| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: virus banker gen2 eset online scanWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.12.2011, 11:44
| #1 |
 |  virus banker gen2 eset online scan Hallo. Virenproblem mit dem Banker Gen2. Habe wie im Board beschrieben Eset online Search durchgeführt. Hier das Ergebniss: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b869335c32c821449ec80bf0a3816f0f # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-02 10:22:38 # local_time=2011-12-02 11:22:38 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775165 100 94 5407 59343245 3979 0 # compatibility_mode=5892 16776574 100 100 5384 160344110 0 0 # compatibility_mode=8192 67108863 100 0 4548 4548 0 0 # scanned=176110 # found=3 # cleaned=0 # scan_time=9976 C:\Users\Computer\AppData\Roaming\virus.dll a variant of Win32/Spy.Banker.WYC trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Computer\Downloads\SoftonicDownloader_fuer_divx-plus.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\Computer\Downloads\SoftonicDownloader_fuer_vista-codec-package.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I Rechner Acer Aspire 8920g Vista Home Grüße, Future |
|
02.12.2011, 11:49
| #2 |
| /// Malware-holic   | virus banker gen2 eset online scan hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
02.12.2011, 12:43
| #3 |
| | virus banker gen2 eset online scan OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 02.12.2011 12:12:33 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Computer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,34% Memory free
7,59 Gb Paging File | 6,66 Gb Available in Paging File | 87,81% Paging File free
Paging file location(s): c:\pagefile.sys 4800 7500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 21,57 Gb Free Space | 7,24% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 7,39 Gb Total Space | 7,02 Gb Free Space | 94,92% Space Free | Partition Type: FAT32
Computer Name: ACERASPIRE | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A132B17-AF00-40CB-BF39-9E9E0B7E65CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AC80822-0307-4FBF-B423-2E27DA320155}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{2D130FB9-7CD7-45B3-BF79-D834F2146846}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{2F497C6D-9330-4DF6-A71F-869BC3712633}" = lport=1701 | protocol=17 | dir=in | app=system |
"{341B1B61-22FD-43E7-9173-ECFF8193EFA1}" = rport=1723 | protocol=6 | dir=out | app=system |
"{345AE3FC-AC53-4FCA-B88E-D72ECB919368}" = rport=1701 | protocol=17 | dir=out | app=system |
"{36F96840-BC21-4097-A20D-7955F0711ECA}" = lport=1723 | protocol=6 | dir=in | app=system |
"{40A7A7D9-0BFD-4200-B3F5-5ECECD2E503A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{42F3A429-4A33-439C-88DF-E3441504B9C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{4534B612-EAF9-4114-A836-EF45BF311716}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{50C1D2B1-A07B-44A8-9AE9-77DBB3924AEB}" = lport=445 | protocol=6 | dir=in | app=system |
"{51AEA843-D0DE-49E6-87F0-F7F13326A484}" = lport=445 | protocol=6 | dir=in | app=system |
"{52C6E056-E166-434E-888A-9B7EF0E93052}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{53F5B8AB-A259-467F-AB48-5A04B1262A4B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{5E397511-1F69-477F-8A85-C6B9836A9A67}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{624FC77F-58B6-4E99-92EB-58D8517A256D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{66597EB9-B964-448C-914B-9AEDA9C2880F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A8BA896-00EE-455D-B4AA-5A152A35F022}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6C846FBC-1E35-436E-8DA5-C950332B5EC9}" = lport=445 | protocol=6 | dir=in | app=system |
"{70455104-C8AA-46A4-A09D-FE407DEC609B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8A28259B-5171-47C4-BB5C-C617CAA6D1F5}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{8A28ECDB-3F08-430F-B3E2-54DB8B90DB82}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{A972D3AF-FC9E-43A6-8749-0FC7B750CD9B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9F0FFE7-BB30-4B0C-8A5E-1EA9ACC03855}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{AC45E2D6-5DFA-4916-BB01-EE2F3A429C04}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{BF0A5E09-2482-4EBA-AD6C-AE447E8947C8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C687AFF5-9D3E-41B6-A60F-4465708E62C0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E7D7DAC6-04F8-4F75-AB7A-3ED9040F0AFF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BD6FA0-6986-47D6-8496-50DDDD8E49C1}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{01D9A7ED-12C8-41C5-B8BA-DEAE7E6F8482}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{090AB081-3AD3-47F7-AA73-8C9467BDFB77}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{2662F3A3-6A36-4F42-8D9A-49867FFD9522}" = protocol=17 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe |
"{2B036B52-512B-41AE-B259-84994FA6DBB8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{307080F8-F267-4242-8BFE-A7C0726C9CCC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{49E7C65E-6B52-4F1A-ABF4-BCE027275ECF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{4C725360-6738-4C8D-B9D9-900D8D3BB5D3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{6AC2BE6D-C85E-41F7-A8B3-3E27EAFA2E35}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{6C665561-DDA9-4E98-9532-AF13115E1702}" = protocol=6 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe |
