|
Log-Analyse und Auswertung: Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.10.2010, 07:27 | #1 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Was stimmt hier nicht? Benutze firefox und hatte gestern Abend eine merkwürdige Meldg. (-> http://www.trojaner-board.de/91811-v...-redirect.html) beim Googeln - Sieten mit einem (dubiosen?!) firefox-update öffneten sich. Daraufhin hab i dann doch noch das Virenprog. (MSE) durchlaufen lassen - Ergebnis: alles okay. Habs die Nacht über laufen lassen. Merkwürdig dabei: Der PC hat sich nicht wie sonst in den Ruhezustand versetzt. Er war an als ich aufwachte und längst fertig. Als ich ihn herunterfahren wollte kam eine Meldg. (leicht transparent-schwarzer Bildschirm, darauf ein Fenster; in etwa: Achtung, Achtung..Herunterfahren..noch geöffnete Programme.. -> Strg+C war nicht mögl.), dass der iexplorer(.exe) o.s.ä. nicht funktioniert bzw. nicht 'aus ist'.. Eben hab i den Rechner wieder eingeschalten und 'tadaa' - er läuft. Die Frage ist nur, wie lange er noch läuft und was hier noch so alles läuft während er läuft. Hier also das Logfile von vorhin: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:51:46, on 14.10.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Windows\System32\nvraidservice.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\V0420Mon.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp O4 - HKLM\..\RunOnce: [SpybotDeletingA1335] command.com /c del "C:\Windows\System32\sshnas21.dll_old" O4 - HKLM\..\RunOnce: [SpybotDeletingC6230] cmd.exe /c del "C:\Windows\System32\sshnas21.dll_old" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\Users\Admin\AppData\Local\Temp\Rzd.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB6009] command.com /c del "C:\Windows\System32\sshnas21.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD3639] cmd.exe /c del "C:\Windows\System32\sshnas21.dll_old" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1272575101-2667807289-1454402517-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Benita') O4 - S-1-5-21-1272575101-2667807289-1454402517-1001 Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Benita') O4 - S-1-5-21-1272575101-2667807289-1454402517-1001 User Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Benita') O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 10045 bytes DANKE VORAB! |
14.10.2010, 08:11 | #2 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Hi,
__________________bitte keine Post in zwei Foren! Lass sofort MAM laufen und danch CF: Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet! Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris Ps.: für mich: C:\Windows\system32\sshnas21.dll
__________________ |
14.10.2010, 09:11 | #3 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Hallo,
__________________sry wg. des 'Doppelposts'. Das andere Thema war nicht zu löschen und da ich nun ein 'aktuelles' Logfile hatte, habe ich es hier gepostet. Hier nun wie folgt die Logfiles von OTL & MAM. CF war mir zu heikel, weil da steht: "Achtung: In einigen wenigen Fällen kann es vorkommen, dass der Rechner nicht mehr booten kann und Neuaufgesetzt werden muss!". Ich wüsste nicht weiter, wenn das passiert. ..ansonsten hab i alles so gemacht, wie es geschrieben steht. OTL OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 14.10.2010 09:24:18 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = c:\Users\Admin\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,13 Gb Total Space | 144,82 Gb Free Space | 63,21% Space Free | Partition Type: NTFS Drive D: | 228,83 Gb Total Space | 208,86 Gb Free Space | 91,28% Space Free | Partition Type: NTFS Drive F: | 465,65 Gb Total Space | 298,55 Gb Free Space | 64,12% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\Admin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.) ========== Modules (SafeList) ========== MOD - c:\Users\Admin\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys File not found DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (V0420VID) Live! Cam Vista IM (VF0420) -- C:\Windows\System32\drivers\V0420Vid.sys (Creative Technology Ltd.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 E1 71 96 C5 43 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.08 15:23:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.13 19:14:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.13 19:14:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.24 15:21:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.24 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.10.13 11:42:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\w5cna50m.default\extensions [2010.10.11 14:47:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\w5cna50m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.13 19:14:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\Admin\AppData\Local\Temp\Rzd.exe (Borland International) O4 - HKCU..\Run: [Metropolis] C:\Windows\System32\sshnas21.DLL File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingA1335] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingC6230] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found O4 - HKCU..\RunOnce: [SpybotDeletingB6009] C:\Windows\System32\COMMAND.COM () O4 - HKCU..\RunOnce: [SpybotDeletingD3639] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ctrun\start.