService - ok
21:48:01.0729 3848 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:48:01.0745 3848 arc - ok
21:48:01.0979 3848 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:48:01.0995 3848 arcsas - ok
21:48:02.0213 3848 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
21:48:02.0213 3848 aswFsBlk - ok
21:48:02.0275 3848 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
21:48:02.0275 3848 aswMonFlt - ok
21:48:02.0322 3848 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
21:48:02.0322 3848 aswRdr - ok
21:48:02.0572 3848 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
21:48:02.0572 3848 aswSnx - ok
21:48:03.0118 3848 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
21:48:03.0133 3848 aswSP - ok
21:48:03.0305 3848 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
21:48:03.0305 3848 aswTdi - ok
21:48:03.0399 3848 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:48:03.0414 3848 AsyncMac - ok
21:48:03.0477 3848 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:48:03.0477 3848 atapi - ok
21:48:04.0007 3848 athr (d6ed40129c5f70a7485185bab27b8330) C:\Windows\system32\DRIVERS\athr.sys
21:48:04.0054 3848 athr - ok
21:48:04.0319 3848 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:48:04.0350 3848 b57nd60x - ok
21:48:04.0428 3848 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:48:04.0428 3848 Beep - ok
21:48:04.0600 3848 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:48:04.0631 3848 blbdrive - ok
21:48:04.0740 3848 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:48:04.0740 3848 bowser - ok
21:48:04.0849 3848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:48:04.0849 3848 BrFiltLo - ok
21:48:04.0865 3848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:48:04.0865 3848 BrFiltUp - ok
21:48:04.0896 3848 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:48:04.0896 3848 Brserid - ok
21:48:04.0927 3848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:48:04.0927 3848 BrSerWdm - ok
21:48:04.0943 3848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:48:04.0943 3848 BrUsbMdm - ok
21:48:04.0943 3848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:48:04.0959 3848 BrUsbSer - ok
21:48:04.0959 3848 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:48:04.0959 3848 BTHMODEM - ok
21:48:05.0146 3848 camdrv41 (2948ebd41fa73c5743162a5c49ebf224) C:\Windows\system32\DRIVERS\camdrv41.sys
21:48:05.0161 3848 camdrv41 - ok
21:48:05.0302 3848 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:48:05.0317 3848 cdfs - ok
21:48:05.0395 3848 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:48:05.0395 3848 cdrom - ok
21:48:05.0863 3848 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:48:05.0895 3848 circlass - ok
21:48:05.0957 3848 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:48:05.0957 3848 CLFS - ok
21:48:06.0207 3848 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:48:06.0222 3848 CmBatt - ok
21:48:06.0331 3848 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:48:06.0347 3848 cmdide - ok
21:48:06.0394 3848 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:48:06.0394 3848 Compbatt - ok
21:48:06.0487 3848 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:48:06.0487 3848 crcdisk - ok
21:48:06.0690 3848 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:48:06.0706 3848 Crusoe - ok
21:48:06.0862 3848 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:48:06.0862 3848 DfsC - ok
21:48:07.0018 3848 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:48:07.0018 3848 disk - ok
21:48:07.0314 3848 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:48:07.0330 3848 DKbFltr - ok
21:48:07.0626 3848 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:48:07.0657 3848 drmkaud - ok
21:48:07.0891 3848 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:48:07.0923 3848 DXGKrnl - ok
21:48:08.0110 3848 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:48:08.0188 3848 E1G60 - ok
21:48:08.0328 3848 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:48:08.0344 3848 Ecache - ok
21:48:08.0391 3848 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:48:08.0391 3848 elxstor - ok
21:48:08.0515 3848 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:48:08.0515 3848 ErrDev - ok
21:48:08.0578 3848 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:48:08.0578 3848 exfat - ok
21:48:08.0625 3848 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:48:08.0625 3848 fastfat - ok
21:48:08.0781 3848 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:48:08.0796 3848 fdc - ok
21:48:08.0952 3848 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:48:08.0968 3848 FileInfo - ok
21:48:09.0061 3848 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:48:09.0061 3848 Filetrace - ok
21:48:09.0186 3848 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:48:09.0186 3848 flpydisk - ok
21:48:09.0327 3848 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:48:09.0327 3848 FltMgr - ok
21:48:09.0467 3848 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:48:09.0467 3848 Fs_Rec - ok
21:48:09.0483 3848 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:48:09.0498 3848 gagp30kx - ok
21:48:09.0561 3848 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:48:09.0561 3848 HdAudAddService - ok
21:48:09.0685 3848 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:48:09.0685 3848 HDAudBus - ok
21:48:09.0779 3848 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:48:09.0779 3848 HidBth - ok
21:48:09.0795 3848 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:48:09.0795 3848 HidIr - ok
21:48:09.0857 3848 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:48:09.0857 3848 HidUsb - ok
21:48:09.0951 3848 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:48:09.0951 3848 HpCISSs - ok
21:48:09.0997 3848 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:48:10.0013 3848 HTTP - ok
21:48:10.0107 3848 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:48:10.0107 3848 i2omp - ok
21:48:10.0185 3848 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:48:10.0185 3848 i8042prt - ok
21:48:10.0294 3848 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
21:48:10.0309 3848 iaStor - ok
21:48:10.0341 3848 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:48:10.0341 3848 iaStorV - ok
21:48:10.0621 3848 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:48:10.0793 3848 igfx - ok
21:48:10.0887 3848 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:48:10.0887 3848 iirsp - ok
21:48:10.0980 3848 IntcAzAudAddService (80919a856693b1d1d4177f11f5bda545) C:\Windows\system32\drivers\RTKVHDA.sys
21:48:11.0011 3848 IntcAzAudAddService - ok
21:48:11.0121 3848 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
21:48:11.0121 3848 IntcHdmiAddService - ok
21:48:11.0183 3848 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:48:11.0183 3848 intelide - ok
21:48:11.0292 3848 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:48:11.0292 3848 intelppm - ok
21:48:11.0323 3848 IpInIp - ok
21:48:11.0339 3848 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:48:11.0339 3848 IPMIDRV - ok
21:48:11.0370 3848 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:48:11.0370 3848 IPNAT - ok
21:48:11.0479 3848 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
21:48:11.0479 3848 irda - ok
21:48:11.0495 3848 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:48:11.0495 3848 IRENUM - ok
21:48:11.0511 3848 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:48:11.0511 3848 isapnp - ok
21:48:11.0542 3848 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:48:11.0542 3848 iScsiPrt - ok
21:48:11.0573 3848 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:48:11.0573 3848 iteatapi - ok
21:48:11.0651 3848 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:48:11.0651 3848 iteraid - ok
21:48:11.0682 3848 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
21:48:11.0682 3848 k57nd60x - ok
21:48:11.0698 3848 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:48:11.0698 3848 kbdclass - ok
21:48:11.0729 3848 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:48:11.0729 3848 kbdhid - ok
21:48:11.0916 3848 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:48:11.0916 3848 KSecDD - ok
21:48:12.0181 3848 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:48:12.0213 3848 lltdio - ok
21:48:12.0353 3848 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:48:12.0353 3848 LSI_FC - ok
21:48:12.0369 3848 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:48:12.0369 3848 LSI_SAS - ok
21:48:12.0525 3848 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:48:12.0540 3848 LSI_SCSI - ok
