|
Log-Analyse und Auswertung: Nur noch Verknüpfungen auf USB-Stick/CF-KartenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.11.2011, 16:24 | #1 |
| Nur noch Verknüpfungen auf USB-Stick/CF-Karten Hallo! Vor 1 bis 2 Wochen habe ich mir scheinbar einen Virus zugezogen. Die genaue Herkunft ist mir noch nicht ganz klar, aber es könnte über Facebook gekommen sein, da meine Freundin einen solchen Bildlink zugeschickt bekommen hat und auch versucht zu öffnen (auf meinem Laptop)! Aber bis der Fehler auf meinem USB-Stick auftrat, verging noch Zeit. Deshalb weiß ich nicht, ob es daher kommt. Ende letzter Woche ist mein Laptop (Windows Vista) nun ganz abgestürtzt und ich habe im abgesicherten Modus nur noch meine Daten retten können auf eine Externe Platte. Diesen habe ich inzwischen schon wieder neu installiert. Zurück zum USB-Stick: Wie schon in einigen Foren hier beschrieben, sind halt mit einmal nur noch Verknüpfungen drauf. Den Stick habe ich nun auch formatiert, das selbe ging mir auch mit meinem CF-Karten der Kamera. Nachdem ich nun die Karten, USB-Stick und den Laptiop neu formatiert habe und der Fehler wieder auftrat, wurde ich stutzig und habe mich hier im Forum darüber belesen. Deswegen habe ich auch jetzt über mein Laptop Malwarebytes, ESET und OTL laufen lassen. Log-Dateien folgen! Angesteckt waren auch meine externe Platte und mein USB-Stick bei den Scanns! Malewarebytes und ESET habe ich auch auf dem Laptop meiner Freundin durchlaufen lassen, weil ich mir nicht mehr sicher war, ob ich den Stick dort auch dran hatte. Sie hatte eventuell dort auch die Facebook-Datei aus dem Internet geöffnet! Hierzu zuerst die Log-Dateien. Ich hoffe ihr könnt mir helfen! Ich bin auf meinen Laptop beruflich angewiesen, ebenso auch auf meinen großen Rechner, den ich bis jetzt noch nicht gescannt habe, was ich aber noch machen werde, der dann hier ebenfalls noch hinzukommt, aber wie geschrieben erstmal der von meiner Freundin! So wie ich es mitbekommen habe hilft keine Formatierung, um den Virus zu besiegen, oder lieg ich falsch? Gibt es noch andere Quellen außer Facebook, wo er herkommen kann? Danke für eure Bemühungen! Mit freundlichen Grüßen Fiz Log-Datei vom Laptop Freundin: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8183 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 17.11.2011 19:32:56 mbam-log-2011-11-17 (19-32-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 281212 Laufzeit: 1 Stunde(n), 3 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ----------------- ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=c9c722028acafd438f6791c07b56db14 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-11-19 04:12:58 # local_time=2011-11-19 05:12:58 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 13430 58247408 68383 0 # compatibility_mode=5893 16776573 100 94 75262 73340709 0 0 # compatibility_mode=8192 67108863 100 0 4271 4271 0 0 # scanned=124043 # found=0 # cleaned=0 # scan_time=8320 _______________________________________________________________ |
23.11.2011, 16:26 | #2 |
| Nur noch Verknüpfungen auf USB-Stick/CF-Karten _______________________________________________________________
__________________Log-Dateien meines Laptops: (Wie empfohlen pc-name in *** umgeschrieben) Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 8187 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 18.11.2011 12:04:24 mbam-log-2011-11-18 (12-04-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 227064 Laufzeit: 34 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 5 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 7 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 1 Infizierte Dateien: 19 Infizierte Speicherprozesse: c:\Users\***\AppData\Roaming\240E9\00000.exe (Trojan.Dropper) -> 3932 -> Unloaded process successfully. c:\Users\***\AppData\Roaming\E99D1\lvvm.exe (Trojan.Dropper) -> 1416 -> Unloaded process successfully. c:\Users\***\AppData\Roaming\microsoft\0002\000.exe (Trojan.Dropper) -> 3020 -> Unloaded process successfully. c:\Users\***\50-8270-5705-5150\winsvc.exe (Backdoor.IRCBot) -> 3396 -> Unloaded process successfully. c:\Users\***\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> 3836 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\000.exe (Trojan.Dropper) -> Value: 000.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Update (Backdoor.IRCBot) -> Value: Microsoft Windows Update -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\D72.exe (Trojan.Dropper) -> Value: D72.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\D72.exe (Trojan.Dropper) -> Value: D72.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Trojan.Agent) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Dropper) -> Bad: (C:\Users\***\AppData\Roaming\E99D1\lvvm.exe) Good: () -> Quarantined and deleted successfully. Infizierte Verzeichnisse: c:\Users\***\m-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\***\AppData\Roaming\240E9\00000.exe (Trojan.Dropper) -> Delete on reboot. c:\Users\***\AppData\Roaming\E99D1\lvvm.exe (Trojan.Dropper) -> Delete on reboot. c:\Users\***\AppData\Roaming\microsoft\0002\000.exe (Trojan.Dropper) -> Delete on reboot. c:\Users\***\50-8270-5705-5150\winsvc.exe (Backdoor.IRCBot) -> Delete on reboot. c:\program files\LP\2112\D72.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\2112\D72.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\1120977.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\2256149.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\3469657.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\8530889.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\9365923.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\9869041.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\iexplore.