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.14 09:18:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2010.10.14 09:18:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.14 09:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.14 09:18:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.14 09:18:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.14 01:37:33 | 000,196,608 | ---- | C] (Borland International) -- C:\Windows\Rcecua.exe [2010.10.13 22:39:37 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.10.13 22:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.10.13 22:32:12 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.10.12 21:45:57 | 000,000,000 | ---D | C] -- C:\Programme\NOS [2010.10.12 21:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010.10.12 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ICQ [2010.10.12 21:43:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\AOL [2010.10.12 11:45:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\eSobi [2010.10.12 11:41:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared [2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS [2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan [2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022 [2010.10.12 11:37:13 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller [2010.10.12 11:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.10.11 23:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.10.11 21:36:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2010.10.10 17:29:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\IrfanView [2010.10.06 16:27:46 | 000,000,000 | ---D | C] -- C:\Programme\Recuva [2010.09.29 08:20:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.15 15:28:00 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.01 16:57:53 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC40E.dll ========== Files - Modified Within 30 Days ========== [2010.10.14 09:20:56 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.14 09:20:56 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.14 09:20:56 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.14 09:20:56 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.14 09:18:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.14 08:48:01 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.10.14 08:45:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.10.14 08:28:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.10.14 07:46:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.14 07:46:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.14 07:46:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.14 07:46:35 | 3220,410,368 | -HS- | M] () -- C:\hiberfil.sys [2010.10.14 02:27:15 | 000,000,095 | ---- | M] () -- C:\Windows\wininit.ini [2010.10.14 01:37:30 | 000,196,608 | ---- | M] (Borland International) -- C:\Windows\Rcecua.exe [2010.10.13 22:39:54 | 000,001,059 | ---- | M] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk [2010.10.13 22:32:12 | 000,001,878 | ---- | M] () -- C:\Users\Admin\Desktop\HijackThis.lnk [2010.10.13 19:15:00 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.13 19:11:02 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_3 [2010.10.13 19:10:55 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_2 [2010.10.13 19:10:43 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13.json [2010.10.13 09:57:44 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.10.12 21:47:04 | 000,040,737 | ---- | M] () -- C:\Users\Admin\Desktop\Clipboard01.jpg [2010.10.12 20:55:45 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.12 18:10:40 | 001,664,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.12 18:10:35 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Admin.job [2010.10.12 11:37:14 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.10.11 12:33:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job ========== Files Created - No Company Name ========== [2010.10.14 09:18:47 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.14 02:27:15 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini [2010.10.14 01:37:42 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.10.14 01:37:37 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.10.14 01:37:31 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.10.13 22:39:54 | 000,001,059 | ---- | C] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk [2010.10.13 22:32:12 | 000,001,878 | ---- | C] () -- C:\Users\Admin\Desktop\HijackThis.lnk [2010.10.13 19:15:00 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.13 19:11:02 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_3 [2010.10.13 19:10:55 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_2 [2010.10.13 19:10:43 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13.json [2010.10.13 09:57:44 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.10.12 21:47:04 | 000,040,737 | ---- | C] () -- C:\Users\Admin\Desktop\Clipboard01.jpg [2010.10.12 20:55:45 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.12 11:37:18 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Admin.job [2010.10.12 11:37:14 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.08.29 18:24:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.29 16:56:04 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2010.08.25 13:16:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.25 12:25:18 | 000,001,504 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.08.24 20:55:24 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.24 20:54:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat [2010.08.23 18:30:06 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.08.23 09:51:11 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2010.08.23 09:51:11 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.03.22 00:49:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.21 23:05:48 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini [2008.03.21 23:05:48 | 000,000,134 | ---- | C] () -- C:\Windows\Alaunch.ini [2008.03.21 16:18:28 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > -- - -- - -- - -- - -- Extras.