21:48:12.0587 3848 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:48:12.0587 3848 luafv - ok
21:48:12.0696 3848 massfilter - ok
21:48:12.0805 3848 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
21:48:12.0821 3848 MBAMProtector - ok
21:48:13.0086 3848 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:48:13.0102 3848 megasas - ok
21:48:13.0367 3848 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:48:13.0383 3848 MegaSR - ok
21:48:13.0492 3848 MHIKEY10 (3412a454fdf9f68341ab80f3ee79edab) C:\Windows\system32\Drivers\MHIKEY10.sys
21:48:13.0492 3848 MHIKEY10 - ok
21:48:13.0570 3848 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:48:13.0570 3848 Modem - ok
21:48:13.0710 3848 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:48:13.0710 3848 monitor - ok
21:48:13.0804 3848 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:48:13.0804 3848 mouclass - ok
21:48:13.0913 3848 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:48:13.0913 3848 mouhid - ok
21:48:13.0944 3848 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:48:13.0944 3848 MountMgr - ok
21:48:14.0053 3848 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:48:14.0053 3848 mpio - ok
21:48:14.0085 3848 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:48:14.0085 3848 mpsdrv - ok
21:48:14.0131 3848 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:48:14.0131 3848 Mraid35x - ok
21:48:14.0163 3848 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:48:14.0178 3848 MRxDAV - ok
21:48:14.0256 3848 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:48:14.0256 3848 mrxsmb - ok
21:48:14.0319 3848 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:48:14.0319 3848 mrxsmb10 - ok
21:48:14.0334 3848 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:48:14.0334 3848 mrxsmb20 - ok
21:48:14.0428 3848 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:48:14.0428 3848 msahci - ok
21:48:14.0490 3848 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:48:14.0490 3848 msdsm - ok
21:48:14.0568 3848 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:48:14.0584 3848 Msfs - ok
21:48:14.0631 3848 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:48:14.0631 3848 msisadrv - ok
21:48:14.0662 3848 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:48:14.0662 3848 MSKSSRV - ok
21:48:14.0709 3848 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:48:14.0709 3848 MSPCLOCK - ok
21:48:14.0724 3848 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:48:14.0724 3848 MSPQM - ok
21:48:14.0771 3848 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:48:14.0771 3848 MsRPC - ok
21:48:14.0818 3848 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:48:14.0818 3848 mssmbios - ok
21:48:14.0896 3848 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:48:14.0896 3848 MSTEE - ok
21:48:14.0943 3848 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:48:14.0943 3848 Mup - ok
21:48:15.0067 3848 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:48:15.0067 3848 NativeWifiP - ok
21:48:15.0130 3848 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:48:15.0145 3848 NDIS - ok
21:48:15.0239 3848 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:48:15.0239 3848 NdisTapi - ok
21:48:15.0301 3848 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:48:15.0317 3848 Ndisuio - ok
21:48:15.0333 3848 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:48:15.0333 3848 NdisWan - ok
21:48:15.0426 3848 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:48:15.0426 3848 NDProxy - ok
21:48:15.0489 3848 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:48:15.0504 3848 NetBIOS - ok
21:48:15.0582 3848 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:48:15.0582 3848 netbt - ok
21:48:15.0645 3848 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:48:15.0645 3848 nfrd960 - ok
21:48:15.0754 3848 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys
21:48:15.0754 3848 nmwcd - ok
21:48:15.0785 3848 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:48:15.0785 3848 Npfs - ok
21:48:15.0816 3848 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
21:48:15.0816 3848 NSCIRDA - ok
21:48:15.0894 3848 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:48:15.0894 3848 nsiproxy - ok
21:48:15.0957 3848 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:48:15.0972 3848 Ntfs - ok
21:48:16.0113 3848 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
21:48:16.0113 3848 NTIDrvr - ok
21:48:16.0159 3848 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:48:16.0159 3848 ntrigdigi - ok
21:48:16.0159 3848 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:48:16.0175 3848 Null - ok
21:48:16.0175 3848 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:48:16.0191 3848 nvraid - ok
21:48:16.0191 3848 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:48:16.0191 3848 nvstor - ok
21:48:16.0222 3848 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:48:16.0222 3848 nv_agp - ok
21:48:16.0284 3848 NwlnkFlt - ok
21:48:16.0300 3848 NwlnkFwd - ok
21:48:16.0347 3848 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
21:48:16.0347 3848 ohci1394 - ok
21:48:16.0503 3848 PAC7311 (2085d5168fc0c56bb13304d180d244b6) C:\Windows\system32\DRIVERS\PA707UCM.SYS
21:48:16.0503 3848 PAC7311 - ok
21:48:16.0549 3848 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:48:16.0549 3848 Parport - ok
21:48:16.0581 3848 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:48:16.0581 3848 partmgr - ok
21:48:16.0674 3848 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:48:16.0674 3848 Parvdm - ok
21:48:16.0705 3848 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:48:16.0721 3848 pci - ok
21:48:16.0721 3848 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:48:16.0721 3848 pciide - ok
21:48:16.0768 3848 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
21:48:16.0768 3848 pcmcia - ok
21:48:16.0939 3848 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:48:16.0939 3848 PEAUTH - ok
21:48:17.0407 3848 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:48:17.0407 3848 PptpMiniport - ok
21:48:17.0579 3848 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:48:17.0610 3848 Processor - ok
21:48:17.0969 3848 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:48:17.0985 3848 PSched - ok
21:48:18.0141 3848 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:48:18.0172 3848 ql2300 - ok
21:48:18.0297 3848 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:48:18.0312 3848 ql40xx - ok
21:48:18.0453 3848 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:48:18.0453 3848 QWAVEdrv - ok
21:48:18.0484 3848 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:48:18.0484 3848 RasAcd - ok
21:48:18.0749 3848 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:48:18.0765 3848 Rasl2tp - ok
21:48:18.0921 3848 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:48:18.0936 3848 RasPppoe - ok
21:48:19.0077 3848 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:48:19.0077 3848 RasSstp - ok
21:48:19.0201 3848 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:48:19.0201 3848 rdbss - ok
21:48:19.0357 3848 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:48:19.0357 3848 RDPCDD - ok
21:48:19.0545 3848 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:48:19.0545 3848 rdpdr - ok
21:48:19.0825 3848 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:48:19.0857 3848 RDPENCDD - ok
21:48:19.0997 3848 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:48:20.0013 3848 RDPWD - ok
21:48:20.0091 3848 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:48:20.0106 3848 rspndr - ok
21:48:20.0247 3848 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
21:48:20.0262 3848 RTSTOR - ok
21:48:20.0293 3848 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:48:20.0293 3848 sbp2port - ok
21:48:20.0465 3848 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
21:48:20.0465 3848 sdbus - ok
21:48:20.0652 3848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:48:20.0668 3848 secdrv - ok
21:48:20.0824 3848 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:48:20.0824 3848 Serenum - ok
21:48:20.0839 3848 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:48:20.0839 3848 Serial - ok
21:48:20.0871 3848 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:48:20.0871 3848 sermouse - ok
21:48:20.0949 3848 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:48:20.0949 3848 sffdisk - ok
21:48:20.0964 3848 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:48:20.0964 3848 sffp_mmc - ok
21:48:20.0980 3848 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:48:20.0980 3848 sffp_sd - ok