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\240E9\E9B21.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\2112\4D17.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\2112\8D04.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. d:\sicherung\programme_ralf\activate_xp_vista\Vista.exe (Worm.VB) -> Quarantined and deleted successfully. d:\sicherung\programme_ralf\za_ror_double_trouble\ZWT\Keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully. c:\Users\***\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully. ------------------------------------------------------- ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=cf774c1a0fd8a748857c3de5194eee27 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-19 04:28:09 # local_time=2011-11-19 05:28:09 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1797 16774141 100 94 184630 80799250 0 0 # compatibility_mode=5892 16776638 66 95 115020344 159242485 0 0 # compatibility_mode=8192 67108863 100 0 4629 4629 0 0 # scanned=253189 # found=15 # cleaned=0 # scan_time=10333 D:\Sicherung\Musik-Video-Programme\Nero-9.4.12.3_free.exe Win32/Toolbar.AskSBar Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I D:\Sicherung\Programme_Ralf\RegistryBooster20104.6.3.0.rar Variante von Win32/RegistryBooster Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I H:\2011_20_01 - Laptop\Benutzer\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\556445eb-3d8d10ac Java/TrojanDownloader.Agent.NBL Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I H:\2011_20_01 - Laptop\Benutzer\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-51ef1a57 Java/TrojanDownloader.Agent.NBK Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I H:\2011_20_01 - Laptop\Laufwerk D\Sicherung\Musik-Video-Programme\Nero-9.4.12.3_free.exe Win32/Toolbar.AskSBar Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I H:\2011_20_01 - Laptop\Laufwerk D\Sicherung\Programme_Ralf\RegistryBooster20104.6.3.0.rar Variante von Win32/RegistryBooster Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I H:\2011_08_30 - PC\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\13\53b3d6cd-6313d019 Mehrere Bedrohungen (Säubern nicht möglich) 00000000000000000000000000000000 I H:\2011_08_30 - PC\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\24\6bc5ba98-5f97644e Java/TrojanDownloader.Agent.NCH Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I H:\2011_08_30 - PC\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\33\30feb821-5379d1bf Mehrere Bedrohungen (Säubern nicht möglich) 00000000000000000000000000000000 I H:\2011_08_30 - PC\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52\31bba1f4-66f5f511 möglicherweise Variante von Win32/Agent.DYXWUMY Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I H:\2011_08_30 - PC\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\59\268abc7b-7fcbaa94 Mehrere Bedrohungen (Säubern nicht möglich) 00000000000000000000000000000000 I H:\2011_08_30 - PC\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\60\7d998d3c-4ecd27a8 Java/TrojanDownloader.OpenStream.NBL Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I H:\2011_08_30 - PC\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9\58413909-762dde06 Mehrere Bedrohungen (Säubern nicht möglich) 00000000000000000000000000000000 I H:\Daten-Sicherung\Sicherung\Sicherung\Musik-Video-Programme\Nero-9.4.12.3_free.exe Win32/Toolbar.AskSBar Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I H:\Daten-Sicherung\Sicherung\Sicherung\Programme_Ralf\RegistryBooster20104.6.3.0.rar Variante von Win32/RegistryBooster Anwendung (Säubern nicht möglich) 00000000000000000000000000000000 I ---------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2011 12:26:26 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,99% Memory free 6,18 Gb Paging File | 5,15 Gb Available in Paging File | 83,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,57 Gb Total Space | 75,11 Gb Free Space | 67,33% Space Free | Partition Type: NTFS Drive D: | 111,55 Gb Total Space | 11,18 Gb Free Space | 10,02% Space Free | Partition Type: NTFS Drive H: | 1396,92 Gb Total Space | 1065,33 Gb Free Space | 76,26% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll () MOD - C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\System32\igfxTMM.dll () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51071 FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A849242-C05C-445C-A053-2758C3A5F338}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0b5aa3b0-12ae-11e1-96f8-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{0b5aa3b0-12ae-11e1-96f8-000000000000}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0b5aa3d2-12ae-11e1-96f8-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{0b5aa3d2-12ae-11e1-96f8-000000000000}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.22 12:25:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.11.22 12:24:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2011.11.19 21:36:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss [2011.11.19 21:36:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2011.11.19 21:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.11.19 21:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2011.11.19 14:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner [2011.11.19 14:24:41 | 000,621,056 | R--- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys [2011.11.19 14:24:41 | 000,113,152 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2011.11.19 14:24:41 | 000,101,760 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2011.11.19 14:24:41 | 000,023,424 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2011.11.19 14:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Partner [2011.11.19 14:18:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_deu.exe [2011.11.18 11:20:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.11.18 11:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.18 11:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.18 11:19:32 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.18 11:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.17 14:28:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Seven Zip [2011.11.17 13:39:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.11.17 13:29:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2011.11.17 13:14:12 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2011.11.17 13:14:12 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2011.11.17 13:14:11 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2011.11.17 13:14:11 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.11.17 13:14:11 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2011.11.17 13:14:11 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2011.11.17 13:14:10 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2011.11.17 13:14:08 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.11.17 13:09:38 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.11.17 13:09:33 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2011.11.17 13:09:30 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2011.11.17 13:07:33 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2011.11.17 13:06:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.11.17 13:05:51 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.11.17 13:05:51 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.11.17 13:05:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.11.17 13:05:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.11.17 13:05:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.11.17 13:05:48 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.11.17 13:05:48 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.11.17 13:05:48 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.11.17 13:05:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.11.17 13:05:48 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.11.17 13:05:44 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.11.17 13:05:44 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.11.17 13:05:44 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.11.17 13:05:44 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.11.17 13:05:43 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.11.17 12:47:27 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll [2011.11.17 12:47:27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll [2011.11.17 12:47:24 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011.11.17 12:47:24 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2011.11.17 12:47:23 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.11.17 12:47:20 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll [2011.11.17 12:47:17 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll [2011.11.17 12:47:17 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.11.17 12:47:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.11.17 12:46:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2011.11.17 12:46:48 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2011.11.17 12:46:44 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2011.11.17 12:46:44 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2011.11.17 12:46:44 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2011.11.17 12:46:44 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2011.11.17 12:46:44 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2011.11.17 12:46:44 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2011.11.17 12:46:44 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2011.11.17 12:46:44 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2011.11.17 12:46:44 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2011.11.17 12:46:31 | 002,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.11.17 12:46:30 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2011.11.17 12:46:30 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll [2011.11.17 12:46:30 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe [2011.11.17 12:46:23 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.11.17 12:46:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.11.17 12:46:21 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll [2011.11.17 12:46:10 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2011.11.17 12:46:06 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2011.11.17 12:46:02 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.11.17 12:46:02 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.11.17 12:46:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2011.11.17 12:45:45 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2011.11.17 12:45:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2011.11.17 12:45:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2011.11.17 12:45:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2011.11.17 12:45:43 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.11.17 12:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2011.11.17 12:17:29 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll [2011.11.17 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2011.11.17 12:16:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2011.11.17 12:16:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\E99D1 [2011.11.17 12:16:23 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2011.11.17 12:16:23 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2011.11.17 12:16:11 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2011.11.17 12:16:11 