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.10.2010 09:24:18 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = c:\Users\Admin\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,13 Gb Total Space | 144,82 Gb Free Space | 63,21% Space Free | Partition Type: NTFS Drive D: | 228,83 Gb Total Space | 208,86 Gb Free Space | 91,28% Space Free | Partition Type: NTFS Drive F: | 465,65 Gb Total Space | 298,55 Gb Free Space | 64,12% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A8EA3A1-DB99-4536-891F-6C4DC3623B7C}" = rport=445 | protocol=6 | dir=out | app=system | "{1608BC78-BABA-46C6-949E-DEA2CD9F569A}" = rport=137 | protocol=17 | dir=out | app=system | "{1967FC27-C38D-4ED9-AD55-945E6DB8D5D2}" = lport=2869 | protocol=6 | dir=in | app=system | "{303C60FB-412C-446D-87BB-D2891C92DB7A}" = rport=138 | protocol=17 | dir=out | app=system | "{536500AB-F214-4A92-9D25-949CD1A8D7B2}" = rport=139 | protocol=6 | dir=out | app=system | "{6DC06708-F4FE-4561-AF24-036952FC0F2F}" = lport=138 | protocol=17 | dir=in | app=system | "{9392473C-141B-4D4B-B057-461D14977CEA}" = lport=137 | protocol=17 | dir=in | app=system | "{A4CD4F0E-CAFC-48B7-9AAE-B783FA901B96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AA5F5DE5-C2D4-4E24-9CEE-00150A711A45}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CE249E74-9B30-4D6B-97EA-06CD5028BFCE}" = lport=139 | protocol=6 | dir=in | app=system | "{E33298DC-22CE-4F2F-A6AD-A9099AC83B4A}" = lport=445 | protocol=6 | dir=in | app=system | "{FA9DFD88-CB5A-462C-8675-B958C8594DA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00A61EEC-423F-4E81-90A7-31005DCC82E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{05674754-C76C-49BF-B922-62E2488CDFAA}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{077D2931-DB4D-4CCD-99C5-11DB2FC33C10}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | "{123A0E08-C9BB-4804-92AB-904E5BAEB631}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{13AB3B93-D622-40F5-BB04-F2057D2388CD}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{1B99EF99-611F-4141-BE2C-FAE9EB540E8E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1F737DB0-A5FC-4DAA-B056-E3C3DA941552}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{23C07E87-1EEE-45EC-AED4-19C4CAC30E67}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{24AEFC7B-C444-4941-BC39-DAAA2CC9DFCE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{28D5960E-B488-490F-B356-FE32012ACAC3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{29E8E4DC-B156-4A3B-8ED5-E0B890F47716}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{2D937DCC-89DF-408A-B5B0-485337D6B49C}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | "{2DB8E8B6-416F-49B3-9DA3-3FF1723390A7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{2EE9E0B5-1D03-46D0-B454-2D6B650CBC1D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{35D53898-57BE-4F42-B36A-0743BE2F1468}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | "{3C90456F-07F9-426D-A65F-D2C20F26F442}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "{3E2D67AB-FBC8-46D0-98FD-89194B8E4C5F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{3F195AE9-BF7E-43C6-9690-E77F3DFABC00}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{407B7AEC-7605-41B9-9EEF-DD50C0F0CCD7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{43BAD0D4-223E-49D4-A0BD-18659A9AB5BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{45B26A3E-524F-40B7-B53E-0CD14C695A9C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{4D56D392-50C7-48E8-8CE2-A2FEC81D8D05}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | "{4FB28050-BA4F-4074-BF5D-1D96FE22E0F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{57352C9F-BC16-4570-9C59-40AC0D116D5C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{6B45DF9B-DC8F-43E8-949E-B25C2042BE93}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6BCBA53E-447C-41F7-8521-3C739F0812B2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{7D1E0179-E346-4CAB-96C2-C247F924AF64}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{8C70944F-3280-4CCC-B781-0173DED7AC33}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{8FEB3F4E-162D-4FB5-8950-B65A3C56E085}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{92124ED5-43AD-49B5-92D9-0A99421B2DCA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{996ACF84-94F5-4ECD-B76A-888B99685F10}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{9C4B2756-7381-4803-B1DA-42687C106B69}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{A05F63F9-C570-4C0D-95FB-39196FF81D61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{A3863431-FFB7-41D7-A10E-AC193BB372BE}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "{A3B416BD-6980-4235-BE55-1B9529AE5EBB}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | "{A579E820-921F-4413-B0D7-0E9602CEE6DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{BCB17394-870F-46D4-BAA3-679591B42429}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{BCCE2808-3651-42B2-B6C0-3FC7A8BC2D36}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | "{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{C0B31EA7-784B-4490-9CB9-9DDB1FD0F17C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C528D3E1-8CE3-478C-95EA-DC62DDA90D66}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{C8366C07-2131-473C-BBED-D27222D02A87}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | "{C99793BB-DD3E-4A0F-A425-8EA3BAEF8880}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | "{DB6A42BD-0E5C-4738-B41F-5498B9D82F33}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{DC96B31F-5D1B-4D34-954B-65049D1139C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F849F079-AD5A-4456-B9EC-C1D450B99A70}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{FED8A1D4-1E81-4013-A93D-80E472273DA7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "TCP Query User{9C933299-0C22-4CAA-A144-DD25E7F64923}C:\program files\sightspeed\sightspeed.exe" = protocol=6 | dir=in | app=c:\program files\sightspeed\sightspeed.exe | "UDP Query User{14566D9F-8A82-4575-9E65-D5255642D606}C:\program files\sightspeed\sightspeed.exe" = protocol=17 | dir=in | app=c:\program files\sightspeed\sightspeed.