21:48:20.0995 3848 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:48:20.0995 3848 sfloppy - ok
21:48:21.0058 3848 Sftfs (8f00cc8cacf83dce5b35079f615b0f12) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:48:21.0058 3848 Sftfs - ok
21:48:21.0307 3848 Sftplay (afdb934586c4c8b2be39ae7eea6f52be) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:48:21.0323 3848 Sftplay - ok
21:48:21.0510 3848 Sftredir (6b1865d82e0290729ed7496c24275592) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:48:21.0541 3848 Sftredir - ok
21:48:21.0588 3848 Sftvol (621eccb1265a01ce2bdf6f2c5e727e2b) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:48:21.0588 3848 Sftvol - ok
21:48:21.0744 3848 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:48:21.0775 3848 sisagp - ok
21:48:21.0807 3848 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:48:21.0807 3848 SiSRaid2 - ok
21:48:21.0807 3848 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:48:21.0822 3848 SiSRaid4 - ok
21:48:21.0853 3848 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:48:21.0853 3848 Smb - ok
21:48:21.0963 3848 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:48:21.0963 3848 spldr - ok
21:48:22.0306 3848 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
21:48:22.0306 3848 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
21:48:22.0306 3848 sptd ( LockedFile.Multi.Generic ) - warning
21:48:22.0306 3848 sptd - detected LockedFile.Multi.Generic (1)
21:48:22.0618 3848 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:48:22.0633 3848 srv - ok
21:48:22.0914 3848 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:48:22.0930 3848 srv2 - ok
21:48:23.0039 3848 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:48:23.0055 3848 srvnet - ok
21:48:23.0226 3848 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:48:23.0226 3848 swenum - ok
21:48:23.0413 3848 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:48:23.0413 3848 Symc8xx - ok
21:48:23.0585 3848 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:48:23.0601 3848 Sym_hi - ok
21:48:23.0788 3848 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:48:23.0803 3848 Sym_u3 - ok
21:48:24.0069 3848 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:48:24.0100 3848 Tcpip - ok
21:48:24.0256 3848 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:48:24.0256 3848 Tcpip6 - ok
21:48:24.0521 3848 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:48:24.0521 3848 tcpipreg - ok
21:48:24.0677 3848 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:48:24.0708 3848 TDPIPE - ok
21:48:24.0802 3848 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:48:24.0802 3848 TDTCP - ok
21:48:24.0973 3848 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:48:25.0005 3848 tdx - ok
21:48:25.0192 3848 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:48:25.0207 3848 TermDD - ok
21:48:25.0379 3848 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:48:25.0410 3848 tssecsrv - ok
21:48:25.0473 3848 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:48:25.0473 3848 tunmp - ok
21:48:25.0660 3848 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:48:25.0675 3848 tunnel - ok
21:48:25.0863 3848 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:48:25.0878 3848 uagp35 - ok
21:48:26.0050 3848 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
21:48:26.0065 3848 UBHelper - ok
21:48:26.0533 3848 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:48:26.0533 3848 udfs - ok
21:48:26.0767 3848 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:48:26.0783 3848 uliagpkx - ok
21:48:26.0955 3848 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:48:26.0986 3848 uliahci - ok
21:48:27.0079 3848 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:48:27.0095 3848 UlSata - ok
21:48:27.0111 3848 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:48:27.0111 3848 ulsata2 - ok
21:48:27.0142 3848 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:48:27.0142 3848 umbus - ok
21:48:27.0407 3848 upperdev (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:48:27.0438 3848 upperdev - ok
21:48:27.0563 3848 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:48:27.0579 3848 usbaudio - ok
21:48:27.0641 3848 usbbus (cccece399b1990d63bfc8de8161dd838) C:\Windows\system32\DRIVERS\lgusbbus.sys
21:48:27.0657 3848 usbbus - ok
21:48:27.0688 3848 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:48:27.0688 3848 usbccgp - ok
21:48:27.0781 3848 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:48:27.0797 3848 usbcir - ok
21:48:27.0844 3848 UsbDiag (b2ef4693e17404a178da88318c5236b8) C:\Windows\system32\DRIVERS\lgusbdiag.sys
21:48:27.0844 3848 UsbDiag - ok
21:48:28.0015 3848 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:48:28.0047 3848 usbehci - ok
21:48:28.0203 3848 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:48:28.0218 3848 usbhub - ok
21:48:28.0359 3848 USBModem (eb16939525ed91fb649ec68afc865dce) C:\Windows\system32\DRIVERS\lgusbmodem.sys
21:48:28.0390 3848 USBModem - ok
21:48:28.0421 3848 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:48:28.0421 3848 usbohci - ok
21:48:28.0468 3848 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:48:28.0468 3848 usbprint - ok
21:48:28.0577 3848 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
21:48:28.0577 3848 usbser - ok
21:48:28.0624 3848 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:48:28.0624 3848 USBSTOR - ok
21:48:28.0655 3848 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:48:28.0671 3848 usbuhci - ok
21:48:29.0045 3848 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:48:29.0045 3848 usbvideo - ok
21:48:29.0185 3848 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:48:29.0217 3848 vga - ok
21:48:29.0248 3848 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:48:29.0248 3848 VgaSave - ok
21:48:29.0388 3848 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:48:29.0388 3848 viaagp - ok
21:48:29.0404 3848 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:48:29.0404 3848 ViaC7 - ok
21:48:29.0404 3848 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:48:29.0404 3848 viaide - ok
21:48:29.0435 3848 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:48:29.0435 3848 volmgr - ok
21:48:29.0466 3848 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:48:29.0482 3848 volmgrx - ok
21:48:29.0763 3848 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:48:29.0794 3848 volsnap - ok
21:48:29.0965 3848 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:48:29.0997 3848 vsmraid - ok
21:48:30.0184 3848 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:48:30.0199 3848 WacomPen - ok
21:48:30.0246 3848 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:48:30.0246 3848 Wanarp - ok
21:48:30.0277 3848 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:48:30.0277 3848 Wanarpv6 - ok
21:48:30.0511 3848 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:48:30.0527 3848 Wd - ok
21:48:30.0683 3848 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:48:30.0699 3848 Wdf01000 - ok
21:48:30.0933 3848 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:48:30.0933 3848 WmiAcpi - ok
21:48:31.0338 3848 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:48:31.0338 3848 WpdUsb - ok
21:48:31.0572 3848 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:48:31.0603 3848 ws2ifsl - ok
21:48:31.0791 3848 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:48:31.0806 3848 WUDFRd - ok
21:48:31.0869 3848 ZTEusbmdm6k - ok
21:48:31.0900 3848 ZTEusbnmea - ok
21:48:31.0915 3848 ZTEusbser6k - ok
21:48:31.0947 3848 MBR (0x1B8) (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
21:48:31.0978 3848 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:48:31.0978 3848 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:48:32.0009 3848 Boot (0x1200) (b0246009fb75328dc46eca5b3b9b60ad) \Device\Harddisk0\DR0\Partition0
21:48:32.0009 3848 \Device\Harddisk0\DR0\Partition0 - ok
21:48:32.0009 3848 ============================================================
21:48:32.0009 3848 Scan finished
21:48:32.0009 3848 ============================================================
21:48:32.0025 0244 Detected object count: 2
21:48:32.0025 0244 Actual detected object count: 2
21:50:15.0937 0244 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:50:15.0937 0244 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:50:16.0000 0244 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:50:16.0000 0244 \Device\Harddisk0\DR0 - ok
21:50:16.0000 0244 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:50:28.0261 4224 Deinitialize success






Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`71100000
Boot sector MD5 is: a29a0ee0cc44a754c05f0d38f7e57cb4

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
Hey! I think the problems are solved! Im not being redirect anymore.
Thank you!


ComboFix 11-12-10.01 - Adsen River 11.12.2011 18:43:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3000.2160 [GMT 1:00]
ausgeführt von:: c:\users\Adsen River\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB58523$
c:\windows\$NtUninstallKB58523$\2538911865
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-11 bis 2011-12-11 ))))))))))))))))))))))))))))))
.
.
2011-12-11 18:08 . 2011-12-11 18:08 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{140C95C3-F2F9-4338-9F70-D41D37DA5C84}\offreg.dll
2011-12-11 18:06 . 2011-12-11 18:14 -------- d-----w- c:\users\Adsen River\AppData\Local\temp
2011-12-11 18:06 . 2011-12-11 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-09 12:13 . 2011-12-09 12:14 -------- d-----w- C:\FRST
2011-12-09 07:16 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{140C95C3-F2F9-4338-9F70-D41D37DA5C84}\mpengine.dll
2011-12-06 11:23 . 2011-12-06 11:23 -------- d-----w- c:\program files\Rosetta Stone
2011-12-06 11:23 . 2011-12-06 11:28 -------- d-----w- c:\programdata\Rosetta Stone
2011-12-03 13:15 . 2011-12-03 13:15 388096 ----a-r- c:\users\Adsen River\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-03 13:15 . 2011-12-03 13:15 -------- d-----w- c:\program files\Trend Micro
2011-11-30 19:35 . 2011-11-30 19:35 -------- d-----w- c:\users\Adsen River\AppData\Roaming\Malwarebytes
2011-11-30 19:34 . 2011-11-30 19:34 -------- d-----w- c:\programdata\Malwarebytes
2011-11-30 19:34 . 2011-11-30 19:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-30 19:34 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-29 11:32 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe
2011-11-29 11:31 . 2011-11-29 11:31 -------- d-----w- c:\program files\The Rosetta Stone
2011-11-27 20:22 . 2011-11-27 20:22 -------- d-----w- c:\program files\Common Files\Java
2011-11-24 22:11 . 2011-11-24 22:15 -------- d-----w- c:\users\Adsen River\AppData\Roaming\Uqasiz
2011-11-14 09:25 . 2011-11-14 09:25 2560 ----a-w- c:\windows\_MSRSTRT.EXE
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-05 15:18 . 2011-07-22 18:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-03 11:48 . 2010-11-25 13:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-28 18:01 . 2010-11-23 11:34 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2009-09-14 10:32 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-04-18 14:51 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2009-09-14 10:33 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2009-09-14 10:33 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2009-09-14 10:33 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2009-09-14 10:32 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2009-09-14 10:33 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-12 00:32 . 2009-01-20 23:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-12 00:32 . 2009-01-20 23:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-09-30 23:06 . 2011-10-12 19:16 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-12 19:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 19:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 19:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-12 19:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-12 19:16 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-12 19:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 19:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-20 21:02 . 2011-11-09 01:07 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 23:10 . 2011-05-12 15:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-24 204800]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"TrayMin900"="c:\windows\System32\Drivers\Tray900.exe" [2005-09-12 266240]
"PhiBtn"="c:\windows\System32\Drivers\PhiBtn.exe" [2005-09-12 155648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2009-01-20 23:41 156968 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-01-20 23:41 202024 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-12 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv41.sys [2007-04-23 1347584]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-12 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [2008-05-27 50560]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PAC7311;Trust Webcam 14839;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-26 722416]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-12 07:54]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-12 07:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Adsen River\AppData\Roaming\Mozilla\Firefox\Profiles\0zpgz8au.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_EU&apn_uid=5F162E4A-A13D-4F97-A5C4-485D740D5120&apn_ptnrs=PV&apn_sauid=B2586A47-AAB0-4234-9AE9-0C017DC32573&apn_dtid=&&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared Files\brs.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
MSConfigStartUp-PDVD9LanguageShortcut - c:\program files\CyberLink\PowerDVD9\Language\Language.exe
MSConfigStartUp-RemoteControl9 - c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-11 19:14
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-11 19:21:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-11 18:21
.
Vor Suchlauf: 10 Verzeichnis(se), 100.059.025.408 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 101.308.182.528 Bytes frei
.
- - End Of File - - 2E83B8AB6793214DF18D88956FF51868
 
Good news :)

Uninstall Ask Toolbar, typical foistware.

Combofix looks good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Extras logfile created on: 12.12.2011 17:53:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adsen River\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,93 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 55,24% Memory free
6,07 Gb Paging File | 4,80 Gb Available in Paging File | 79,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,12 Gb Total Space | 97,18 Gb Free Space | 43,55% Space Free | Partition Type: NTFS