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2011.11.17 12:16:10 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2011.11.17 12:16:04 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2011.11.17 12:16:04 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2011.11.17 12:16:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\240E9 [2011.11.17 12:15:54 | 000,000,000 | RHSD | C] -- C:\Users\***\50-8270-5705-5150 [2011.11.17 11:28:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype [2011.11.17 11:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.11.17 11:28:34 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2011.11.17 11:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011.11.17 11:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin [2011.11.17 11:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.11.17 11:18:45 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.11.17 11:18:45 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.11.17 11:18:45 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2011.11.17 11:18:45 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.11.17 11:18:45 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2011.11.17 11:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.11.17 11:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.11.15 09:36:08 | 002,777,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw4r32.dll [2011.11.15 09:36:08 | 002,252,800 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys [2011.11.15 09:36:08 | 000,745,472 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw4c32.dll [2011.11.15 09:35:30 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll [2011.11.15 09:35:30 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll [2011.11.15 09:35:30 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll [2011.11.15 09:34:25 | 003,600,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.11.15 09:34:25 | 003,549,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.11.15 09:34:25 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll [2011.11.15 09:34:06 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll [2011.11.15 09:34:06 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2011.11.15 09:32:45 | 000,885,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll [2011.11.15 09:32:07 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2011.11.15 09:31:27 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.11.15 09:31:26 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.11.15 09:31:25 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.11.15 09:30:40 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.11.15 09:30:40 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.11.15 09:30:40 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.11.15 09:30:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011.11.15 09:30:18 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.11.15 09:30:18 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011.11.15 09:28:49 | 002,032,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.11.15 09:28:33 | 000,000,000 | ---D | C] -- C:\Windows\Users [2011.11.15 09:28:27 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2011.11.15 09:28:27 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2011.11.15 09:28:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll [2011.11.15 09:28:26 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2011.11.15 09:28:26 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2011.11.15 09:28:26 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe [2011.11.15 09:28:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll [2011.11.15 09:28:26 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll [2011.11.15 09:28:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe [2011.11.15 09:26:55 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2011.11.15 09:26:47 | 000,207,368 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE [2011.11.15 09:26:40 | 000,199,176 | ---- | C] (Dritek System Inc.) -- C:\Windows\GVUni.exe [2011.11.15 09:26:21 | 000,176,128 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\UCI32M16.dll [2011.11.15 09:26:21 | 000,094,208 | ---- | C] (Conexant) -- C:\Windows\System32\mdmxsdk.dll [2011.11.15 09:26:21 | 000,008,192 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys [2011.11.15 09:26:18 | 003,293,184 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll [2011.11.15 09:26:18 | 002,555,904 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll [2011.11.15 09:26:18 | 002,392,064 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4icd32.dll [2011.11.15 09:26:18 | 001,589,248 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4dev32.dll [2011.11.15 09:26:18 | 000,526,872 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcfg.exe [2011.11.15 09:26:18 | 000,204,800 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll [2011.11.15 09:26:18 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc [2011.11.15 09:26:18 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc [2011.11.15 09:26:18 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc [2011.11.15 09:26:18 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc [2011.11.15 09:26:18 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresp.lrc [2011.11.15 09:26:18 | 000,184,320 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc [2011.11.15 09:26:18 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc [2011.11.15 09:26:18 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc [2011.11.15 09:26:18 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc [2011.11.15 09:26:18 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc [2011.11.15 09:26:18 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc [2011.11.15 09:26:18 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc [2011.11.15 09:26:18 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc [2011.11.15 09:26:18 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc [2011.11.15 09:26:18 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc [2011.11.15 09:26:18 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc [2011.11.15 09:26:18 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc [2011.11.15 09:26:18 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc [2011.11.15 09:26:18 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc [2011.11.15 09:26:18 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc [2011.11.15 09:26:18 | 000,170,520 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxzoom.exe [2011.11.15 09:26:18 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc [2011.11.15 09:26:18 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc [2011.11.15 09:26:18 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc [2011.11.15 09:26:18 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll [2011.11.15 09:26:18 | 000,131,072 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc [2011.11.15 09:26:18 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc [2011.11.15 09:26:18 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl [2011.11.15 09:26:18 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc [2011.11.15 09:26:18 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc [2011.11.15 09:26:18 | 000,102,400 | ---- | C] (Intel Corporation) -- C:\Windows\System32\hccutils.dll [2011.11.15 09:26:18 | 000,069,632 | ---- | C] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll [2011.11.15 09:26:18 | 000,047,616 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll [2011.11.15 09:26:18 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll [2011.11.15 09:26:13 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\RUNXMLPL.EXE [2011.11.15 09:26:12 | 000,000,000 | ---D | C] -- C:\Windows\Lan [2011.11.15 01:07:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2011.11.15 01:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.11.15 01:06:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\acer eNM [2011.11.15 01:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2011.11.15 01:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Acer [2011.11.15 01:02:08 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys [2011.11.15 01:02:08 | 000,014,544 | ---- | C] (EnTech Taiwan) -- C:\Windows\System32\drivers\TVicPort.sys [2011.11.15 01:02:08 | 000,013,096 | ---- | C] (Zeal SoftStudio) -- C:\Windows\System32\drivers\zntport64.sys [2011.11.15 01:02:08 | 000,008,704 | ---- | C] (EnTech Taiwan) -- C:\Windows\System32\drivers\TVicPort64.sys [2011.11.15 01:02:08 | 000,006,080 | ---- | C] (Zeal SoftStudio) -- C:\Windows\System32\drivers\zntport.sys [2011.11.15 01:01:22 | 000,368,640 | ---- | C] (Acer Inc.) -- C:\Windows\System32\CheckD2DSystem.exe [2011.11.15 01:01:22 | 000,327,680 | ---- | C] (Acer Inc.) -- C:\Windows\System32\Remove_eRecovery.exe [2011.11.15 01:01:22 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2011.11.15 00:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager [2011.11.15 00:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager [2011.11.15 00:59:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2011.11.15 00:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GridVista [2011.11.15 00:58:00 | 000,049,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxm9b0.rra [2011.11.15 00:58:00 | 000,029,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2011.11.15 00:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink [2011.11.15 00:56:15 | 000,262,144 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE [2011.11.15 00:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye [2011.11.15 00:55:57 | 000,000,000 | ---D | C] -- C:\Intel [2011.11.15 00:55:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.11.15 00:55:35 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.11.15 00:55:35 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2011.11.15 00:55:35 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.11.15 00:55:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield [2011.11.15 00:55:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2011.11.15 00:55:24 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2011.11.15 00:55:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2011.11.15 00:53:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2011.11.15 00:53:41 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2011.11.15 00:53:41 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2011.11.15 00:53:41 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2011.11.15 00:53:41 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2011.11.15 00:53:41 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2011.11.15 00:53:41 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.11.15 00:53:41 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2011.11.15 00:53:41 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2011.11.15 00:53:41 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2011.11.15 00:53:41 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2011.11.15 00:53:41 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2011.11.15 00:53:41 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2011.11.15 00:53:41 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2011.11.15 00:53:41 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2011.11.15 00:53:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2011.11.15 00:53:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2011.11.15 00:53:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.11.15 