"{6CAACFB8-40B9-453E-94D3-9517AAC6FEA3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7DD45B2F-2831-4175-BCFF-C1034A651170}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{80A90816-7FB6-449E-BA3B-A6F99A919EDA}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{8178C27D-6245-4102-9B82-FF665F0C9F47}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{85D75BC6-C4E4-406F-A713-0F22E1DD6D01}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{8D8EDE60-F036-4B3D-93D1-67C2B43B9F2A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8F2B5455-7A9F-4D04-BE42-6A1090FB0FCC}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{9B25DF26-A70E-469E-9089-9DFC9FFE9649}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A9537E2A-E978-47FD-874D-755A909FB2E4}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{AC4B8717-3543-47A7-9413-7331401A6AA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B81664A4-DF0E-47D6-8B25-DE83D49F7E10}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{CD3B8290-C059-4457-96B6-530BA7037345}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{D26AB9D1-DA7D-4DFE-B9E2-7C0458AEEFE8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D6E1ED9D-9E98-4B4B-8485-437787B7170D}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D7A67C3E-EED0-4DDA-92A1-03D614A24814}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E7302875-2C29-446C-B956-62E78558CC7C}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F2EFC2ED-2326-48AB-8F9E-011684A9B914}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6A25383-B327-459D-9494-B6C63FB62082}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F9C417A6-B640-4A4B-AC80-6DE44077BEE2}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"TCP Query User{194450B1-782D-405A-8178-8331C70E4CE9}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{6B4795D5-037E-4336-9D7D-A07984478543}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6C1E483B-2516-4244-987C-D3A50B4D2F88}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{7D80725A-7FD2-4CBA-AF28-E6EC68ED9687}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{E426949C-7FDF-4A04-BE3E-05107B3A0B27}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{2F68A37E-5915-430A-8449-6A1729D4588F}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{352614D9-47B0-4E34-BBDF-0B4F8D81CD44}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{3C7637C6-70C0-486C-8D7B-A1525F033A36}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C934A9CF-EB8F-4B5D-97C6-F95C72BB0775}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{CCE17C32-7F6B-47AF-B9B8-5FA6D63AB808}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}" = Catalyst Control Center - Branding
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A1984C3-5036-5B5F-F18E-16453EF5A6E1}" = Catalyst Control Center Localization Swedish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{155BBB23-C7A5-223C-3B33-289089D6E0A2}" = Catalyst Control Center Localization Finnish
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19B4BDE9-0F2B-44FF-FDC4-987E1B33D03C}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24F149E4-D897-9046-48A5-87CD67F81865}" = CCC Help Polish
"{25C1AF96-1F59-A1CE-3135-B38AFAA5C614}" = CCC Help Czech
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{26E2E4FB-F26A-549E-5496-14BAE4E2BA67}" = Catalyst Control Center Graphics Full Existing
"{27B7371A-7AA2-CC5B-6377-72161660F0BE}" = CCC Help Chinese Traditional
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29F3D466-E05F-CBB6-63E9-01C85C083FCD}" = CCC Help French
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{2CB2E1AE-B62A-3F43-9DD0-EF73467977AC}" = Catalyst Control Center Localization Hungarian
"{30BDD0BE-6A51-6DDD-197D-EFCE3B0EF79D}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{358C26F2-5B99-A7E9-18CF-2AE6BC97289B}" = Catalyst Control Center Localization Czech
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C277F75-605E-BFFE-4F87-27709C92370C}" = Catalyst Control Center Localization Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD4AA8B-3C63-26AB-1CA3-010475A9EA72}" = CCC Help Portuguese
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5262BAD6-5AB7-1490-A65C-D06368F07FF1}" = Catalyst Control Center Localization Italian
"{53F44183-B716-8D7D-053E-CB8039B38E74}" = CCC Help Hungarian
"{5539EBB1-4BB9-21E5-921B-16E8886639D3}" = Catalyst Control Center Localization Chinese Traditional
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A89D38C-B9FE-ECFF-B90E-B9DEC8C8F2D8}" = Catalyst Control Center Localization Greek
"{5B1519C1-265C-C636-C414-F1E150B4F0AA}" = CCC Help Turkish
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6184B5A4-1355-A8D6-CE24-8F7EE887CBF3}" = CCC Help Norwegian
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{650BDC60-79C7-383B-2E9C-B8FF3909A127}" = Catalyst Control Center Localization Spanish
"{653F6FEA-643C-457F-774A-64D4DAAE1028}" = Catalyst Control Center Graphics Previews Vista
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{790DA23A-126B-91A9-FAB7-13EF66724253}" = CCC Help Swedish
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7DBDAAAB-8639-B59D-798A-32458B7380F9}" = Catalyst Control Center Localization Norwegian
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E96828D-B970-B1A9-3D9F-7EC3624785D0}" = Catalyst Control Center Localization German
"{7ECBF19A-78EC-1665-7E1C-B3E92B07F7CC}" = CCC Help Japanese
"{80C1F369-F876-3D19-7816-B7800E7A6961}" = CCC Help Greek
"{827CFE4D-8687-9E1E-0A72-587BFF0B0D3A}" = CCC Help Thai
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF60AF6-B109-D3A4-4367-B3620CBA37A7}" = CCC Help Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ED61802-0F47-F846-FA23-67CE3E4BD427}" = CCC Help Italian