Computer Name: ADSENRIVER-PC | User Name: Adsen River | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2309324154-696892423-2125147387-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B9BFD9-2B13-40B6-ADA3-46F854B150B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{06B8A812-0E46-4630-98DD-F99CCF4E8826}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{0C58F813-06B2-4923-AC43-7F682648C3BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E65A551-320D-4DEE-8D72-ED3165FA1B04}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{26BCF7B8-F951-4563-B877-C6830A0FDA18}" = lport=139 | protocol=6 | dir=in | app=system |
"{27185D3D-95D3-48C2-A9B2-1B92FCCDA63B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C0BD0AF-5A64-4F7A-8FF4-19422976967C}" = rport=138 | protocol=17 | dir=out | app=system |
"{4713AD09-CD82-4B9B-BEEA-26EC91801679}" = lport=138 | protocol=17 | dir=in | app=system |
"{4BB6B853-4CFB-43BF-AD00-B9381ED199DF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C6A5433-755D-4F46-ACA0-C1DFD880676A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{533195FB-65F9-46D6-A5F9-C730EBB69754}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63B2DA45-04E5-40B0-A7C5-B243C938D237}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7D3D8AAD-0284-41F5-BCAC-1F65C873C8F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7DFFAA1C-4A42-4EBA-9BAE-E5CFFBC53C0F}" = rport=139 | protocol=6 | dir=out | app=system |
"{8D5EA460-6061-4CED-B8A7-B7EAD2DC2FAB}" = lport=445 | protocol=6 | dir=in | app=system |
"{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B4EE1E3E-774B-4472-8628-7722A8C69D32}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E4CBB4EC-CA28-4026-BBD9-787A3E709A81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ECC34D9B-E84B-4E8F-BDAB-EBF67395BDA2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FF5E893F-AA4C-4377-A302-EE12D3CA584A}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10CC7D19-99A7-4D09-A13C-67B1A3AC095F}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{130B18B2-61F9-4FBC-950F-73228485669E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{16AD8274-196E-489C-9F9B-CD2716E2200B}" = protocol=6 | dir=in | app=f:\alicesetup.exe |
"{20D19BDC-CFFA-4D32-AD36-736BEEFEDBCC}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{280D836E-8057-43F9-8D01-32EEF41F6954}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2B50F3AD-57F1-4D18-BC1F-3236C9EB81B8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2BD6E073-206B-4C05-A724-723E06DA3B24}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2C721DED-A13C-49FA-95DE-7C3AF45EBFDC}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{34FCC933-44E5-4AF7-99A0-17FDD6C95E6F}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{439BB14D-5215-4FC6-B40F-5F1218066190}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4EA877C9-5EC6-4D0A-8F2B-0DC59E7EFFE3}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{59399D26-6522-4958-9384-D7BBCA3AAF0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{60856FF4-B4AF-44B3-A72F-8BA9813F47D9}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{608F241A-042B-4429-8E29-1B1336CC77F4}" = protocol=17 | dir=in | app=f:\alicesetup.exe |
"{6AC30F39-B8A6-4BAB-9848-E533631FDA7F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{6ECE2D9A-4373-4E10-AAC8-FC7DB7252819}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{6FA49F74-6003-46C3-B508-602E2C144F0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{71205681-B271-4F31-A904-8827DB6F1873}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{727DF6D2-4BAB-4AC5-8638-E449E179F1FA}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{80ECCFF9-C65B-4D3D-9C48-FAD62C343E23}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{8679DD36-45FF-4F88-A616-7C4219B8BC72}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8D7AB1D9-DF96-445E-8FEA-D93E2B616FC3}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{934CFA67-6171-4CF9-89B3-CB14BAC33D10}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9A2A181E-A3D3-4FC1-ACFF-D3AA3D269921}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{AC9FB7F1-3D12-45CA-9DDE-C438C7033837}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B1E13BCD-23D7-4B64-B13C-6EB7F42BE464}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D956B626-8193-4337-B47A-490F081399D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E3308AA7-B0DA-472E-80C5-6C861D1BF972}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{EFA055AA-391A-4174-901D-83DFB7D4D334}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{F0B66FC0-6A40-4BEA-953D-061BF1E9BB69}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"TCP Query User{28D97505-B867-4DDB-855C-79A4B22EA564}C:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat |
"TCP Query User{4FCC575E-FE3A-45E7-A2ED-8009708FCA02}C:\program files\concept design\onlinetv 5\onlinetv.exe" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe |
"TCP Query User{5A9AB8EE-55BF-4C63-B490-A07537661150}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{60CAD833-C260-468A-8C65-693E02EBCD93}C:\users\adsen river\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\adsen river\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{6EA763C4-822E-4C00-B94B-56E2A2C6D9FC}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{74502345-2758-4A53-9D3F-1414D4C24093}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{82138B46-F90E-4A53-A851-56214D2F1352}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{8F7FFD07-ABBE-4137-8AC6-FBF3558C6590}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A2BA0B4E-B732-4126-B4D9-5ECC05C8508A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{A86D0CF2-78A6-4CDA-B6A1-31A640AB2C65}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{B60267D7-9EC4-41E2-888C-6D303219313D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{BE8FD1C3-3570-4EF1-8A30-2FA2639A13A3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{CF48DED2-2A87-426B-9E9E-D4B80C9FDDDA}D:\bin\demigod.exe" = protocol=6 | dir=in | app=d:\bin\demigod.exe |
"TCP Query User{DE45FAFF-DE10-4AB2-AA95-9E55361C4411}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{E0705C86-557A-49BD-B6C1-F99F16CECFD6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{EA48DDC8-4447-4093-A3F9-A6A10FEBF97C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EFE23401-6321-4007-84F7-1D00533921AF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F0546E2E-7268-47B7-8440-AC2FB4EBF83A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{0B84F20A-CE5F-43CE-AA22-CC8B8E690CEB}D:\bin\demigod.exe" = protocol=17 | dir=in | app=d:\bin\demigod.exe |
"UDP Query User{0E416A80-102A-4B05-9ACE-3E7501AD26CE}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{22B3C1F5-1873-436F-9274-972F22C0CB54}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3CBFFC14-09D3-422C-926C-94B4CCC7541D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{46E9A074-1F72-4B0B-AD00-115C73C2383C}C:\users\adsen river\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\adsen river\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{729A0698-54C4-4F20-9BF6-A95A4610258E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{7C937AF6-59DC-472D-B48F-F5392C480E1D}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{92FD9122-64F8-4DCB-8EB6-CB5DE13643E3}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{9496C5EB-5474-47D7-850A-67C1F1AE6610}C:\program files\concept design\onlinetv 5\onlinetv.exe" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe |
"UDP Query User{A1B2A77A-C019-4CC6-91C3-693EA39E4F91}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B5A36985-F005-4763-9DA1-4BC0A23006AE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B76D4DC0-D2B4-40B9-B1E1-22A951F2937C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{BE61BBAF-7DC7-44C2-B8D6-3692DF855429}C:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat |
"UDP Query User{C762E1B6-C070-4B03-8ED8-23BF4CDBA692}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{CB63A23D-AFEF-4782-A75D-A24EF3BA789C}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{DBB4AB3A-164B-4D5F-8375-A6720B9FFD5B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DEE0D67B-5C0C-435C-AD23-C4E587A4FD98}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{EC98B5DA-CDB2-44F0-B7BC-2DB3E3148E8C}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series" = Canon iP3600 series Printer Driver
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = Philips SPC 900NC PC Camera
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{33D5969E-53A4-4EF7-BB6C-3A0F7B9E56E7}}_is1" = NORMA RUCK ZUCK FOTOBUCH
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}" = Philips VLounge
"{8A261769-9640-4DB4-B877-3E00C61967F3}_is1" = concept/design onlineTV 5
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}" = IPM_PSP_CL
"{DEAEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}" = IPM_PSP_COM
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast" = avast! Free Antivirus
"Canon iP3600 series Benutzerregistrierung" = Canon iP3600 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"nfsSaintValentine05 New Free Screensaver_is1" = NewFreeScreensaver nfsSaintValentine05
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SopCast" = SopCast 3.2.4
"ST6UNST #1" = XPwinExit Edition 6
"The Rosetta Stone" = The Rosetta Stone
"TVUPlayer" = TVUPlayer 2.5.3.1
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2309324154-696892423-2125147387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 23.09.2009 13:55:19 | Computer Name = AdsenRiver-PC | Source = avast! | ID = 33554522
Description =

Error - 21.10.2009 18:49:42 | Computer Name = AdsenRiver-PC | Source = avast! | ID = 33554522
Description =

Error - 27.10.2009 14:59:46 | Computer Name = AdsenRiver-PC | Source = avast! | ID = 33554522
Description =

Error - 10.11.2009 09:46:44 | Computer Name = AdsenRiver-PC | Source = avast! | ID = 33554522
Description =

Error - 03.03.2010 03:27:12 | Computer Name = AdsenRiver-PC | Source = avast! | ID = 33554522
Description =

Error - 16.05.2010 11:13:37 | Computer Name = AdsenRiver-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 27.11.2011 22:48:45 | Computer Name = AdsenRiver-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel
0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel
0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00061136, Prozess-ID 0x1044,
Anwendungsstartzeit 01ccad76b3a242ab.

Error - 28.11.2011 00:13:52 | Computer Name = AdsenRiver-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel
0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel
0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00109483, Prozess-ID 0x12c8,
Anwendungsstartzeit 01ccad7842fb3b4b.

Error - 28.11.2011 02:41:15 | Computer Name = AdsenRiver-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel
0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel
0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00109483, Prozess-ID 0x1534,
Anwendungsstartzeit 01ccad97758d9c0b.