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00E139DD-A721-6CAD-BD4C-6FF597FC52BD}" = Catalyst Control Center Graphics Light "{02F1F814-3458-9AE2-B360-6BA8C8DF9049}" = Catalyst Control Center Localization Danish "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{062D3AEE-6E5C-BCE9-4BE4-1190D29EE352}" = CCC Help Thai "{06A4892F-EC84-7384-B401-52F30FC122FE}" = Catalyst Control Center Localization Japanese "{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg "{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4 "{0CC4C654-6439-52F7-FB58-7A6A720166ED}" = CCC Help Turkish "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{173823FE-9525-76D1-D97B-0FE91E155252}" = Skins "{1A214451-2E9B-D3D3-47C6-A5721559CB4C}" = CCC Help Chinese Standard "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{277D09B9-B42D-2AC2-C924-EDDFCF2107A3}" = Catalyst Control Center Core Implementation "{286062BC-BDD5-9672-C020-136205720097}" = Catalyst Control Center Localization German "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch "{2BA19C43-B671-8CEE-9354-4045F2CA7EB4}" = Catalyst Control Center Graphics Full Existing "{2C1F489E-5720-996D-B4C1-EDC85CE1B65E}" = CCC Help Finnish "{2CF047B3-E199-A69F-6D92-AADFBA7FF661}" = Catalyst Control Center Localization Chinese Traditional "{2DFF2037-F943-84F0-BE0C-64D0CDD77E58}" = Catalyst Control Center Localization French "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{36CCF09A-3ABB-C137-4EFD-07E91590D001}" = Catalyst Control Center Localization Swedish "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup "{39140291-BEC7-7D17-B3AC-BA327051FA0B}" = ccc-core-static "{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy "{3A146779-C87B-332C-EBBC-8579497D68BA}" = Catalyst Control Center Localization Greek "{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580 "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{423C4F57-FABA-53C2-BD7C-2C5A2EFC50B4}" = Catalyst Control Center Localization Spanish "{4254E189-9BDD-3319-C681-F60AF423A509}" = CCC Help Polish "{431643EB-1687-CB60-C9C9-E9E60937E87E}" = Catalyst Control Center Graphics Previews Vista "{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding "{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4BBCED26-53AA-B0F9-753C-B7D7822F5B54}" = CCC Help Norwegian "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{4F99A59A-FA06-50CE-720F-983F59D14344}" = Catalyst Control Center Localization Thai "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget "{555A4211-DCF8-2A4B-8521-F077D1C72E52}" = Catalyst Control Center Localization Turkish "{61F260E7-05DE-9EBD-C5F0-4D8AF9FC16A3}" = CCC Help Chinese Traditional "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61 "{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7C03DBF2-0F03-F9E8-3CBE-B07CB7F59318}" = CCC Help Greek "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{85C89C8C-4FD7-C7E2-97A7-847D947FFDDB}" = Catalyst Control Center Localization Chinese Standard "{864A44F1-6AB7-5016-B275-DC2AC43D09E7}" = Catalyst Control Center Localization Portuguese "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8E279E44-FBBF-3C62-899C-E8D021697D52}" = ccc-utility "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96C48A0F-0368-554A-6833-F9B7D264B59F}" = CCC Help Italian "{96C61636-0F21-403C-5348-AAE3C857BD72}" = Catalyst Control Center Graphics Full New "{9AF5B5DE-6161-F211-2052-54BB67F32008}" = Catalyst Control Center Localization Finnish "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B075B92E-C60E-57C2-BDA4-A60E5FF71591}" = CCC Help Dutch "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B420E03C-A7A8-7142-8BF1-D6798B98AC8A}" = CCC Help Korean "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{BE63EA03-29BF-4E9D-73C9-095850F069C8}" = CCC Help Swedish "{BFFDAD41-BAAB-5602-CD1A-EE1171D14D40}" = Catalyst Control Center Localization Hungarian "{C3452F04-DA8E-2119-1925-D0E050A64186}" = ATI Catalyst Install Manager "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C8CF9485-B188-A9B0-FEE3-3F423779F89C}" = Catalyst Control Center Localization Dutch "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CEA453C2-40E0-9B65-A90D-DA8611C29F32}" = CCC Help Hungarian "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D17E2A02-5D61-C6F9-8D78-90FE1112C19A}" = CCC Help Spanish "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management "{D53BAED6-CF1C-FF87-DE1A-D879D22EF67C}" = Catalyst Control Center Localization Czech "{D5C388EB-9848-80F6-02F4-DBFED2DF02E8}" = CCC Help French "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D7E3DAA3-78CB-A30F-FD58-94ED333AE524}" = CCC Help English "{DE44BDEC-6005-6676-DBA4-FC314F53DD49}" = Catalyst Control Center Localization Norwegian "{E05830A9-573F-8253-C280-921FF1474DA5}" = Catalyst Control Center Localization Russian "{E0D6A886-A34F-7303-C485-91FA655E83D5}" = CCC Help Japanese "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E53B1B0E-C8DA-4105-2C41-210571998AB6}" = Catalyst Control Center Localization Korean "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware "{E927B65C-A081-8B68-705C-932883697B80}" = Catalyst Control Center Localization Italian "{EF70BC30-AEE6-5C73-DC7C-3C3B9A73D8FE}" = Catalyst Control Center Localization Polish "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F37200BB-2C03-42D9-DBE3-C6240D53DF06}" = CCC Help Portuguese "{F57D72B6-7FBB-3C60-A19D-55C7B8042934}" = CCC Help Russian "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "{F7FE23D7-980C-6250-6873-4BD1660FE4CB}" = CCC Help Czech "{F90E2693-78D9-7CCB-4617-2383A0A31CD2}" = CCC Help Danish "{F917BAC3-BC13-E3A0-EE98-74D9DA33BAE6}" = CCC Help German "Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AVS Media Player_is1" = AVS Media Player 4.1.2.65 "AVS Update Manager_is1" = AVS Update Manager 1.0 "Creative Live! Cam Center" = Creative Live! Cam Center "Creative Live! Cam Manager" = Creative Live! Cam Manager "Creative VF0420" = Creative Live! Cam Vista IM Driver (1.00.03.0000) "Free Studio_is1" = Free Studio version 4.8 "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 12.