Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Hijack - Need Assistance


  • This topic is locked This topic is locked
2 replies to this topic

#1 Smexy

Smexy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 24 May 2011 - 07:31 AM

Hello dear forum. I know I am new and all but I would really appreciate some help. I am a bit desperate.

Here is my issue:
For a week now, my browsers have gone mad. At first I thought google chrome got messed up and I uninstalled it but then Firefox reproduced the same error. All of them redirect me to different sites like "goonearth" or "palmreader" or "ask.com" when clicking Google search results. But not always, only like 5 times out of 10.
Now ,I got interested about this and found out about DNS Hijacking. I am pretty positive that is what I have. After reading some posts around this forum, I tried literally everything.

What I did :
- I have Malwarebytes Anti Malware Pro with the latest update so I did a complete scan of the entire computer (for 4 hours) and NOTHING. No infections detected.
- Used the latest version of TDSSKiller and it also did not recieve any results of an infection.
- Went to my Internet settings and set it to obtain IP and DNS automatically. In fact, it was already set to that by default.
- Completely scanned my computer with Avira Antivirus with the latest update and it also did not indicate a possible infection.
- Restarted my Computer
- Restarted my Router
- Flushed my dns

So If I cannot find the infection, how am I to remove it? Please help :(

Here are some relatively usefull logs.

RSIT info log:
info.txt logfile of random's system information tool 1.08 2011-05-24 14:23:58