Error - 28.11.2011 02:57:05 | Computer Name = AdsenRiver-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel
0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel
0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00109413, Prozess-ID 0x358, Anwendungsstartzeit
01ccad98bdf4a78b.

Error - 28.11.2011 16:09:40 | Computer Name = AdsenRiver-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel
0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel
0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00061136, Prozess-ID 0xc8c, Anwendungsstartzeit
01ccae086531b6b0.

Error - 28.11.2011 18:01:12 | Computer Name = AdsenRiver-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel
0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel
0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00109483, Prozess-ID 0xde4, Anwendungsstartzeit
01ccae17f9fd9c50.

Error - 28.11.2011 20:34:54 | Computer Name = AdsenRiver-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel
0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel
0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00109483, Prozess-ID 0x1304,
Anwendungsstartzeit 01ccae2d7257f4b0.

Error - 28.11.2011 21:10:19 | Computer Name = AdsenRiver-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel
0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel
0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00061136, Prozess-ID 0x1400,
Anwendungsstartzeit 01ccae2ebb0298e0.

Error - 28.11.2011 21:28:38 | Computer Name = AdsenRiver-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel
0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel
0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00109483, Prozess-ID 0x17b8,
Anwendungsstartzeit 01ccae33ada26d10.

Error - 29.11.2011 02:02:14 | Computer Name = AdsenRiver-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19154, Zeitstempel
0x4e8634f0, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19154, Zeitstempel
0x4e864aec, Ausnahmecode 0xc0000005, Fehleroffset 0x00109483, Prozess-ID 0x13a0,
Anwendungsstartzeit 01ccae363cc40c90.

[ System Events ]
Error - 11.12.2011 13:42:39 | Computer Name = AdsenRiver-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.12.2011 13:43:31 | Computer Name = AdsenRiver-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11.12.2011 13:58:56 | Computer Name = AdsenRiver-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11.12.2011 14:07:14 | Computer Name = AdsenRiver-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11.12.2011 14:07:34 | Computer Name = AdsenRiver-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11.12.2011 14:10:16 | Computer Name = AdsenRiver-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.12.2011 14:26:33 | Computer Name = AdsenRiver-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.12.2011 14:26:38 | Computer Name = AdsenRiver-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =

Error - 11.12.2011 14:29:25 | Computer Name = AdsenRiver-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.12.2011 17:03:28 | Computer Name = AdsenRiver-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.


< End of report >
 
OTL.txt

OTL logfile created on: 12.12.2011 17:53:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adsen River\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,93 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 55,24% Memory free
6,07 Gb Paging File | 4,80 Gb Available in Paging File | 79,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,12 Gb Total Space | 97,18 Gb Free Space | 43,55% Space Free | Partition Type: NTFS

Computer Name: ADSENRIVER-PC | User Name: Adsen River | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.12 17:44:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adsen River\Desktop\OTL.exe
PRC - [2011.12.11 19:25:26 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\ADSENR~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.10.20 14:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.07.07 02:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.06.25 02:47:04 | 001,069,576 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009.06.23 16:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.06.23 16:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.06.23 16:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009.04.11 18:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.04.11 18:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.01 07:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint2K\Hidfind.exe
PRC - [2008.12.26 16:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.12.18 13:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.03.18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2005.09.12 15:00:40 | 000,266,240 | ---- | M] (Philips) -- C:\Windows\System32\drivers\Tray900.exe
PRC - [2005.09.12 15:00:24 | 000,155,648 | ---- | M] (Philips) -- C:\Windows\System32\drivers\Phibtn.exe
PRC - [2005.01.14 15:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.08.16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.02.02 16:33:56 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2003.06.07 22:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.03.14 12:28:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.23 16:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.04.11 18:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008.12.18 13:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.03.18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005.01.14 15:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)


========== Driver Services (SafeList) ==========

DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.09.14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.05.26 20:38:55 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.06.23 08:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.02.23 03:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.09.22 14:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.09.04 06:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.09.04 06:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.09.04 06:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.09.04 05:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.05.27 02:07:58 | 000,050,560 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2008.05.02 09:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.05.02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.03.01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.04.23 13:44:10 | 001,347,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\camdrv41.sys -- (camdrv41)
DRV - [2005.10.18 17:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.668.0
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_EU&apn_uid=5F162E4A-A13D-4F97-A5C4-485D740D5120&apn_ptnrs=PV&apn_sauid=B2586A47-AAB0-4234-9AE9-0C017DC32573&apn_dtid=&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Adsen River\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Adsen River\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.19 15:17:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.19 15:17:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.12 01:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.07 15:50:27 | 000,000,000 | ---D | M]