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 12.0 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2) "NSS" = Norton Security Scan "NVIDIA Drivers" = NVIDIA Drivers "Recuva" = Recuva "Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2 "Shockwave 7.0.3 Player" = Shockwave 7.0.3 Player "Shop for HP Supplies" = Shop for HP Supplies "SysInfo" = Creative-Systeminformationen "Uninstall_is1" = Uninstall 1.0.0.1 "Update Service" = Update Service "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07.10.2010 14:44:59 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Programm AVSMediaPlayer.exe, Version 4.1.2.65 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 124c Anfangszeit: 01cb6639d82c8b30 Zeitpunkt der Beendigung: 9 Error - 07.10.2010 18:08:54 | Computer Name = *** | Source = EventSystem | ID = 4621 Description = Error - 08.10.2010 02:11:48 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 08.10.2010 03:38:38 | Computer Name = *** | Source = EventSystem | ID = 4621 Description = Error - 08.10.2010 12:26:56 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 08.10.2010 17:07:32 | Computer Name = *** | Source = EventSystem | ID = 4621 Description = Error - 09.10.2010 04:01:34 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 09.10.2010 04:46:37 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 09.10.2010 07:06:18 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 09.10.2010 11:46:27 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 08.09.2010 09:34:45 | Computer Name = *** | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 08.09.2010 09:34:54 | Computer Name = *** | Source = cdrom | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\CdRom0. Error - 08.09.2010 10:04:44 | Computer Name = *** | Source = DCOM | ID = 10005 Description = Error - 08.09.2010 10:04:44 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = Error - 08.09.2010 10:04:44 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 08.09.2010 15:30:59 | Computer Name = *** | Source = DCOM | ID = 10005 Description = Error - 08.09.2010 15:31:00 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = Error - 08.09.2010 15:31:00 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 08.09.2010 15:37:49 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = Error - 08.09.2010 15:37:49 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = < End of report > MAM Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4818 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 14.10.10 10:07 mbam-log-2010-10-14 (10-07-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|) Durchsuchte Objekte: 292329 Laufzeit: 45 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 7 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\koo9rv9k4z (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Admin\AppData\Local\Temp\Rzd.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\$RECYCLE.BIN\S-1-5-21-1272575101-2667807289-1454402517-1001\$RDRCGNZ.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Admin\AppData\Local\Temp\Rze.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Benita\Downloads\firefox-update(3).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Windows\Rcecua.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. |
14.10.2010, 09:27 | #4 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Hi, einges wurde von MAM schon beseitigt, zur Sicherheit noch mal mit OTL (und noch ein bisschen mehr ;o): Fix für OTL:
Code:
ATTFilter :OTL DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys File not found DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\Admin\AppData\Local\Temp\Rzd.exe (Borland International) O4 - HKCU..\Run: [Metropolis] C:\Windows\System32\sshnas21.DLL File not found O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ctrun\start.exe -- File not found [2010.10.14 08:48:01 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.10.14 08:45:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.10.14 08:28:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.10.14 01:37:30 | 000,196,608 | ---- | M] (Borland International) -- C:\Windows\Rcecua.exe @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = dword:0x00 :Commands [emptytemp] [Reboot]
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... Superantispyware (SASW): http://www.trojaner-board.de/51871-a...tispyware.html chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
14.10.2010, 09:47 | #5 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.10.2010 10:44:34 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = c:\Users\Admin\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,13 Gb Total Space | 149,12 Gb Free Space | 65,08% Space Free | Partition Type: NTFS Drive D: | 228,83 Gb Total Space | 208,86 Gb Free Space | 91,28% Space Free | Partition Type: NTFS Drive F: | 465,65 Gb Total Space | 298,55 Gb Free Space | 64,12% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.10.14 09:21:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- c:\Users\Admin\Downloads\OTL.exe PRC - [2010.09.15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\msseces.exe PRC - [2010.09.15 01:02:28 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.09.15 01:02:28 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe PRC - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\MsMpEng.exe PRC - [2009.09.10 16:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.05.06 15:53:34 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe PRC - [2008.03.26 15:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.07 14:01:38 | 000,155,648 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe ========== Modules (SafeList) ========== MOD - [2010.10.14 09:21:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- c:\Users\Admin\Downloads\OTL.exe MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010.09.01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.08.24 13:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2010.09.01 17:06:05 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.03.25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.05.06 17:53:20 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.05.06 17:53:20 | 000,132,128 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008.03.26 20:35:54 | 002,103,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.03.21 15:43:22 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2008.03.05 00:38:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk) DRV - [2008.03.05 00:38:44 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2008.03.05 00:38:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2008.02.20 01:52:50 | 003,514,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.12.21 17:51:08 | 007,629,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport) DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport) DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.07.16 11:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2007.05.31 03:32:34 | 