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.5
"{A79CB508-2DD7-F717-8787-C6382C274082}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AACF5D06-EF3A-1941-3492-1E60589CA444}" = ccc-utility
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE2C968B-8A14-ABA2-D742-14E575104BCD}" = Catalyst Control Center Localization Korean
"{B6988D5B-4325-F1F7-B0E5-C4CCCD01E6B8}" = Catalyst Control Center Localization Thai
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B734B040-25BB-02CA-39BD-FD6D070EDDAB}" = Catalyst Control Center Localization Danish
"{B86EE516-7CB4-E4C3-8382-010D4F2807F5}" = CCC Help Korean
"{BB01F512-272A-3C70-DA60-884C8BBC39DD}" = Catalyst Control Center Localization Chinese Standard
"{BCB0CE1E-7510-3948-4834-99BBA689CF62}" = Catalyst Control Center Core Implementation
"{BD5106DF-C061-5736-F1A5-F114BAA63759}" = CCC Help Russian
"{C03A43DF-CEE0-6D82-D2D3-781CCE1FC24E}" = Catalyst Control Center Localization Japanese
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C76DAFAE-5E59-44AB-2764-70BC79E0D4B2}" = Skins
"{C8256DAF-828E-7E91-FB83-D900AA8E3C86}" = CCC Help Danish
"{C9429012-1CBE-E0CA-0955-CC53E0F2115F}" = CCC Help Chinese Standard
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB9B619A-EEA1-BFAB-6CA5-1FC655E2A0DA}" = Catalyst Control Center Localization Turkish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D013644E-F890-49A4-0DE9-8E4BBD18A406}" = ATI Catalyst Install Manager
"{D1BA1F1C-D88B-405D-953F-D7074B65453D}" = DTV
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7C49EC6-4DEA-7A7A-860D-78D613C68B8C}" = ccc-core-static
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08C03D7-AE05-0458-2D14-78F219316933}" = Catalyst Control Center Localization Dutch
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E4FD0200-A7DB-2D5A-B5B1-DBC0A184C9B2}" = Catalyst Control Center Localization Russian
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9BA4A79-BD4C-52E3-F34F-85B1CC62EE15}" = Catalyst Control Center Localization Polish
"{E9D20FA4-7CA6-F243-A503-CA961CCD2277}" = CCC Help Spanish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF9E54C1-2D5F-DDA8-8E7B-0CD3EF89C8E4}" = Catalyst Control Center Localization French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5A630D4-3D7D-6EEC-5DAE-41835DC0A1DA}" = Catalyst Control Center Graphics Full New
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FD2B6E20-5344-07B4-C210-B57611E02906}" = CCC Help Dutch
"{FF68083C-E11E-4A91-B54B-CD72AB5A0CF5}" = ArcSoft TotalMedia 3
"Acer Acer Bio Protection 6.0.00.13" = Acer Bio Protection
AAV 6.0.00.13
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVerMedia A309 (MiniCard, DVB-T)" = AVerMedia A309 (MiniCard, DVB-T) 1.0.0.40
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"E-PlusGruppeOnlineConnect" = E-PlusGruppeOnlineConnect
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLV Player" = FLV Player 2.0 (build 25)
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.0.3.324
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"JonDoUninstall" = JonDo
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.13)" = Mozilla Thunderbird (3.1.13)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.0
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV
"Veoh Web Player Beta" = Veoh Web Player
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.5
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== Last 10 Event Log Errors ==========
[ System Events ]
Error - 30.11.2011 05:58:43 | Computer Name = AcerAspire | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
001F3B18960B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 30.11.2011 18:47:30 | Computer Name = AcerAspire | Source = DCOM | ID = 10010
Description =
Error - 30.11.2011 19:32:07 | Computer Name = AcerAspire | Source = Service Control Manager | ID = 7009
Description =
Error - 30.11.2011 19:32:07 | Computer Name = AcerAspire | Source = Service Control Manager | ID = 7000
Description =
Error - 30.11.2011 19:37:16 | Computer Name = AcerAspire | Source = Service Control Manager | ID = 7022
Description =
Error - 30.11.2011 21:07:30 | Computer Name = AcerAspire | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.6 für die Netzwerkkarte mit der Netzwerkadresse
001F3B18960B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 01.12.2011 02:21:32 | Computer Name = AcerAspire | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
001F3B18960B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 02.12.2011 03:07:28 | Computer Name = AcerAspire | Source = Service Control Manager | ID = 7009
Description =
Error - 02.12.2011 03:07:28 | Computer Name = AcerAspire | Source = Service Control Manager | ID = 7000
Description =
Error - 02.12.2011 03:12:42 | Computer Name = AcerAspire | Source = Service Control Manager | ID = 7022
Description =
< End of report >
|
|
02.12.2011, 12:47
| #4 |