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
-->C:\ProgramData\{E25B3CC7-9347-4C9D-9339-1E15F9DA7A07}\dejpeg4_setup_ext.exe
-->C:\ProgramData\{E700EA29-049A-42E5-B85D-D2A74571B520}\infocus_setup_ext.exe
-->MsiExec /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe After Effects CS5 Third Party Content-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}"
Adobe After Effects CS5 Third Party Royalty Content-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}"
Adobe After Effects CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}"
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -maintain plugin
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader 9.4.4 MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
Akamai NetSession Interface-->C:\Program Files (x86)\Common Files\Akamai\uninstall.exe
Amnesia - The Dark Descent -->"C:\Program Files (x86)\Amnesia - The Dark Descent\unins000.exe"
Apophysis 2.0-->"C:\Program Files (x86)\Apophysis 2.0\uninstall.exe"
Apple Application Support-->MsiExec.exe /I{853A4763-6643-4604-8D64-28BDD8925F4C}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros Driver Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0007
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Bandisoft MPEG-1 Decoder-->"C:\Program Files (x86)\BandiMPEG1\uninstall.exe"
Combat Arms EU-->"C:\ProgramData\NexonEU\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Counter-Strike 1.6-->C:\Program Files (x86)\Counter-Strike 1.6\Uninstal.exe
Crysis® 2-->MsiExec.exe /X{6033673D-2530-4587-8AD0-EB059FC263F9}
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink MediaShow-->"C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\setup.exe" /z-uninstall
CyberLink MediaShow-->"C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\setup.exe" /z-uninstall
CyberLink PhotoNow-->"C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUninstall.exe
Easy GIF Animator 5.02-->"C:\Program Files (x86)\Easy GIF Animator\unins000.exe"
EVEREST Home Edition v2.20-->"C:\Program Files (x86)\Lavalys\EVEREST Home Edition\unins000.exe"
Fable III-->MsiExec.exe /I{4D53090A-9B45-437B-A66A-831000008300}
Fable III-->MsiExec.exe /I{4D53090A-CE35-42BD-B377-831000018301}
Fable III-->MsiExec.exe /X{4D53090A-9B45-437B-A66A-831000008300}
Fallout New Vegas-->"C:\Program Files (x86)\Bethesda Softworks\Fallout New Vegas\unins000.exe"
FBX Plugin 2006.08 for Max 9.0-->C:\Program Files (x86)\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
Fiesta Online(EU_English) 1.03.005-->C:\Program Files (x86)\Gamigo Games\Fiesta Online(EU_English)\uninst.exe
FileZilla Client 3.4.0-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
FontLab Studio 5-->"C:\Program Files (x86)\FontLab\Studio5\Uninstall.exe" "C:\Program Files (x86)\FontLab\Studio5\install.log"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Audio CD Burner version 1.4.7-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.9.35.324-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTA San Andreas-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->c:\Windows\SysWOW64\msiexec.exe /package {4ECF4BDC-8387-329A-ABE9-CF5798F84BB2} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->c:\Windows\SysWOW64\msiexec.exe /package {4ECF4BDC-8387-329A-ABE9-CF5798F84BB2} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->c:\Windows\SysWOW64\msiexec.exe /package {4ECF4BDC-8387-329A-ABE9-CF5798F84BB2} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->c:\Windows\SysWOW64\msiexec.exe /package {4ECF4BDC-8387-329A-ABE9-CF5798F84BB2} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->c:\Windows\SysWOW64\msiexec.exe /package {4ECF4BDC-8387-329A-ABE9-CF5798F84BB2} /uninstall /qb+ REBOOTPROMPT=""
Hotspot Shield 2.03-->C:\Program Files (x86)\Hotspot Shield\Uninstall.exe
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Quick Launch Buttons-->"C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0407 -removeonly uninst
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17B4760F-334B-475D-829F-1A3E94A6A4E6}\setup.exe" -l0x9 -removeonly
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Update-->MsiExec.exe /X{D46D081B-F60E-467E-A7C4-117B70D76731}
HP User Guides 0148-->MsiExec.exe /X{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}
HP Wireless Assistant-->MsiExec.exe /X{4E432692-A736-4F77-AF77-F9078CF88D31}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HyperCam 2-->"C:\Program Files (x86)\HyCam2\UnHyCam2.exe"
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
JDownloader-->C:\Program Files (x86)\JDownloader\uninstall.exe
Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}
K-Lite Codec Pack 5.7.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{CC8E94A2-55C7-4460-953C-2A790180578C}
LOST PLANET 2-->MsiExec.exe /X{737369DC-08E8-4787-A78C-F86943247BDF}
Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! 5-->"C:\Program Files (x86)\Yuna Software\Messenger Plus!\Uninstall.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Halo-->"C:\Program Files (x86)\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0407-1000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Report Viewer Redistributable 2008 SP1-->c:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2008 (KB971119)\install.exe
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2008 R2 Policies-->MsiExec.exe /I{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}
