| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 50-€ Virus infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.02.2012, 04:40
| #1 | |
 |  50-€ Virus infiziert Hallo, bin ebenfalls von dem Virus "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert". Ein schwarzer Bildschirm und ich muss 50€ zahlen um den Virus loszuwerden  Hab schonmal Malwarebytes und OTL wie HIER(http://www.trojaner-board.de/109693-...blockiert.html) durchgeführt: hier die Logs: Malwarebytes: Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.02.2012 04:37:49 - Run 1 OTL by OldTimer - Version 3.2.33.0 Folder = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,44 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 64,56% Memory free 2,72 Gb Paging File | 2,12 Gb Available in Paging File | 77,72% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 53,68 Gb Total Space | 2,56 Gb Free Space | 4,77% Space Free | Partition Type: FAT32 Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32 Computer Name: ACER-A9CE03BBC6 | User Name: Poppel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.19 04:35:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\OTL.exe PRC - [2011.08.25 15:25:00 | 000,886,760 | ---- | M] (Search-Results) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.11.30 20:06:04 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.01.14 21:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.08.09 17:42:06 | 000,342,016 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2006.08.08 14:15:14 | 000,634,880 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe PRC - [2006.06.13 16:23:50 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe PRC - [2006.06.07 20:18:12 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe PRC - [2006.06.01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe PRC - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe PRC - [2006.04.27 12:09:50 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe PRC - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe PRC - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2001.12.12 01:32:56 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe ========== Modules (No Company Name) ========== MOD - [2012.01.11 15:57:58 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_22279648\mscorlib.dll MOD - [2012.01.11 15:57:56 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_21750a87\system.drawing.dll MOD - [2012.01.11 15:57:48 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cec5e857\system.xml.dll MOD - [2012.01.11 15:57:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_278b595e\system.windows.forms.dll MOD - [2012.01.11 15:57:28 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7e1616a1\system.dll MOD - [2012.01.11 15:57:18 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012.01.11 15:57:16 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011.02.06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2010.01.28 12:57:54 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.08.25 14:58:00 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll MOD - [2006.08.25 14:57:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006.08.25 14:57:58 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2006.08.25 14:57:58 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2006.08.25 14:57:58 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2006.08.25 14:57:20 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2006.08.25 14:57:20 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll MOD - [2006.08.15 21:10:00 | 001,403,904 | ---- | M] () -- C:\WINDOWS\system32\UIVCL.dll MOD - [2006.08.09 17:40:50 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\APISlice.dll MOD - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe MOD - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe MOD - [2006.06.02 14:08:58 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll MOD - [2006.05.19 16:09:40 | 000,352,256 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll MOD - [2006.04.27 12:10:38 | 000,192,616 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll MOD - [2006.04.27 12:10:38 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll MOD - [2006.04.27 12:10:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll MOD - [2006.04.27 12:10:38 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll MOD - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe MOD - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe MOD - [2006.03.30 00:05:20 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system\BisonCam.dll MOD - [2006.03.16 12:03:24 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll MOD - [2006.01.12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll MOD - [2005.11.04 17:07:22 | 000,151,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll MOD - [2005.11.04 17:02:18 | 000,007,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\locPcd.dll MOD - [2005.11.04 16:46:42 | 000,258,048 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaEmail.dll MOD - [2005.11.04 16:35:44 | 000,090,112 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll MOD - [2005.11.04 16:31:46 | 000,708,608 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll MOD - [2005.11.04 16:31:16 | 000,094,208 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll MOD - [2005.11.04 16:28:56 | 000,008,704 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll MOD - [2005.11.04 15:43:18 | 000,327,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx MOD - [2005.11.04 15:42:12 | 000,393,216 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESCom.dll MOD - [2005.11.04 15:23:16 | 000,421,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaEmail.esx MOD - [2005.11.04 15:21:02 | 000,266,240 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx MOD - [2005.11.04 15:20:38 | 000,091,648 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx MOD - [2005.11.04 15:19:06 | 000,162,304 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Pcd.esx MOD - [2005.11.04 15:18:12 | 000,203,776 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaControls.esx MOD - [2005.11.04 15:17:58 | 000,046,592 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll MOD - [2005.11.04 15:17:14 | 000,074,752 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx MOD - [2005.11.04 15:17:04 | 000,684,032 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll MOD - [2005.11.04 15:15:42 | 000,131,072 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll MOD - [2005.11.04 15:13:52 | 000,693,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESSkin.esx MOD - [2005.11.04 15:13:24 | 000,076,800 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\keml40.dll MOD - [2005.11.04 15:12:08 | 000,095,232 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\kpri40.dll MOD - [2005.11.04 15:07:16 | 000,186,880 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\AppCore.dll MOD - [2005.11.04 15:06:54 | 000,262,144 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KFx.dll MOD - [2005.11.04 15:06:12 | 000,059,392 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DibLibIP.dll MOD - [2005.11.04 15:06:00 | 000,299,520 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Atlas.dll MOD - [2005.11.04 15:05:18 | 000,032,768 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocCamBack.dll MOD - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe MOD - [2005.11.04 15:04:44 | 000,101,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx MOD - [2005.11.04 15:04:42 | 000,215,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll MOD - [2005.10.20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll MOD - [2005.10.11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll MOD - [2005.07.13 10:21:08 | 000,503,808 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCommon30.dll MOD - [2005.07.13 10:20:50 | 000,319,488 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxProc30.dll MOD - [2005.07.13 10:20:32 | 000,565,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxXML30.dll MOD - [2005.07.13 10:20:12 | 000,311,296 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxFF30.dll MOD - [2005.07.13 10:20:00 | 001,126,400 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCmp30.dll MOD - [2005.07.13 10:19:12 | 000,438,272 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxIm30.dll MOD - [2005.07.13 10:18:50 | 000,516,096 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxBase30.dll MOD - [2005.03.04 08:26:10 | 000,024,576 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KcmsMgr.dll MOD - [2003.06.07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ) SRV - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.03.30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS) ========== Driver Services (SafeList) ========== DRV - [2012.02.07 18:36:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.06.28 19:47:42 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 19:47:42 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 11:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.10.04 12:01:56 | 000,201,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2008.10.04 12:01:56 | 000,081,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2008.10.04 12:01:56 | 000,028,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2006.07.24 02:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.06.30 10:40:40 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2006.06.25 22:19:54 | 000,564,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006.06.08 17:54:24 | 000,017,664 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver) DRV - [2006.06.06 18:36:30 | 000,090,112 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver) DRV - [2006.06.02 13:59:54 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport) DRV - [2006.06.02 13:59:52 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport) DRV - [2006.06.02 13:59:50 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15) DRV - [2006.05.17 18:32:38 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2006.05.10 11:27:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.03.07 05:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2006.03.04 06:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006.03.04 06:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006.01.27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005.10.24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.10.18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.10.18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.06.16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam) DRV - [2005.03.31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit) DRV - [2005.03.31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP) DRV - [2005.03.31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps) DRV - [2005.03.31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K) DRV - [2005.03.31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint) DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search-results.com/?l=dis&o=41648036 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) [2006.12.15 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions [2011.12.24 21:01:34 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com [2011.08.25 15:21:20 | 000,003,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml [2006.12.15 19:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.10.22 21:25:44 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB} [2006.10.30 14:34:52 | 000,010,582 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml [2006.11.28 18:03:38 | 000,005,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml [2008.10.22 21:25:36 | 000,002,390 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\zumie.xml ========== Chrome ========== O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (no name) - {BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0} - No CLSID value found. O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O2 - BHO: (no name) - {E859E13A-569E-463D-BE84-A259AD7DB843} - No CLSID value found. O2 - BHO: (no name) - {F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found. O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Search-Results) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe ( ) O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe () O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\QTTask.exe (Apple Inc.) O4 - HKCU..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent File not found O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Poppel\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C6B3C2-A7C9-4320-BE0A-DD7D6D0200AA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\byXQKefG: DllName - (byXQKefG.