| | virus banker gen2 eset online scan OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.12.2011 12:12:33 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Computer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,34% Memory free 7,59 Gb Paging File | 6,66 Gb Available in Paging File | 87,81% Paging File free Paging file location(s): c:\pagefile.sys 4800 7500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 21,57 Gb Free Space | 7,24% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive E: | 7,39 Gb Total Space | 7,02 Gb Free Space | 94,92% Space Free | Partition Type: FAT32 Computer Name: ACERASPIRE | User Name: Computer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Computer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Verbindungsassistent\WTGService.exe () PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\ACER\Mobility Center\MobilityService.exe () PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3050.37261__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3050.37221__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3050.37274__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3050.37253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3050.37240__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3050.37446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3050.37411__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3050.37370__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3050.37475__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3050.37482__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3050.37425__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3050.37234__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3050.37241__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3050.37293__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3050.37281__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3050.37372__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3050.37365__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3050.37405__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3050.37371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3050.37377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3050.37404__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3050.37467__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3050.37466__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3050.37493__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3050.37228__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3050.37248__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3050.37214__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3050.37215__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3050.37213__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3050.37213__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3050.37467__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Windows\System32\btwhidcs.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TGCM_ImportWiFiSvc) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe () SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation) DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech ) DRV - (massfilter_hs) -- C:\Windows\System32\drivers\massfilter_hs.sys (ZTE Incorporated) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=1" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..keyword.URL: ".de" FF - prefs.js..keyword.enabled: false FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.15 08:43:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.27 21:07:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.13\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.04 17:19:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.13\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.06.17 17:37:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Computer\AppData\Roaming\5052 [2011.12.01 14:02:32 | 000,000,000 | ---D | M] [2010.09.05 10:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions [2010.09.05 10:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.06.23 19:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2011.06.23 19:17:47 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2011.06.23 19:17:46 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008} [2011.06.23 19:17:47 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.06.23 19:17:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.06.23 19:17:50 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2011.06.23 19:17:50 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach [2011.10.25 09:11:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\u3aui6vu.default\extensions [2010.08.20 07:08:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\u3aui6vu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.15 08:45:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\u3aui6vu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.09.27 21:21:04 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\u3aui6vu.default\extensions\firefox@tvunetworks.com [2011.04.15 08:45:04 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\u3aui6vu.default\extensions\foxyproxy@eric.h.jung [2010.12.27 17:04:20 | 000,001,617 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\u3aui6vu.default\searchplugins\ixquick-https---deutsch.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\u3aui6vu.default\searchplugins\startsear.xml [2011.06.23 19:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.03 12:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.06.23 19:38:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.06.23 19:38:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.12.01 14:02:32 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\COMPUTER\APPDATA\ROAMING\5052 () (No name found) -- C:\USERS\COMPUTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U3AUI6VU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\COMPUTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U3AUI6VU.