Microsoft SQL Server Browser-->MsiExec.exe /X{BF9BF038-FE03-429D-9B26-2FA0FD756052}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU-->MsiExec.exe /I{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msTTS.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable - KB2467175-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mount&Blade Warband-->C:\Program Files (x86)\Mount&Blade Warband\uninstall.exe
Mozilla Firefox 4.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MP4 To MP3 Converter V3.0.3-->"c:\MP4ToMP3Converter\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
muvee Reveal-->MsiExec.exe /X{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}
Need for Speed™ Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files (x86)\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409
Nexon Game Manager-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local
NifSkope (remove only)-->C:\Program Files (x86)\NifTools\NifSkope\uninstall.exe
Norton Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}
NVIDIA PhysX-->MsiExec.exe /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
ObjectDock Plus 2-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe REMOVE=TRUE MODIFY=FALSE
Opera 11.10-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
osu!-->MsiExec.exe /X{C3592426-531E-4110-911D-BFECE2CE284C}
Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
PCSX2 - Playstation 2 Emulator-->C:\Program Files (x86)\PCSX2 0.9.7\Uninst-pcsx2-r3878.exe
Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Perfectly Clear Plugin 1.0.3-->C:\Program Files (x86)\Athentech\Perfectly Clear Plug-in\uninst.exe
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
Proxifier version 2.7-->"C:\Program Files (x86)\Proxifier\unins000.exe"
QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
RAR Password Cracker 4.12-->C:\Program Files (x86)\RAR Password Cracker\uninstall.exe
Realtek 8136 8168 8169 Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0007 -removeonly
Recovery Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
S4 League_EU-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8177DA7B-C8D2-497F-8958-ABBBD5891269}\setup.exe" -l0x9
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2466156)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CEF209AB-F96D-404F-B5CC-44057C057CA3}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft Office Excel 2007 (KB2464583)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {151E2FEA-C3A6-4CB6-BE6B-16651FDF04BE}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846}
SmartSound Quicktracks Plugin-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SPORE™-->"C:\Program Files (x86)\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Stardock Software-->C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
Taksi Desktop Video Recorder-->MsiExec.exe /I{EBB05CE8-52DF-4B7C-BDF4-ECC6BB0C3BB1}
TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe
Terra Online-->MsiExec.exe /I{39FF503A-EA2B-441C-A1AE-44318F88BB66}
The Last Remnant-->"C:\Program Files (x86)\The Last Remnant\Uninstall\unins000.exe"
Topaz InFocus-->"C:\ProgramData\{6C47B826-5902-49BB-BF6B-68F5716FD827}\infocus_setup.exe" REMOVE=TRUE MODIFY=FALSE
Topaz InFocus-->C:\ProgramData\{6C47B826-5902-49BB-BF6B-68F5716FD827}\infocus_setup.exe
Topaz Adjust 4-->MsiExec.exe /I{0777E8B0-0BC4-4802-A6AA-0992716C78FD}
Topaz Clean 3-->MsiExec.exe /I{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}
Topaz DeJpeg 4 (64-bit)-->"C:\ProgramData\{E25B3CC7-9347-4C9D-9339-1E15F9DA7A07}\dejpeg4_setup_ext.exe" REMOVE=TRUE MODIFY=FALSE
Topaz DeJpeg 4-->"C:\ProgramData\{E6AF2639-F710-4F5B-8830-95A396FB523F}\dejpeg4_setup.exe" REMOVE=TRUE MODIFY=FALSE
Topaz DeJpeg 4-->C:\ProgramData\{E6AF2639-F710-4F5B-8830-95A396FB523F}\dejpeg4_setup.exe
Topaz DeNoise 5-->MsiExec.exe /I{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}
Topaz InFocus (64-bit)-->"C:\ProgramData\{E700EA29-049A-42E5-B85D-D2A74571B520}\infocus_setup_ext.exe" REMOVE=TRUE MODIFY=FALSE
Topaz Moment PE-->MsiExec.exe /I{22F1A5D0-A4E2-4DEE-88FB-7752B1244FFB}
Torchlight-->C:\Program Files (x86)\Runic Games\Torchlight\uninstall.exe
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
Vegas Pro 9.0-->MsiExec.exe /X{DC785DB7-D389-48C3-B146-96FE99BF4E2B}
Vindictus-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33562635 -locale:US
VLC media player 1.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Warsow 0.6-->"C:\Program Files (x86)\Warsow 0.6\unins000.exe"
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{CAFA57E8-8927-4912-AFCF-B0AA3837E989}
Windows Live Fotogalerie-->MsiExec.exe /X{850C7BD3-9F3F-46AD-9396-E7985B38C55E}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{AED2DD42-9853-407E-A6BC-8A1D6B715909}
Windows Live Movie Maker-->MsiExec.exe /X{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}
Windows Live Sync-->MsiExec.exe /X{586509F0-350D-48B5-B763-9CC2F8D96C4C}
Windows Live Toolbar-->MsiExec.exe /X{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}
Windows Live Writer-->MsiExec.exe /X{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
Worms Reloaded-->"C:\Program Files (x86)\Team17\Worms Reloaded\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG
Yu-Gi-Oh! ONLINE 3-->MsiExec.exe /X{22439E2F-1CF7-4F8B-992A-3AA3C0553929}