00:49:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.11.15 00:49:28 | 000,000,000 | -HSD | C] -- C:\Programme [2011.11.15 00:49:28 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2011.11.15 00:49:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.11.15 00:49:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.11.15 00:49:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.11.15 00:49:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.11.15 00:49:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.11.15 00:49:27 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.11.15 00:49:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.11.15 00:49:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.11.15 00:44:34 | 000,399,896 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\igxpun.exe [2011.11.15 00:44:34 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll [2011.11.15 00:44:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang [2011.11.15 00:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT [2011.11.15 00:42:24 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution ========== Files - Modified Within 30 Days ========== [2011.11.22 12:23:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.22 12:23:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.22 12:23:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.22 12:23:39 | 3211,169,792 | -HS- | M] () -- C:\hiberfil.sys [2011.11.22 12:12:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.11.19 21:37:52 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.19 21:37:52 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.19 21:37:52 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.19 21:37:52 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.19 21:35:50 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.11.19 21:33:46 | 000,013,824 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.19 14:25:05 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2011.11.19 14:16:16 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_deu.exe [2011.11.18 11:26:14 | 009,355,976 | ---- | M] () -- C:\Users\***\Desktop\Visitenkarte_Raster_2[1].tif [2011.11.18 11:19:38 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.17 13:47:31 | 000,001,593 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2011.11.17 13:42:37 | 000,371,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.11.17 12:18:05 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\At1.job [2011.11.17 11:38:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011.11.17 11:14:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011.11.15 09:35:30 | 012,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll [2011.11.15 09:35:30 | 002,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll [2011.11.15 09:35:30 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll [2011.11.15 09:34:25 | 003,600,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.11.15 09:34:25 | 003,549,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.11.15 09:34:25 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll [2011.11.15 09:34:06 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll [2011.11.15 09:34:06 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe [2011.11.15 09:32:45 | 000,885,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll [2011.11.15 09:32:44 | 000,009,127 | ---- | M] () -- C:\Windows\System32\RacUR.xml [2011.11.15 09:32:44 | 000,000,153 | ---- | M] () -- C:\Windows\System32\RacUREx.xml [2011.11.15 09:32:07 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys [2011.11.15 09:31:27 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.11.15 09:31:26 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.11.15 09:31:25 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.11.15 09:30:40 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.11.15 09:30:40 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.11.15 09:30:40 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011.11.15 09:30:18 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.11.15 09:30:18 | 001,695,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011.11.15 09:28:49 | 002,032,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.11.15 09:28:27 | 000,988,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2011.11.15 09:28:27 | 000,927,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2011.11.15 09:28:27 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll [2011.11.15 09:28:26 | 000,615,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2011.11.15 09:28:26 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2011.11.15 09:28:26 | 000,318,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe [2011.11.15 09:28:26 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll [2011.11.15 09:28:26 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll [2011.11.15 09:28:26 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe [2011.11.15 01:07:31 | 000,000,201 | ---- | M] () -- C:\Windows\USER.XML [2011.11.15 01:03:34 | 000,000,202 | ---- | M] () -- C:\Windows\Factory.xml [2011.11.15 00:59:47 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI [2011.11.15 00:58:57 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI [2011.11.15 00:54:06 | 000,016,078 | ---- | M] () -- C:\Windows\System32\results.xml [2011.11.15 00:47:31 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2011.11.19 21:35:50 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.11.19 14:25:05 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2011.11.18 11:27:52 | 009,355,976 | ---- | C] () -- C:\Users\***\Desktop\Visitenkarte_Raster_2[1].tif [2011.11.18 11:19:38 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.17 13:47:31 | 000,001,593 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2011.11.17 