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2011.03.18 18:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.06.23 19:37:30 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Computer\AppData\Local\Google\Chrome\Application\10.0.648.204\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Computer\AppData\Local\Google\Chrome\Application\10.0.648.204\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Computer\AppData\Local\Google\Chrome\Application\10.0.648.204\gears.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.174 80.69.100.182 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{546D862A-BADB-4685-8C8A-B4B7127CE71F}: DhcpNameServer = 80.69.100.174 80.69.100.182 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB26396C-0138-4BB2-A64B-C7DD8EB7CE88}: DhcpNameServer = 80.69.100.174 80.69.100.182 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Users\Computer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Computer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1d3c2fd0-28bd-11e0-982c-00a0d1a89246}\Shell - "" = AutoRun O33 - MountPoints2\{1d3c2fd0-28bd-11e0-982c-00a0d1a89246}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{1d3c2fd1-28bd-11e0-982c-00a0d1a89246}\Shell - "" = AutoRun O33 - MountPoints2\{1d3c2fd1-28bd-11e0-982c-00a0d1a89246}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{40e6293b-a6f5-11df-90d1-00a0d1a89246}\Shell - "" = AutoRun O33 - MountPoints2\{40e6293b-a6f5-11df-90d1-00a0d1a89246}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1 O33 - MountPoints2\{51188bf7-943f-11e0-b28d-001fe2f077a9}\Shell - "" = AutoRun O33 - MountPoints2\{51188bf7-943f-11e0-b28d-001fe2f077a9}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe O33 - MountPoints2\{d3da64f9-be53-11df-a3e1-00a0d1a89246}\Shell - "" = AutoRun O33 - MountPoints2\{d3da64f9-be53-11df-a3e1-00a0d1a89246}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d3da6514-be53-11df-a3e1-00a0d1a89246}\Shell - "" = AutoRun O33 - MountPoints2\{d3da6514-be53-11df-a3e1-00a0d1a89246}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk - C:\Programme\MSI\ArcSoft\TotalMedia\TMMonitor.exe - (ArcSoft, Inc.) MsConfig - StartUpFolder: C:^Users^Computer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: BkupTray - hkey= - key= - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: DTVRemote - hkey= - key= - C:\Program Files\DTV\RemoteControl.exe () MsConfig - StartUpReg: eAudio - hkey= - key= - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= - File not found MsConfig - StartUpReg: Google Update - hkey= - key= - File not found MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: NHTLLKIE - hkey= - key= - File not found MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: phonostarTimer - hkey= - key= - C:\Programme\phonostar-Player\phonostarTimer.exe () MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) MsConfig - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: UIExec - hkey= - key= - File not found MsConfig - StartUpReg: Userinit - hkey= - key= - File not found MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: ZPdtWzdVitaKey MC3000 - hkey= - key= - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.02 11:58:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe [2011.12.02 08:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.01 14:02:30 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\5052 [2011.11.29 23:03:27 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Neuer Ordner [2011.11.28 18:21:03 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\5051 [2011.11.25 23:30:12 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\5050 [2011.11.19 14:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.19 14:42:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.02.04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll [2 C:\Users\Computer\AppData\Roaming\*.tmp files -> C:\Users\Computer\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.02 12:17:40 | 003,407,872 | -HS- | M] () -- C:\Users\Computer\ntuser.dat [2011.12.02 12:06:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.02 12:06:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.02 11:58:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Desktop\OTL.exe [2011.12.02 11:36:16 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.02 08:13:44 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.02 08:13:43 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.02 08:13:43 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.02 08:13:42 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011.12.02 08:13:42 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.02 08:06:40 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.02 08:06:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011.12.02 08:06:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.02 08:06:17 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2011.12.02 08:05:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.12.02 08:05:18 | 000,524,288 | -HS- | M] () -- C:\Users\Computer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2011.12.02 08:05:18 | 000,065,536 | -HS- | M] () -- C:\Users\Computer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.12.02 08:05:17 | 003,949,374 | -H-- | M] () -- C:\Users\Computer\AppData\Local\IconCache.db [2011.12.02 07:29:52 | 000,001,906 | ---- | M] () -- C:\Users\Computer\Desktop\Entfernen des Avira DE-Cleaners.lnk [2011.12.02 07:29:52 | 000,001,835 | ---- | M] () -- C:\Users\Computer\Desktop\Avira DE-Cleaner.lnk [2011.12.01 22:29:33 | 000,000,072 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\blckdom.res [2011.12.01 20:24:00 | 000,225,792 | ---- | M] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.09 