000,099,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0420Vid.sys -- (V0420VID) Live! Cam Vista IM (VF0420) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.06.13 22:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 E1 71 96 C5 43 CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.08 15:23:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.13 19:14:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.13 19:14:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.24 15:21:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.24 18:50:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.10.13 11:42:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\w5cna50m.default\extensions [2010.10.11 14:47:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\w5cna50m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.13 19:14:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingA1335] C:\Windows\System32\COMMAND.COM () O4 - HKLM..\RunOnce: [SpybotDeletingC6230] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found O4 - HKCU..\RunOnce: [SpybotDeletingB6009] C:\Windows\System32\COMMAND.COM () O4 - HKCU..\RunOnce: [SpybotDeletingD3639] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ctrun\start.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.14 10:04:42 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.10.14 09:18:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2010.10.14 09:18:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.14 09:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.14 09:18:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.14 09:18:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.13 22:39:37 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.10.13 22:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.10.13 22:32:12 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.10.12 21:45:57 | 000,000,000 | ---D | C] -- C:\Programme\NOS [2010.10.12 21:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010.10.12 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ICQ [2010.10.12 21:43:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\AOL [2010.10.12 11:45:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\eSobi [2010.10.12 11:41:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared [2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS [2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan [2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.10.12 11:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022 [2010.10.12 11:37:13 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller [2010.10.12 11:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.10.11 23:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.10.11 21:36:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2010.10.10 17:29:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\IrfanView [2010.10.06 16:27:46 | 000,000,000 | ---D | C] -- C:\Programme\Recuva [2010.09.29 08:20:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.15 15:28:00 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.01 16:57:53 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC40E.dll ========== Files - Modified Within 30 Days ========== [2010.10.14 10:28:02 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.10.14 10:08:19 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\tyauye.sys [2010.10.14 10:04:50 | 000,000,808 | ---- | M] () -- C:\Users\Admin\Desktop\CCleaner.lnk [2010.10.14 09:46:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.14 09:46:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.14 09:20:56 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.14 09:20:56 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.14 09:20:56 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.14 09:20:56 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.14 09:18:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.14 07:46:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.14 02:27:15 | 000,000,095 | ---- | M] () -- C:\Windows\wininit.ini [2010.10.13 22:39:54 | 000,001,059 | ---- | M] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk [2010.10.13 22:32:12 | 000,001,878 | ---- | M] () -- C:\Users\Admin\Desktop\HijackThis.lnk [2010.10.13 19:15:00 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.13 19:11:02 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_3 [2010.10.13 19:10:55 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_2 [2010.10.13 19:10:43 | 000,005,156 | ---- | M] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13.json [2010.10.13 09:57:44 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.10.12 21:47:04 | 000,040,737 | ---- | M] () -- C:\Users\Admin\Desktop\Clipboard01.jpg [2010.10.12 20:55:45 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.12 18:10:40 | 001,664,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.12 18:10:35 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Admin.job [2010.10.12 11:37:14 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.10.11 12:33:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\WebReg HP Photosmart C4500 series.job ========== Files Created - No Company Name ========== [2010.10.14 10:08:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tyauye.sys [2010.10.14 10:04:50 | 000,000,808 | ---- | C] () -- C:\Users\Admin\Desktop\CCleaner.lnk [2010.10.14 09:18:47 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.14 02:27:15 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini [2010.10.14 01:37:42 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.10.13 22:39:54 | 000,001,059 | ---- | C] () -- C:\Users\Admin\Desktop\Spybot - Search & Destroy.lnk [2010.10.13 22:32:12 | 000,001,878 | ---- | C] () -- C:\Users\Admin\Desktop\HijackThis.lnk [2010.10.13 19:15:00 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.10.13 19:11:02 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_3 [2010.10.13 19:10:55 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13_2 [2010.10.13 19:10:43 | 000,005,156 | ---- | C] () -- C:\Users\Admin\Desktop\bookmarks-2010-10-13.json [2010.10.13 09:57:44 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.10.12 