======System event log======

Computer Name: rock91-PC
Event Code: 7036
Message: Dienst "Computerbrowser" befindet sich jetzt im Status "Beendet".
Record Number: 291701
Source Name: Service Control Manager
Time Written: 20101101160557.102226-000
Event Type: Informationen
User:

Computer Name: rock91-PC
Event Code: 7036
Message: Dienst "Computerbrowser" befindet sich jetzt im Status "Ausgeführt".
Record Number: 291700
Source Name: Service Control Manager
Time Written: 20101101160551.071881-000
Event Type: Informationen
User:

Computer Name: rock91-PC
Event Code: 7036
Message: Dienst "Computerbrowser" befindet sich jetzt im Status "Beendet".
Record Number: 291699
Source Name: Service Control Manager
Time Written: 20101101160549.098768-000
Event Type: Informationen
User:

Computer Name: rock91-PC
Event Code: 7036
Message: Dienst "Computerbrowser" befindet sich jetzt im Status "Ausgeführt".
Record Number: 291698
Source Name: Service Control Manager
Time Written: 20101101160543.078424-000
Event Type: Informationen
User:

Computer Name: rock91-PC
Event Code: 7036
Message: Dienst "Computerbrowser" befindet sich jetzt im Status "Beendet".
Record Number: 291697
Source Name: Service Control Manager
Time Written: 20101101160538.053136-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: rock91-PC
Event Code: 0
Message: Requires:C:\Program Files (x86)\Hewlett-Packard\HP Setup
Record Number: 1141
Source Name: HP Total Care Setup Updater
Time Written: 20100421141624.000000-000
Event Type: Informationen
User:

Computer Name: rock91-PC
Event Code: 0
Message: Expanded Env:CORESYSTEMPATH
Record Number: 1140
Source Name: HP Total Care Setup Updater
Time Written: 20100421141624.000000-000
Event Type: Informationen
User:

Computer Name: rock91-PC
Event Code: 0
Message: Current:C:\ProgramData\Hewlett-Packard\HP Setup
Record Number: 1139
Source Name: HP Total Care Setup Updater
Time Written: 20100421141624.000000-000
Event Type: Informationen
User:

Computer Name: rock91-PC
Event Code: 0
Message: Requires:C:\ProgramData\Hewlett-Packard\HP Setup
Record Number: 1138
Source Name: HP Total Care Setup Updater
Time Written: 20100421141624.000000-000
Event Type: Informationen
User:

Computer Name: rock91-PC
Event Code: 0
Message: Expanded Env:COREALLUSERPATH
Record Number: 1137
Source Name: HP Total Care Setup Updater
Time Written: 20100421141624.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: rock91-PC
Event Code: 4905
Message: Es wurde versucht, die Registrierung einer Sicherheitsereignisquelle aufzuheben.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ROCK91-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Prozess:
Prozess-ID: 0x9e0
Prozessname: C:\Windows\System32\VSSVC.exe

Ereignisquelle:
Quellenname: VSSAudit
Ereignisquellen-ID: 0xbacd2
Record Number: 5238
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100615103144.899499-000
Event Type: Überwachung erfolgreich
User:

Computer Name: rock91-PC
Event Code: 4904
Message: Es wurde versucht, eine Sicherheitsereignisquelle zu registrieren.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ROCK91-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Prozess:
Prozess-ID: 0x9e0
Prozessname: C:\Windows\System32\VSSVC.exe

Ereignisquelle:
Quellenname: VSSAudit
Ereignisquellen-ID: 0xbacd2
Record Number: 5237
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100615103144.899499-000
Event Type: Überwachung erfolgreich
User:

Computer Name: rock91-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5236
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100615103104.388181-000
Event Type: Überwachung erfolgreich
User:

Computer Name: rock91-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ROCK91-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x238
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 5235
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100615103104.388181-000
Event Type: Überwachung erfolgreich
User:

Computer Name: rock91-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5234
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100615103103.638139-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OnlineServices"=Online Services
"OS"=Windows_NT
"Path"=C:\Perl64\site\bin;C:\Perl64\bin;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files (x86)\Common Files\Autodesk Shared\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PCBRAND"=Presario
"Platform"=MCD
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=170a
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"asl.log"=Destination=file
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


RSIT log:
Logfile of random's system information tool 1.08 (written by random/random)
Run by rock91 at 2011-05-24 14:23:39
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 32 GB (11%) free of 292 GB
Total RAM: 4063 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:23:41 PM, on 5/24/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\MAXON\CINEMA 4D R12\resource\libs\win32\qtguiagent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\rock91\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\rock91.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.msn.com/?ocid=mp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\rock91\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {304171C0-65EA-4B51-B5D9-93A311E26EB1} (MxPEG_ActiveX Control) - http://www.banaterra.eu/romana/webcam/MxPEG_ActiveX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviciul Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13681 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Dgne.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForrock91.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll [2011-04-15 232696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"=C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2009-09-02 60464]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-11-04 281768]
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2010-03-23 500792]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2010-02-25 323640]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2011-03-29 399736]
"AdobeBridge"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe [2011-03-23 235168]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2009-11-09 52272]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\Windows\notepad.exe %1