17:29:23 | 000,015,755 | ---- | M] () -- C:\Users\Computer\Documents\lebenslauf.odt_0.odt [2011.11.09 12:01:29 | 000,018,643 | ---- | M] () -- C:\Users\Computer\Documents\untitled_1.odt [2011.11.03 10:19:29 | 000,000,897 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2 C:\Users\Computer\AppData\Roaming\*.tmp files -> C:\Users\Computer\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.02 07:29:52 | 000,001,906 | ---- | C] () -- C:\Users\Computer\Desktop\Entfernen des Avira DE-Cleaners.lnk [2011.12.02 07:29:52 | 000,001,835 | ---- | C] () -- C:\Users\Computer\Desktop\Avira DE-Cleaner.lnk [2011.12.01 11:10:44 | 000,326,608 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\virus.dll [2011.11.10 16:13:12 | 000,018,643 | ---- | C] () -- C:\Users\Computer\Documents\untitled_1.odt [2011.11.10 16:13:12 | 000,015,755 | ---- | C] () -- C:\Users\Computer\Documents\lebenslauf.odt_0.odt [2011.10.23 00:10:22 | 000,000,072 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\blckdom.res [2011.09.29 05:54:21 | 000,000,031 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\urhtps.dat [2011.06.30 18:56:29 | 000,000,000 | ---- | C] () -- C:\Users\Computer\AppData\Local\{104B72C3-9ED6-478F-9436-EBF00293B7B2} [2011.03.08 17:44:14 | 000,000,897 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.03.08 17:44:14 | 000,000,163 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.03.08 17:44:14 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2011.03.08 17:41:14 | 000,000,467 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.03.08 17:41:14 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.03.08 17:31:28 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2011.03.08 17:31:27 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011.03.08 17:31:25 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2011.03.08 17:27:31 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2011.03.08 16:56:15 | 000,192,512 | RHS- | C] () -- C:\Users\Computer\AppData\Roaming\NTDOS411N.dll [2011.01.20 00:45:51 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.01.19 20:12:50 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2011.01.05 01:42:22 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2011.01.05 01:42:22 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2010.12.19 16:04:48 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2010.10.08 18:00:22 | 003,949,374 | -H-- | C] () -- C:\Users\Computer\AppData\Local\IconCache.db [2010.09.07 20:31:07 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2010.09.05 11:37:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.09.05 09:36:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.09.02 00:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.08.22 15:23:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.20 21:41:35 | 000,225,792 | ---- | C] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.20 01:38:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.20 01:38:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.08.20 01:37:43 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2010.08.19 15:30:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.08.19 14:53:42 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.08.19 14:53:42 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2010.08.19 14:53:41 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2010.08.19 14:48:54 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2010.08.19 14:44:10 | 000,078,488 | ---- | C] () -- C:\Users\Computer\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.14 02:14:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.08.13 18:45:33 | 000,000,680 | ---- | C] () -- C:\Users\Computer\AppData\Local\d3d9caps.dat [2010.06.23 12:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.06.23 12:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.09.12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.05.16 06:50:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.05.16 06:50:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.05.16 06:50:44 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.05.16 06:50:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.03.28 20:22:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.03.28 20:22:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.03.28 19:29:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.03.28 19:25:31 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.03.28 19:21:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.03.28 19:19:46 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.03.28 11:58:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.01.21 08:16:22 | 001,445,310 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.01.21 03:24:38 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007.04.24 17:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,322,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006.11.02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006.11.02 11:23:31 | 000,000,144 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 08:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe [2006.11.02 08:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2006.11.02 08:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2006.11.02 08:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2006.11.02 08:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2006.11.02 08:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2006.11.02 08:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2006.11.02 08:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2006.11.02 08:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2006.11.02 08:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2006.11.02 08:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2006.11.02 08:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2006.11.02 08:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2006.11.02 08:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2006.11.02 08:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2006.11.02 08:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2006.11.02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006.11.02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006.11.02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006.11.02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006.11.02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006.11.02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006.11.02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006.11.02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006.11.02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006.11.02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006.11.02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006.11.02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006.11.02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006.11.02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006.11.02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006.11.02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2011.11.25 23:30:12 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\5050 [2011.11.28 18:21:04 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\5051 [2011.12.01 14:02:32 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\5052 [2010.08.19 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Acer [2008.03.28 19:43:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Acer GameZone Console [2010.12.17 02:32:25 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\BitTorrent [2011.04.03 15:18:33 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Canneverbe Limited [2011.04.04 10:51:43 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DVDVideoSoft [2011.07.09 19:05:08 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\E-PlusGruppeOnlineConnect [2010.09.05 09:31:52 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\eSobi [2011.06.23 20:53:17 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\JonDo [2011.09.27 22:46:33 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\kock [2011.06.15 12:02:53 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\LG Electronics [2011.01.13 12:21:04 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OpenOffice.org [2011.09.27 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\PC-FAX TX [2010.09.10 00:08:42 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\phonostar GmbH [2011.04.18 11:48:43 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ScanSoft [2011.07.09 17:46:07 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Telefónica [2010.09.05 10:15:03 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Thunderbird [2011.09.28 16:27:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\UAs [2010.08.19 14:48:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Validity [2011.07.09 17:31:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Verbindungsassistent [2010.12.03 12:18:53 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\VistaCodecs [2011.11.29 12:08:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\xmldm [2011.12.02 08:05:26 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.08.19 14:45:12 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.08.19 15:49:14 | 000,000,000 | ---D | M] -- C:\ACER [2008.03.28 20:23:59 | 000,000,000 | ---D | M] -- C:\book [2010.10.13 19:06:36 | 000,000,000 | -HSD | M] -- C:\Boot [2011.11.21 23:38:22 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.08.19 14:40:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.03.28 19:12:56 | 000,000,000 | ---D | M] -- C:\Intel [2011.02.18 14:32:29 | 000,000,000 | ---D | M] -- C:\LXKZ53 [2008.03.28 19:45:25 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.02 08:20:34 | 000,000,000 | R--D | M] -- C:\Program Files [2011.09.27 21:21:08 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.08.19 14:40:28 | 000,000,000 | -HSD | M] -- C:\Programme [2011.06.15 12:06:48 | 000,000,000 | ---D | M] -- C:\Sounds [2011.12.02 12:15:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.08.19 14:43:56 | 000,000,000 | R--D | M] -- C:\Users [2011.12.02 07:43:36 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 21:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2007.09.29 21:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2007.09.29 21:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 21:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2008.05.08 15:14:38 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2011.04.15 10:03:59 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll < %USERPROFILE%\*.* > [2011.12.02 12:17:40 | 003,407,872 | -HS- | M] () -- C:\Users\Computer\ntuser.dat [2011.12.02 12:17:39 | 000,262,144 | -H-- | M] () -- C:\Users\Computer\ntuser.dat.LOG1 [2010.08.19 14:43:57 | 000,000,000 | -H-- | M] () -- C:\Users\Computer\ntuser.dat.LOG2 [2011.12.02 08:05:18 | 000,065,536 | -HS- | M] () -- C:\Users\Computer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.12.02 08:05:18 | 000,524,288 | -HS- | M] () -- C:\Users\Computer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.08.19 15:44:01 | 000,524,288 | -HS- | M] () -- C:\Users\Computer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.08.19 14:43:59 | 000,000,020 | -HS- | M] () -- C:\Users\Computer\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