[2009.09.14 11:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adsen River\AppData\Roaming\mozilla\Extensions
[2011.12.11 22:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adsen River\AppData\Roaming\mozilla\Firefox\Profiles\0zpgz8au.default\extensions
[2010.03.02 08:04:59 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Adsen River\AppData\Roaming\mozilla\Firefox\Profiles\0zpgz8au.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.04.27 17:12:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Adsen River\AppData\Roaming\mozilla\Firefox\Profiles\0zpgz8au.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.06 22:02:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Adsen River\AppData\Roaming\mozilla\Firefox\Profiles\0zpgz8au.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.02 15:10:30 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Adsen River\AppData\Roaming\mozilla\Firefox\Profiles\0zpgz8au.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011.12.06 11:41:54 | 000,000,000 | ---D | M] (myBabylon EnglishBB Community Toolbar) -- C:\Users\Adsen River\AppData\Roaming\mozilla\Firefox\Profiles\0zpgz8au.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2011.04.02 15:10:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Adsen River\AppData\Roaming\mozilla\Firefox\Profiles\0zpgz8au.default\extensions\engine@conduit.com
[2010.06.13 15:19:16 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Adsen River\AppData\Roaming\mozilla\Firefox\Profiles\0zpgz8au.default\extensions\firefox@tvunetworks.com
[2011.12.11 21:22:30 | 000,002,391 | ---- | M] () -- C:\Users\Adsen River\AppData\Roaming\Mozilla\Firefox\Profiles\0zpgz8au.default\searchplugins\askcom.xml
[2011.09.18 20:47:10 | 000,001,565 | ---- | M] () -- C:\Users\Adsen River\AppData\Roaming\Mozilla\Firefox\Profiles\0zpgz8au.default\searchplugins\web-search.xml
[2010.03.02 08:07:38 | 000,001,201 | ---- | M] () -- C:\Users\Adsen River\AppData\Roaming\Mozilla\Firefox\Profiles\0zpgz8au.default\searchplugins\winamp-search.xml
[2011.06.03 22:36:20 | 000,002,057 | ---- | M] () -- C:\Users\Adsen River\AppData\Roaming\Mozilla\Firefox\Profiles\0zpgz8au.default\searchplugins\youtube-videosuche.xml
[2011.12.03 12:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.08 12:34:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.03 12:49:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ADSEN RIVER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ZPGZ8AU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADSEN RIVER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ZPGZ8AU.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2011.11.09 00:10:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.03 12:48:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.09.21 11:58:57 | 000,002,196 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.12.11 19:13:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PhiBtn] C:\Windows\System32\drivers\Phibtn.exe (Philips)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrayMin900] C:\Windows\System32\drivers\Tray900.exe (Philips)
O4 - HKU\S-1-5-21-2309324154-696892423-2125147387-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\S-1-5-21-2309324154-696892423-2125147387-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D463B63C-754D-4291-8437-01BBACBCD1A3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Adsen River\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Adsen River\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.12.12 17:44:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Adsen River\Desktop\OTL.exe
[2011.12.11 19:21:56 | 000,000,000 | ---D | C] -- C:\Users\Adsen River\AppData\Local\temp
[2011.12.11 19:20:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.11 18:35:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.11 18:35:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.11 18:35:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.11 18:35:36 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.12.11 18:32:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.11 18:32:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.10 21:46:19 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Adsen River\Desktop\tdsskiller.exe
[2011.12.10 01:40:08 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Adsen River\Desktop\FixTDSS.exe
[2011.12.09 13:13:03 | 000,000,000 | ---D | C] -- C:\FRST
[2011.12.07 20:29:48 | 004,334,705 | R--- | C] (Swearware) -- C:\Users\Adsen River\Desktop\ComboFix.exe
[2011.12.07 17:42:16 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Adsen River\Desktop\aswMBR.exe
[2011.12.06 15:57:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Adsen River\Desktop\dds.scr
[2011.12.06 12:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2011.12.06 12:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2011.12.06 12:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2011.12.03 14:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.12.03 14:15:29 | 000,000,000 | ---D | C] -- C:\Users\Adsen River\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.11.30 20:35:05 | 000,000,000 | ---D | C] -- C:\Users\Adsen River\AppData\Roaming\Malwarebytes
[2011.11.30 20:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.30 20:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.30 20:34:46 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.30 20:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.29 12:32:04 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011.11.29 12:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Rosetta Stone
[2011.11.29 12:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\The Rosetta Stone
[2011.11.27 21:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.11.25 09:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.24 23:11:08 | 000,000,000 | ---D | C] -- C:\Users\Adsen River\AppData\Roaming\Uqasiz
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009.08.06 20:38:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.12 17:44:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adsen River\Desktop\OTL.exe
[2011.12.12 17:38:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.12 17:38:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.12 17:23:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.12 13:38:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.12 04:22:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.11 19:27:41 | 3146,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.11 19:13:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.11 18:33:19 | 004,334,705 | R--- | M] (Swearware) -- C:\Users\Adsen River\Desktop\ComboFix.exe
[2011.12.10 21:46:34 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adsen River\Desktop\tdsskiller.exe
[2011.12.10 01:40:11 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Adsen River\Desktop\FixTDSS.exe
[2011.12.09 13:12:19 | 000,858,348 | ---- | M] () -- C:\Users\Adsen River\Desktop\FRST.exe
[2011.12.09 08:14:44 | 000,629,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.09 08:14:44 | 000,596,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.09 08:14:44 | 000,126,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.09 08:14:44 | 000,104,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.08 15:06:13 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Adsen River\Desktop\boot_cleaner.exe
[2011.12.07 17:45:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Adsen River\Desktop\aswMBR.exe
[2011.12.07 15:46:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.12.07 09:47:00 | 000,004,600 | ---- | M] () -- C:\Users\Adsen River\AppData\Roaming\wklnhst.dat
[2011.12.06 15:57:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Adsen River\Desktop\dds.scr
[2011.12.05 18:54:13 | 000,002,535 | ---- | M] () -- C:\Users\Adsen River\Desktop\HiJackThis.lnk
[2011.12.03 14:14:34 | 001,402,880 | ---- | M] () -- C:\Users\Adsen River\Desktop\HiJackThis-2-04.msi
[2011.11.30 20:34:52 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.29 12:31:56 | 000,001,996 | ---- | M] () -- C:\Users\Adsen River\Desktop\The Rosetta Stone.lnk
[2011.11.28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.11.28 19:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.11.28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.11.25 21:08:21 | 000,291,942 | ---- | M] () -- C:\Users\Adsen River\Documents\Bundespolizei_Trojaner_in_10_Schritten_sicher_entfernen.pdf
[2011.11.25 09:19:14 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.24 23:41:04 | 000,000,000 | ---- | M] () -- C:\Users\Adsen River\AppData\Local\{CFC09021-3A6A-4906-BB28-237F393E8DB4}
[2011.11.17 11:09:20 | 000,028,715 | ---- | M] () -- C:\Users\Adsen River\Documents\Konto_240580506-Auszug_2011_025_pdf.pdf
[2011.11.14 10:25:18 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.11 18:35:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.11 18:35:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.11 18:35:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.11 18:35:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.11 18:35:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.09 13:12:02 | 000,858,348 | ---- | C] () -- C:\Users\Adsen River\Desktop\FRST.exe
[2011.12.07 21:53:29 | 3146,604,544 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.03 14:15:30 | 000,002,535 | ---- | C] () -- C:\Users\Adsen River\Desktop\HiJackThis.lnk
[2011.12.03 14:14:30 | 001,402,880 | ---- | C] () -- C:\Users\Adsen River\Desktop\HiJackThis-2-04.msi
[2011.11.30 20:34:52 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.29 12:31:56 | 000,001,996 | ---- | C] () -- C:\Users\Adsen River\Desktop\The Rosetta Stone.lnk
[2011.11.25 21:08:21 | 000,291,942 | ---- | C] () -- C:\Users\Adsen River\Documents\Bundespolizei_Trojaner_in_10_Schritten_sicher_entfernen.pdf
[2011.11.25 09:19:14 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.24 23:41:04 | 000,000,000 | ---- | C] () -- C:\Users\Adsen River\AppData\Local\{CFC09021-3A6A-4906-BB28-237F393E8DB4}
[2011.11.17 11:09:18 | 000,028,715 | ---- | C] () -- C:\Users\Adsen River\Documents\Konto_240580506-Auszug_2011_025_pdf.pdf
[2011.11.14 10:25:17 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.07.04 09:04:03 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8B8DB1788C.sys
[2011.07.04 09:04:02 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.06.09 13:09:50 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.09 13:09:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.03.26 14:14:04 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.07.30 14:44:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PAStiSvc.exe
[2010.03.06 21:13:47 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2010.03.06 21:13:47 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2010.03.06 21:13:45 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.02.25 18:42:36 | 000,017,408 | ---- | C] () -- C:\Users\Adsen River\AppData\Local\WebpageIcons.db
[2009.11.02 22:24:57 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009.11.02 22:24:57 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009.11.02 20:43:08 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2009.10.05 15:43:08 | 000,004,600 | ---- | C] () -- C:\Users\Adsen River\AppData\Roaming\wklnhst.dat
[2009.09.30 16:48:27 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.09.18 00:06:52 | 000,199,168 | ---- | C] () -- C:\Users\Adsen River\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.17 18:58:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.14 16:43:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.14 16:43:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.14 14:52:21 | 000,001,356 | ---- | C] () -- C:\Users\Adsen River\AppData\Local\d3d9caps.dat
[2009.08.06 20:25:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2009.08.06 20:25:43 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009.08.06 20:25:43 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.08.06 12:08:21 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.08.06 11:53:14 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009.08.06 11:53:14 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009.08.06 11:53:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.03.12 11:47:51 | 000,629,186 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.03.12 11:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.03.12 11:47:51 | 000,126,640 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.03.12 11:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.03.12 11:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 03:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.11 21:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 21:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 21:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.04.23 13:44:10 | 001,347,584 | ---- | C] () -- C:\Windows\System32\drivers\camdrv41.sys
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 002,222,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,596,440 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,256 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========