======List of files/folders created in the last 1 months======

2011-05-24 14:23:39 ----D---- C:\rsit
2011-05-24 13:40:50 ----A---- C:\TDSSKiller.2.5.2.0_24.05.2011_13.40.50_log.txt
2011-05-24 13:39:55 ----A---- C:\TDSSKiller.2.5.1.0_24.05.2011_13.39.55_log.txt
2011-05-24 10:24:41 ----A---- C:\TDSSKiller.2.5.1.0_24.05.2011_10.24.41_log.txt
2011-05-24 09:55:10 ----D---- C:\Program Files (x86)\Trend Micro
2011-05-24 09:38:15 ----A---- C:\TDSSKiller.2.5.1.0_24.05.2011_09.38.15_log.txt
2011-05-24 09:34:47 ----A---- C:\TDSSKiller.2.5.1.0_24.05.2011_09.34.47_log.txt
2011-05-24 08:17:12 ----D---- C:\ProgramData\hssff
2011-05-23 10:44:41 ----D---- C:\Users\rock91\AppData\Roaming\Lionhead Studios
2011-05-17 17:37:23 ----HDC---- C:\ProgramData\{E25B3CC7-9347-4C9D-9339-1E15F9DA7A07}
2011-05-17 17:36:58 ----HDC---- C:\ProgramData\{E6AF2639-F710-4F5B-8830-95A396FB523F}
2011-05-16 16:08:37 ----D---- C:\Users\rock91\AppData\Roaming\ActiveState
2011-05-16 16:05:52 ----D---- C:\Users\rock91\AppData\Roaming\Topaz Moment
2011-05-16 15:42:37 ----D---- C:\Perl64
2011-05-16 15:32:46 ----HDC---- C:\ProgramData\{E700EA29-049A-42E5-B85D-D2A74571B520}
2011-05-16 15:32:22 ----HDC---- C:\ProgramData\{6C47B826-5902-49BB-BF6B-68F5716FD827}
2011-05-16 15:31:04 ----D---- C:\Users\rock91\AppData\Roaming\Opera
2011-05-16 15:30:57 ----D---- C:\Program Files (x86)\Opera
2011-05-16 14:45:26 ----D---- C:\Program Files (x86)\Topaz Labs LLC
2011-05-13 04:27:09 ----D---- C:\Users\rock91\AppData\Roaming\.minecraft
2011-05-13 02:37:42 ----D---- C:\Users\rock91\AppData\Roaming\Stardock
2011-05-13 02:36:39 ----HDC---- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2011-05-13 02:36:37 ----D---- C:\ProgramData\Stardock
2011-05-13 02:36:37 ----D---- C:\Program Files (x86)\Common Files\Stardock
2011-05-13 02:36:21 ----D---- C:\Program Files (x86)\Stardock
2011-05-12 08:05:18 ----D---- C:\ProgramData\Skype Extras
2011-05-12 07:18:17 ----D---- C:\Program Files (x86)\Common Files\Skype
2011-05-12 06:20:09 ----A---- C:\Windows\SysWOW64\poqexec.exe
2011-05-11 13:49:21 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2011-05-11 13:49:20 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2011-05-11 03:10:20 ----D---- C:\Users\rock91\AppData\Roaming\Malwarebytes
2011-05-11 03:08:18 ----D---- C:\ProgramData\Malwarebytes
2011-05-11 03:08:18 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2011-05-11 03:08:14 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-10 23:33:16 ----D---- C:\Hotspot Shield
2011-05-10 23:33:07 ----D---- C:\Program Files (x86)\Hotspot Shield
2011-05-07 17:20:09 ----D---- C:\Users\rock91\AppData\Roaming\Yahoo!
2011-05-04 23:10:46 ----D---- C:\Users\rock91\AppData\Roaming\Mount&Blade With Fire and Sword
2011-05-04 16:20:44 ----D---- C:\Program Files (x86)\Mount&Blade With Fire and Sword
2011-05-04 14:19:49 ----D---- C:\Users\rock91\AppData\Roaming\Mount&Blade Warband
2011-05-04 14:00:29 ----D---- C:\Program Files (x86)\Mount&Blade Warband
2011-05-03 01:37:30 ----D---- C:\Program Files (x86)\Common Files\FontLab
2011-05-03 01:37:28 ----D---- C:\Program Files (x86)\FontLab
2011-04-30 01:57:29 ----D---- C:\ProgramData\Windows Genuine Advantage
2011-04-27 10:46:17 ----A---- C:\Windows\explorer.exe
2011-04-27 10:46:16 ----A---- C:\Windows\SysWOW64\explorer.exe
2011-04-27 10:45:57 ----A---- C:\Windows\SysWOW64\fsutil.exe
2011-04-27 10:45:57 ----A---- C:\Windows\SysWOW64\esent.dll
2011-04-27 10:45:37 ----A---- C:\Windows\SysWOW64\XpsPrint.dll
2011-04-27 10:45:36 ----A---- C:\Windows\SysWOW64\prevhost.exe
2011-04-25 16:36:38 ----D---- C:\Program Files (x86)\Ultra Fractal 5
2011-04-25 06:11:57 ----D---- C:\Program Files (x86)\Texture Maker