02.12.2011, 13:17
| #5 |
| /// Malware-holic | virus banker gen2 eset online scan hi achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2011.12.01 14:02:30 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\5052
[2011.11.28 18:21:03 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\5051
[2011.11.25 23:30:12 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\5050
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.12.2011, 13:29
| #6 |
| | virus banker gen2 eset online scan All processes killed ========== OTL ========== C:\Users\Computer\AppData\Roaming\5052\components folder moved successfully. C:\Users\Computer\AppData\Roaming\5052 folder moved successfully. C:\Users\Computer\AppData\Roaming\5051\components folder moved successfully. C:\Users\Computer\AppData\Roaming\5051 folder moved successfully. C:\Users\Computer\AppData\Roaming\5050\components folder moved successfully. C:\Users\Computer\AppData\Roaming\5050 folder moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Computer ->Flash cache emptied: 6569 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Computer ->Temp folder emptied: 137621007 bytes ->Temporary Internet Files folder emptied: 20213555 bytes ->Java cache emptied: 943384 bytes ->FireFox cache emptied: 72663058 bytes ->Google Chrome cache emptied: 11400407 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 45087997 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 275,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12022011_131940 Files\Folders moved on Reboot... Registry entries deleted on Reboot... "öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch" die letzte anweisung begreife ich nicht wirklich leider. danke für den support. |
|
02.12.2011, 13:35
| #7 |
| /// Malware-holic | virus banker gen2 eset online scan du sollst nen doppelklick auf computer machen, auf c: auf _OTL dann nen rechtsklick auf moved files, dann mit winrar zip oder 7zip ein archiv erstellen und das wie in der verlinkten anleitung beschrieben hochladen was daran ist unklar?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.12.2011, 13:53
| #8 |
| | virus banker gen2 eset online scan danke. rechtsklick kommt nix mit zip oder so. oder archivupload channel begreife ich leider auch nicht. ist das system denn noch nicht clean? sorry aber ich beschäftige mich sonst nicht mit diesen dingen. |
|
02.12.2011, 14:02
| #9 |
| /// Malware-holic | virus banker gen2 eset online scan nein ist es nicht. lade mal winrar: http://www.chip.de/downloads/WinRAR-..._12994655.html dann pc neustarten. dann öffne computer, c: _OTL rechtsklick auf den ordner moved files und zu moved files.rar hinzufügen dann liest du diesen artikel: http://www.trojaner-board.de/54791-a...ner-board.html und lädst das archiv dann hoch, es befindet sich im ordner _OTL
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.12.2011, 14:05
| #10 |
| | virus banker gen2 eset online scan datei wurde hoch geladen. |
|
02.12.2011, 14:10
| #11 |
| /// Malware-holic | virus banker gen2 eset online scan danke nutzt du das system für onlinebanking, sonstige zahlungsabwicklungen, einkäufe oder sonst was wichtiges, wie zb berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.12.2011, 15:48
| #12 |
| | virus banker gen2 eset online scan ja, das tue ich. |
|
02.12.2011, 15:53
| #13 |
| /// Malware-holic | virus banker gen2 eset online scan hi, lasse umgehend dein onlinebanking sperren. falls deine bank nicht mehr erreichbar ist, notfall nummer: 116 116 der banker trojan den du auf dem pc hast ist auf deutsche banken spezialisiert. man kann nie sicher sagen, ob wir dieses system bereinigt bekommen, dies ist aber logischerweise nötig, wenn du nicht eines tages mit leerem konto da stehen willst, oder das jemand auf deinen namen waren bestellt hatt. deswegen musst du deine wichtigen daten sichern: Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de autorun deaktivieren, dann extern bilder dokumente musik vidios (persönliches) sichern. dann muss das system formatiert und windows neu aufgespielt werden, dazu bekommst du ne anleitung falls nötig. dann zeige ich dir wie du das system richtig absicherst. dann musst du alle deine passwörter endern. zum sicheren onlinebanking werd ich dann auch noch was sagen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.12.2011, 15:56
| #14 |
| | virus banker gen2 eset online scan danke. dazu muss ich mir erst ne festplatte extern kaufen. und wie ist es nun mit dem system? ist es clean? geht es noch weiter? danke und grüße aus dortmund süd. |
|
02.12.2011, 15:59
| #15 |
| /// Malware-holic | virus banker gen2 eset online scan das system wird nicht mehr als clean anzusehen sein, egal wie viele scans wir laufen lassen. du kannst es nutzen bis du die externe platte hast, solange du nichts machst wo du ein passwort eingeben musst. aber es muss formatiert werden damit du wieder online banking betreiben kannst
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu virus banker gen2 eset online scan |
| acer, acer aspire, appdata, banker, board, computer, downloader, downloads, escan, eset, found, gen, installer, log, online, onlinescan, problem, roaming, scan, search, service, trojan, variant, version, virus, virus banker gen2 eset, win, win32/softonicdownloader.a, win32/spy.banker.wyc |
Linear-Darstellung