21:47:04 | 000,040,737 | ---- | C] () -- C:\Users\Admin\Desktop\Clipboard01.jpg [2010.10.12 20:55:45 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.12 11:37:18 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Admin.job [2010.10.12 11:37:14 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.08.29 18:24:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.29 16:56:04 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2010.08.25 13:16:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.25 12:25:18 | 000,001,504 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.08.24 20:55:24 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.24 20:54:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\wklnhst.dat [2010.08.23 18:30:06 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.08.23 09:51:11 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2010.08.23 09:51:11 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.03.22 00:49:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.21 23:05:48 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini [2008.03.21 23:05:48 | 000,000,134 | ---- | C] () -- C:\Windows\Alaunch.ini [2008.03.21 16:18:28 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Custom Scans ========== < :OTL > < DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found > < DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found > < DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys File not found > < DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys File not found > < DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found > < O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Users\Admin\AppData\Local\Temp\Rzd.exe (Borland International) > < O4 - HKCU..\Run: [Metropolis] C:\Windows\System32\sshnas21.DLL File not found > < O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell - "" = AutoRun > < O33 - MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ctrun\start.exe -- File not found > < [2010.10.14 08:48:01 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job > < [2010.10.14 08:45:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job > < [2010.10.14 08:28:01 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job > < [2010.10.14 01:37:30 | 000,196,608 | ---- | M] (Borland International) -- C:\Windows\Rcecua.exe > < @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57 > < @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B623B5B8 > < @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 > < > < :reg > < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] > < "DisableMonitoring" = dword:0x00 > < > < > < :Commands > < [emptytemp] > < [Reboot] > ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > |
14.10.2010, 09:55 | #6 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Hi, fast richtig. Du musst das was in meinem vorangegangen Post in der codebox steht bei OTL in das große Feld im unteren Drittel reinkopieren und dann den Button "Run Fixes" drücken und das dann generierte Log posten... chris
__________________ --> Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" |
14.10.2010, 16:20 | #7 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Hej Chris, ich hab natürlich NiCHT "RunFix" geklickt. Nun also nochmal RiCHTIG (SRY!)..ich hoffe es doch. (Es gab btw nen NEUSTART nach dem "RunFix"-Scan): All processes killed ========== OTL ========== Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found. Service nmwcdnsuc stopped successfully! Service nmwcdnsuc deleted successfully! File C:\Windows\System32\drivers\nmwcdnsuc.sys File not found not found. Service nmwcdnsu stopped successfully! Service nmwcdnsu deleted successfully! File C:\Windows\System32\drivers\nmwcdnsu.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KOO9RV9K4Z not found. File C:\Users\Admin\AppData\Local\Temp\Rzd.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Metropolis not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd717a34-ae88-11df-a27f-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd717a34-ae88-11df-a27f-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd717a34-ae88-11df-a27f-806e6f6e6963}\ not found. File E:\ctrun\start.exe not found. File C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job not found. File C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found. C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully. File C:\Windows\Rcecua.exe not found. ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully. ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully. ADS C:\ProgramData\TEMP1B5B4F1 deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\"DisableMonitoring" | dword:0x00 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 76543 bytes ->Temporary Internet Files folder emptied: 7637034 bytes ->FireFox cache emptied: 101805838 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 579 bytes User: All Users User: *** ->Temp folder emptied: 1768131 bytes ->Temporary Internet Files folder emptied: 622726 bytes ->FireFox cache emptied: 47254699 bytes ->Flash cache emptied: 2791530 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 212416 bytes ->Temporary Internet Files folder emptied: 21556581 bytes ->Flash cache emptied: 708 bytes User: J*** ->Temp folder emptied: 275254 bytes ->Temporary Internet Files folder emptied: 119818 bytes ->FireFox cache emptied: 40121389 bytes ->Flash cache emptied: 726 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 27686676 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 240,00 mb OTL by OldTimer - Version 3.2.15.2 log created on 10142010_165340 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot. Registry entries deleted on Reboot... Ach ja -> TDSS-Killer: niente! Gut? Ich dank dir jetzt schon ganz doll! Der Rechner ruckelt nimmer!!! |
15.10.2010, 06:50 | #8 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Hi, da sind noch ein paar Einträge von Spyboot denen wir nachgehen müssen, und ein neuer Treiber der gestern installiert wurde(?)... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\System32\drivers\tyauye.sys C:\Windows\System32\COMMAND.COM C:\Windows\System32\cmd.exe