======List of files/folders modified in the last 1 months======

2011-05-24 14:23:41 ----D---- C:\Windows\Prefetch
2011-05-24 14:00:10 ----SHD---- C:\Windows\Installer
2011-05-24 14:00:10 ----SHD---- C:\Config.Msi
2011-05-24 13:58:14 ----D---- C:\Windows\SysWOW64
2011-05-24 13:57:13 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2011-05-24 13:56:50 ----D---- C:\Program Files (x86)
2011-05-24 13:54:45 ----D---- C:\Windows\Temp
2011-05-24 13:54:45 ----AD---- C:\Windows
2011-05-24 13:39:49 ----D---- C:\Users\rock91\AppData\Roaming\vlc
2011-05-24 11:31:40 ----D---- C:\Windows\System32
2011-05-24 11:31:38 ----D---- C:\Windows\inf
2011-05-24 10:28:19 ----D---- C:\Users\rock91\AppData\Roaming\Skype
2011-05-24 10:12:48 ----D---- C:\Users\rock91\AppData\Roaming\Xfire
2011-05-24 08:57:02 ----D---- C:\Users\rock91\AppData\Roaming\Winamp
2011-05-24 08:46:21 ----D---- C:\Program Files (x86)\CCleaner
2011-05-24 08:44:30 ----D---- C:\Users\rock91\AppData\Roaming\uTorrent
2011-05-24 08:27:02 ----D---- C:\Windows\Tasks
2011-05-24 08:22:31 ----D---- C:\Users\rock91\AppData\Roaming\skypePM
2011-05-24 08:17:12 ----HD---- C:\ProgramData
2011-05-24 08:14:36 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-05-24 01:29:09 ----SHD---- C:\System Volume Information
2011-05-23 19:59:28 ----A---- C:\ProgramData\HPWALog.txt
2011-05-23 19:17:22 ----D---- C:\ProgramData\Xfire
2011-05-23 09:51:16 ----D---- C:\Program Files (x86)\Microsoft Games
2011-05-23 09:50:12 ----SD---- C:\ProgramData\Microsoft
2011-05-22 16:35:33 ----D---- C:\ProgramData\boost_interprocess_rock91
2011-05-18 07:55:34 ----D---- C:\Program Files (x86)\Common Files\Akamai
2011-05-17 17:39:33 ----D---- C:\Nexon
2011-05-17 17:36:56 ----D---- C:\Program Files (x86)\Common Files\Topaz Labs
2011-05-17 17:36:55 ----D---- C:\Program Files (x86)\Topaz Labs
2011-05-16 17:17:38 ----D---- C:\ProgramData\NexonUS
2011-05-16 05:18:11 ----D---- C:\ProgramData\boost_interprocess
2011-05-15 00:20:33 ----D---- C:\Users\rock91\AppData\Roaming\FileZilla
2011-05-13 04:47:15 ----D---- C:\Windows\Minidump
2011-05-13 04:47:15 ----D---- C:\Windows\debug
2011-05-13 03:35:22 ----SD---- C:\Users\rock91\AppData\Roaming\Microsoft
2011-05-13 02:38:30 ----RSD---- C:\Windows\assembly
2011-05-13 02:36:37 ----D---- C:\Program Files (x86)\Common Files
2011-05-12 07:18:47 ----RD---- C:\Program Files (x86)\Skype
2011-05-12 07:18:15 ----D---- C:\ProgramData\Skype
2011-05-12 06:17:04 ----D---- C:\Windows\winsxs
2011-05-12 03:04:05 ----D---- C:\ProgramData\Microsoft Help
2011-05-11 03:08:18 ----D---- C:\Windows\SysWOW64\drivers
2011-05-11 02:55:57 ----D---- C:\Program Files (x86)\Spyware Doctor
2011-05-11 02:52:24 ----AD---- C:\ProgramData\Temp
2011-05-08 01:27:35 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2011-05-08 01:26:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-05-07 05:16:36 ----D---- C:\Program Files (x86)\Yahoo!
2011-05-05 18:23:44 ----D---- C:\ProgramData\Yahoo!
2011-05-05 18:07:49 ----D---- C:\Users\rock91\AppData\Roaming\InstallShield Installation Information
2011-05-05 18:05:04 ----D---- C:\Program Files (x86)\Koei
2011-05-02 14:02:53 ----D---- C:\Program Files (x86)\JDownloader
2011-05-01 09:02:59 ----D---- C:\Windows\rescache
2011-04-30 02:43:43 ----D---- C:\Windows\SysWOW64\de-DE
2011-04-30 02:03:13 ----D---- C:\Windows\AppPatch
2011-04-30 02:01:38 ----D---- C:\Windows\SoftwareDistribution
2011-04-29 12:42:55 ----RSD---- C:\Windows\Fonts