13:05:45 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.11.17 13:05:45 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.11.17 13:05:44 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.11.17 12:17:49 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\At1.job [2011.11.17 11:38:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf [2011.11.17 11:21:36 | 000,000,792 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk [2011.11.17 11:14:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011.11.15 09:36:10 | 000,001,440 | ---- | C] () -- C:\Patch2.rev [2011.11.15 09:32:44 | 000,009,127 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2011.11.15 09:32:44 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml [2011.11.15 09:26:56 | 000,005,018 | -HS- | C] () -- C:\Patch.rev [2011.11.15 09:26:21 | 000,144,201 | ---- | C] () -- C:\Windows\System32\drivers\HSFProf.cty [2011.11.15 09:26:18 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2011.11.15 09:26:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2011.11.15 09:26:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll [2011.11.15 09:26:18 | 000,025,968 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp [2011.11.15 09:26:18 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp [2011.11.15 09:26:18 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp [2011.11.15 09:26:13 | 000,000,201 | ---- | C] () -- C:\Windows\USER.XML [2011.11.15 01:11:39 | 000,013,824 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.15 01:02:08 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2011.11.15 01:01:22 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2011.11.15 01:01:22 | 000,000,552 | ---- | C] () -- C:\Windows\System32\setup.iss [2011.11.15 01:00:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2011.11.15 00:59:47 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI [2011.11.15 00:58:57 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI [2011.11.15 00:58:00 | 000,000,631 | ---- | C] () -- C:\Windows\PDVD.iss [2011.11.15 00:58:00 | 000,000,631 | ---- | C] () -- C:\PDVD.iss [2011.11.15 00:56:15 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2011.11.15 00:56:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.11.15 00:56:15 | 000,004,838 | ---- | C] () -- C:\Windows\Suyin.reg [2011.11.15 00:56:15 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2011.11.15 00:55:37 | 000,000,953 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.11.15 00:55:34 | 000,000,948 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011.11.15 00:55:23 | 000,000,919 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2011.11.15 00:54:06 | 000,016,078 | ---- | C] () -- C:\Windows\System32\results.xml [2011.11.15 00:46:23 | 3211,169,792 | -HS- | C] () -- C:\hiberfil.sys [2011.11.15 00:44:34 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNBR.bmp [2011.11.15 00:44:34 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp [2008.03.28 09:16:44 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.28 04:37:20 | 000,618,430 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.03.28 04:37:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.03.28 04:37:20 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.03.28 04:37:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.03.28 04:27:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.03.28 04:26:55 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.03.28 04:26:55 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.03.28 04:26:54 | 000,000,040 | ---- | C] () -- C:\Windows\Prelaunch.ini [2008.03.27 19:57:46 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.03.27 19:57:46 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2008.01.21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,371,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2011.11.18 12:06:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\240E9 [2011.11.18 12:06:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\E99D1 [2011.11.17 12:18:05 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\At1.job [2011.11.19 22:39:47 | 000,013,358 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
23.11.2011, 16:28 | #3 |
| Nur noch Verknüpfungen auf USB-Stick/CF-Karten OTL Extras logfile created on: 22.11.2011 12:26:28 - Run 1
__________________OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,99% Memory free 6,18 Gb Paging File | 5,15 Gb Available in Paging File | 83,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,57 Gb Total Space | 75,11 Gb Free Space | 67,33% Space Free | Partition Type: NTFS Drive D: | 111,55 Gb Total Space | 11,18 Gb Free Space | 10,02% Space Free | Partition Type: NTFS Drive H: | 1396,92 Gb Total Space | 1065,33 Gb Free Space | 76,26% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2C1F744A-D067-49F6-81D2-3647AFFC18FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5B6D6A71-A9B9-450B-9DC7-7C6E7B2D7B75}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8 "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "GridVista" = Acer GridVista "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow "InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers. "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mobile Partner" = Mobile Partner "Pidgin" = Pidgin "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.0.1 ========== Last 10 Event Log Errors ==========% Geändert von Fiz (23.11.2011 um 16:34 Uhr) |
Themen zu Nur noch Verknüpfungen auf USB-Stick/CF-Karten |
anti-malware, daten retten, downloader, eset, explorer, falsch, fehler, folge, foren, formatierung, forum, gen, internet, laptop, malwarebytes, neu, nicht mehr, onlinescan, rechner, scan, version, virus, vista, windows, windows vista, öffnen |