Die zwei letzten Einträge will Spybot löschen, sind aber reguläre Files... Das erste ist der neue Treiber... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
15.10.2010, 08:44 | #9 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Hej Chris, was ihr alles findet! Super!!, dass du mir so hilfst. Bei mir siehts leider nicht so rosig aus. -> Die Dateien lassen sich in den angegebenen Verzeichnissen nicht ausfindig machen. Ueber die Suche komme ich nur zu den Logfiles.. Und direkt ueber die Ordner sind sie auch nicht zu finden. Vista hat gestern 16 Updates vorm Herunterfahren am Abend installiert. Koennten da die Dateien beigewesen sein? ..oder stell ich mich zu dämlich an?! |
15.10.2010, 09:45 | #10 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Hi, kopiere einfach den Pfad mit in das Eingabefeld bei Virustotal (also z.B. C:\Windows\System32\drivers\tyauye.sys ), dann brauchst Du nicht suchen. Entweder das System findet die Datei, oder es wird nichts hochgeladen (dann ist sie wohl weg)... Interessant ist eigentlich nur die erste Datei... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
15.10.2010, 11:52 | #11 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Einfuegen ist nicht moeglich; nur die Suche 'im' PC. ANALYSIS: "Upload a file" -> 'Klick' im "Eingabefeld" -> Pc: "Datei Hochladen" Eingeben konnte ich den Pfad unter SEARCH: -> "Virustotal_1" Ergebnis: 2 URL/file Kommentare Results I ->User: RyanMM -> Reputation: 3 credits -> Comment date: 2010-09-21 19:07:48 (UTC) #Redbook.sys located in the #system32 / #drivers directory. Detected by TDSSKiller as a #rootkit. From the #TDSSKiller log: 2010/09/21 14:30:43.0484 redbook (43f64dbb7296ce330d300b0ff1dc0cd1) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/21 14:30:43.0484 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 43f64dbb7296ce330d300b0ff1dc0cd1, Fake md5: b31b4588e4086d8d84adbf9845c2402b 2010/09/21 14:30:50.0125 Backup copy found, using it.. 2010/09/21 14:30:50.0125 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot 2010/09/21 14:30:50.0125 Rootkit.Win32.TDSS.tdl3(redbook) - User select action: Cure 2010/09/21 14:30:58.0046 Deinitialize success Removing this file and this file alone restored the system to proper functionality, so I'm calling this malware. Tags: Malware, Redbook, system32, drivers, rootkit, TDSSKiller, patched, lookslike 0b45979623b0ac774a9426c428954e7fb604fae0db187c402af6052906f4099a Results II -> User: BugBopperGuy -> Reputation: 561 credits -> Comment date: 2010-09-13 19:11:18 (UTC) BugBopper identifies this file as Trojan.Bat.Erro More info: hxxp://BugBopper.com/MalwareInfo/MD5/83/83d0a4ef71406fce0fcd1924f70c8600.asp Tags: erro, destoyer, windows 6f064269a7b26cd0dc01886965f00a2f88f50ad4abb1c3b396f728d82693cc4d Beim ersten Beitrag steht, dass TDSS-Killer die Datei als verdaechtige Datei einstuft..Rootkit..?! -> "Removing this file and this file alone restored the system to proper functionality, so I'm calling this malware." - Datei loeschen; und die Datei stellt von selbst die Funktionalitaet des Systems wieder her?!?!?! Daher Maleware.. Ich checks nicht! Beim zweiten Beitrag steht, dass BugBopper die Datei als Trojaner identifizierte. Die Suche nach "tyauye" auf der aufgefuehrten Page (hxxp://BugBopper.com/MalwareInfo/MD5/83/83d0a4ef71406fce0fcd1924f70c8600.asp§) hat zu keinem Ergebnis gefuehrt. Der Name taucht dort nirgends auf. Ich hoffe dass hiervon irgendetwas hilfreich ist! |
15.10.2010, 20:09 | #12 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Hi, äh, nicht wirklich... Bei virustotal.com auf Datei suchen und in dem sich dann öffnenden Dialog per copy-and-past die Datei mit Pfad reinkopieren und "Öffnen" anklicken. Das Verzeichnis wird gewechselt und die Datei entweder hochgeladen (wenn gefunden) oder es kommt zu einem Fehler... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
15.10.2010, 20:39 | #13 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Er findet sie nicht.. |
15.10.2010, 21:24 | #14 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Hi, zur Sicherheit... OTL:
Code:
ATTFilter :OTL [2010.10.14 10:08:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\tyauye.sys :Commands [purity] [emptytemp] [CREATERESTOREPOINT] [EMPTYFLASH] [Reboot]
Was macht der Rechner? chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
16.10.2010, 10:57 | #15 |
| Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" Er ist um einiges langsamer als ich und im Übrigen erst 2 Jahre 'alt'. Hier das OTL-Fix-Log: All processes killed ========== OTL ========== File C:\Windows\System32\drivers\tyauye.sys not found. ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: *** ->Temp folder emptied: 72160 bytes ->Temporary Internet Files folder emptied: 7024716 bytes ->FireFox cache emptied: 46699146 bytes ->Flash cache emptied: 1976 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 63070 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 20995186 bytes ->Flash cache emptied: 653 bytes User: *** ->Temp folder emptied: 41450 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 35165946 bytes ->Flash cache emptied: 456 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 64405 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 105,00 mb [EMPTYFLASH] User: Admin ->Flash cache emptied: 0 bytes User: All Users User: *** ->Flash cache emptied: 0 bytes User: Default User: Default User User: Gast ->Flash cache emptied: 0 bytes User: *** ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.15.2 log created on 10162010_102953 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot. Registry entries deleted on Reboot... Ein schickes Wochenende wünsch ich DiR! |
Themen zu Lahm, lahmer, mein PC -> stocken, ruckeln, aufhängen. "http://setupfirefox.co.cc/#redirect/" |
adobe, bho, bildschirm, c:\windows\system32\rundll32.exe, defender, download, firefox, firefox update iexplorer iexplorer.exe, frage, herunterfahren, hijack, hijackthis, icq, internet, internet explorer, local\temp, logfile, microsoft, microsoft security, microsoft security essentials, pdf, popup, rundll, safer networking, senden, software, stocken, system, temp, vista, windows, wmp |