2011-04-29 08:22:27 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2011-04-29 07:56:21 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 SCDEmu;SCDEmu; C:\Windows\SysWOW64\drivers\SCDEmu.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver; C:\Windows\system32\DRIVERS\wg111v3.sys []
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files (x86)\Gpotato\Flyff\GameGuard\dump_wmimmc.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 KIKIDRIVER;KIKIDRIVER; \??\C:\Users\rock91\Desktop\Kiki Engine 1.41\kiki.sys []
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys []
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []
S3 X6va001;X6va001; \??\C:\Users\rock91\AppData\Local\Temp\001505F.tmp []
S3 X6va003;X6va003; \??\C:\Users\rock91\AppData\Local\Temp\00325DC.tmp []
S4 RsFx0150;RsFx0150 Driver; C:\Windows\system32\DRIVERS\RsFx0150.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-03-16 269480]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 astcc;AST Service; C:\Windows\system32\astsrv.exe [2009-03-25 57344]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-11-15 126520]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hshld;Hotspot Shield Service; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-04-15 289096]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe [2011-04-15 352304]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2011-04-15 328952]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R2 MSSQL$SQUIRTONLINE;SQL Server (SQUIRTONLINE); c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\nlssrv32.exe [2010-03-25 57344]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-10-14 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-04-03 146272]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [2010-03-23 247808]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-10-14 751672]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Serviciul Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-08 136176]
S3 gupdatem;Google Update-Dienst (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-08 136176]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [2011-04-15 63976]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-05-03 3658096]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
S4 SQLAgent$SQUIRTONLINE;SQL Server Agent (SQUIRTONLINE); c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
S4 SQLBrowser;SQL Server Browser; c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-04-03 267616]

-----------------EOF-----------------


HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:29:39 PM, on 5/24/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\MAXON\CINEMA 4D R12\resource\libs\win32\qtguiagent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.msn.com/?ocid=mp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\rock91\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {304171C0-65EA-4B51-B5D9-93A311E26EB1} (MxPEG_ActiveX Control) - http://www.banaterra.eu/romana/webcam/MxPEG_ActiveX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviciul Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13662 bytes

Edited by Orange Blossom, 27 May 2011 - 06:38 PM.
Removed spoiler coding for ease of reading. ~ OB


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:22 PM

Posted 01 June 2011 - 07:11 AM

Hi Smexy, and welcome to Bleeping Computer.

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    dir /a:h c:\windows\syswow64\* /c
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:22 PM

Posted 14 June 2011 - 01:37 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users