[2009.08.06 12:08:17 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\Acer GameZone Console
[2011.01.08 20:51:28 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\Canon
[2010.03.06 21:14:09 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\concept design
[2009.09.25 14:15:39 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\EA
[2009.09.17 19:28:59 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\eSobi
[2011.11.25 09:12:21 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\IrfanView
[2009.09.21 20:50:02 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\iWin
[2009.11.09 13:30:10 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\LG Electronics
[2010.06.02 18:35:32 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\Meridian93
[2010.05.25 20:46:55 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\Octoshape
[2011.07.23 10:30:37 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\Paltalk
[2010.01.11 03:54:57 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\PlayFirst
[2010.12.15 14:01:34 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\PlayPond
[2009.11.20 18:03:29 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\PowerCinema
[2009.11.20 18:03:41 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\SoftDMA
[2011.12.09 09:16:02 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\SoftGrid Client
[2009.10.05 15:43:48 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\Template
[2011.07.21 23:29:20 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\Thinstall
[2011.09.20 20:49:30 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\TP
[2011.11.24 23:15:38 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\Uqasiz
[2010.12.20 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\uTorrent
[2009.09.30 12:27:15 | 000,000,000 | ---D | M] -- C:\Users\Adsen River\AppData\Roaming\vghd
[2011.12.11 19:26:36 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.02.06 00:25:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011.12.11 19:21:51 | 000,018,944 | ---- | M] () -- C:\ComboFix.txt
[2010.09.29 15:45:51 | 000,000,155 | ---- | M] () -- C:\config.lua
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011.03.09 16:01:33 | 000,000,555 | ---- | M] () -- C:\GameCenterResultLog.txt
[2011.12.11 19:27:41 | 3146,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2009.10.14 15:10:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.10.14 15:10:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.12.11 19:27:40 | 3460,395,008 | -HS- | M] () -- C:\pagefile.sys
[2009.07.24 17:35:06 | 000,012,479 | -HS- | M] () -- C:\Patch.rev
[2009.03.12 14:05:01 | 000,000,147 | RHS- | M] () -- C:\Preload.rev
[2009.08.06 11:53:56 | 000,002,498 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.09.14 16:52:32 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008.10.09 06:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD99.DLL
[2008.10.09 06:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP99.DLL
[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011.11.28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2008.12.05 00:19:40 | 000,308,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009.09.30 12:09:59 | 000,001,666 | -H-- | M] () -- C:\Users\Adsen River\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009.09.18 15:52:14 | 000,000,286 | -HS- | M] () -- C:\Users\Adsen River\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011.12.07 17:45:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Adsen River\Desktop\aswMBR.exe
[2011.12.08 15:06:13 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Adsen River\Desktop\boot_cleaner.exe
[2011.12.11 18:33:19 | 004,334,705 | R--- | M] (Swearware) -- C:\Users\Adsen River\Desktop\ComboFix.exe
[2011.12.10 01:40:11 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Adsen River\Desktop\FixTDSS.exe
[2011.12.09 13:12:19 | 000,858,348 | ---- | M] () -- C:\Users\Adsen River\Desktop\FRST.exe
[2011.12.12 17:44:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adsen River\Desktop\OTL.exe
[2011.12.10 21:46:34 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adsen River\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009.09.11 18:22:13 | 000,000,402 | -HS- | M] () -- C:\Users\Adsen River\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011.07.04 09:04:03 | 000,000,008 | RHS- | M] () -- C:\ProgramData\8B8DB1788C.sys
[2009.08.06 12:07:52 | 000,004,536 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe2.log
[2011.07.04 09:04:37 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_EU&apn_uid=5F162E4A-A13D-4F97-A5C4-485D740D5120&apn_ptnrs=PV&apn_sauid=B2586A47-AAB0-4234-9AE9-0C017DC32573&apn_dtid=&q="
[2011.12.11 21:22:30 | 000,002,391 | ---- | M] () -- C:\Users\Adsen River\AppData\Roaming\Mozilla\Firefox\Profiles\0zpgz8au.default\searchplugins\askcom.xml
[2011.09.18 20:47:10 | 000,001,565 | ---- | M] () -- C:\Users\Adsen River\AppData\Roaming\Mozilla\Firefox\Profiles\0zpgz8au.default\searchplugins\web-search.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-2309324154-696892423-2125147387-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-21-2309324154-696892423-2125147387-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:131C0EE9

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: toolbar@ask.com:3.11.3.15590 removed from extensions.enabledItems
Prefs.js: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_EU&apn_uid=5F162E4A-A13D-4F97-A5C4-485D740D5120&apn_ptnrs=PV&apn_sauid=B2586A47-AAB0-4234-9AE9-0C017DC32573&apn_dtid=&q=" removed from keyword.URL
C:\Users\Adsen River\AppData\Roaming\Mozilla\Firefox\Profiles\0zpgz8au.default\searchplugins\askcom.xml moved successfully.
C:\Users\Adsen River\AppData\Roaming\Mozilla\Firefox\Profiles\0zpgz8au.default\searchplugins\web-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2309324154-696892423-2125147387-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-2309324154-696892423-2125147387-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ProductReg deleted successfully.
C:\Programme\Acer\WR_PopUp\ProductReg.exe moved successfully.
ADS C:\ProgramData\Temp:814B9485 deleted successfully.
ADS C:\ProgramData\Temp:E1982A23 deleted successfully.
ADS C:\ProgramData\Temp:3B3A35EC deleted successfully.
ADS C:\ProgramData\Temp:4F636E25 deleted successfully.
ADS C:\ProgramData\Temp:3064D21D deleted successfully.
ADS C:\ProgramData\Temp:DCAF903C deleted successfully.
ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
ADS C:\ProgramData\Temp:ADE16379 deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:CE0A077E deleted successfully.
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
ADS C:\ProgramData\Temp:35759C73 deleted successfully.
ADS C:\ProgramData\Temp:BB24555F deleted successfully.
ADS C:\ProgramData\Temp:8750DCE4 deleted successfully.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
ADS C:\ProgramData\Temp:131C0EE9 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adsen River
->Temp folder emptied: 792459 bytes
->Temporary Internet Files folder emptied: 674285 bytes
->Java cache emptied: 43303558 bytes
->FireFox cache emptied: 73870626 bytes
->Flash cache emptied: 257261 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1013962 bytes
RecycleBin emptied: 76914 bytes

Total Files Cleaned = 114,00 mb


[EMPTYFLASH]

User: Adsen River
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12122011_210125

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Security Check :
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 de..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````
 
ESET Online Scanner:

C:\Program Files\Portable\Office 2003 Lite\TOTALCMD.exe probably a variant of Win32/TrojanDropper.Agent.IYMLCNE trojan
C:\Users\Adsen River\Downloads\SoftonicDownloader_fuer_hijackthis.exe Win32/SoftonicDownloader application
 
You must log in or register to reply here.

Similar threads

Shawn Knight
Google fully discontinues cache links in Search
Replies
9
Views
519
Tinderbox
Tinderbox
midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
138
James Ryan
J
A
New study confirms the obvious, search results are only getting worse
2
Replies
25
Views
473
hahahanoobs
hahahanoobs

Latest posts

Back