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awttqnMe) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell - "" = AutoRun O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe O33 - MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "AntiVirService" MsConfig - Services: "AntiVirSchedulerService" MsConfig - StartUpReg: 557839895 - hkey= - key= - File not found MsConfig - StartUpReg: BisonBar - hkey= - key= - C:\WINDOWS\BUtilityBar\BisonBar.exe () MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found MsConfig - StartUpReg: portwexexe.exe - hkey= - key= - File not found MsConfig - StartUpReg: {D6F5BC5F-543D-5AFB-146E-FE8A27A8AC05} - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.16 18:13:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Poppel\Recent [2012.02.15 18:30:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\didi [2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies [2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Active@ ISO Burner [2012.02.05 18:30:38 | 023,229,504 | ---- | C] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe [2012.01.31 16:48:58 | 002,548,777 | ---- | C] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe [2012.01.31 16:30:38 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe [2012.01.29 17:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\BilderLernwerkstatt Mathe [2012.01.20 13:28:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Meine empfangenen Dateien ========== Files - Modified Within 30 Days ========== [2012.02.19 04:41:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job [2012.02.19 04:24:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.02.19 04:20:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.02.19 04:19:56 | 010,082,304 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mbb [2012.02.19 04:19:52 | 007,117,824 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mb [2012.02.19 04:18:10 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml [2012.02.19 04:18:08 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.02.19 04:17:46 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.02.19 04:17:44 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WefiStartup.job [2012.02.19 04:17:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.02.19 04:17:16 | 1542,107,136 | -HS- | M] () -- C:\hiberfil.sys [2012.02.19 04:03:16 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.19 04:02:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2012.02.19 04:02:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2012.02.19 04:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.02.16 18:51:32 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.02.16 18:50:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2012.02.16 18:50:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2012.02.16 18:13:02 | 001,281,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg [2012.02.16 18:03:44 | 000,009,289 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt [2012.02.15 22:48:16 | 000,000,153 | -H-- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt# [2012.02.15 22:46:42 | 000,012,468 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt [2012.02.15 19:31:34 | 000,013,364 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt [2012.02.15 16:35:26 | 000,011,157 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt [2012.02.14 18:22:02 | 000,013,814 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt [2012.02.08 01:19:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2012.02.08 01:19:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2012.02.06 21:52:42 | 006,381,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf [2012.02.05 23:35:14 | 000,227,980 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf [2012.02.05 18:32:44 | 023,229,504 | ---- | M] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe [2012.02.05 18:04:54 | 000,825,374 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp [2012.02.05 18:02:36 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp [2012.02.05 18:00:12 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp [2012.02.05 17:57:52 | 001,255,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg [2012.02.05 16:40:34 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp [2012.02.05 16:32:26 | 000,038,745 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG [2012.02.05 16:28:14 | 000,012,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt [2012.02.02 00:58:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2012.02.02 00:58:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2012.01.31 16:49:18 | 002,548,777 | ---- | M] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe [2012.01.31 16:31:00 | 004,179,293 | ---- | M] (Lavalys, Inc. ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe [2012.01.24 18:24:16 | 000,010,391 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt [2012.01.23 23:39:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm [2012.01.23 23:39:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2012.01.22 14:08:30 | 000,010,875 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt ========== Files Created - No Company Name ========== [2012.02.19 04:37:46 | 000,013,364 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt [2012.02.19 04:37:46 | 000,011,157 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt [2012.02.19 04:37:46 | 000,009,289 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt [2012.02.19 04:03:14 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.19 04:02:09 | 000,000,268 | -H-- | C] () -- C:\sqmdata16.sqm [2012.02.19 04:02:09 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm [2012.02.16 18:50:03 | 000,000,268 | -H-- | C] () -- C:\sqmdata15.sqm [2012.02.16 18:50:03 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm [2012.02.16 18:11:38 | 001,281,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg [2012.02.16 18:09:40 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.02.16 18:09:40 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.02.15 22:48:15 | 000,000,153 | -H-- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt# [2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.02.14 17:05:59 | 000,013,814 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt [2012.02.08 01:19:06 | 000,000,268 | -H-- | C] () -- C:\sqmdata14.sqm [2012.02.08 01:19:06 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm [2012.02.06 21:52:31 | 006,381,354 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf [2012.02.05 23:35:11 | 000,227,980 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf [2012.02.05 18:04:53 | 000,825,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp [2012.02.05 18:02:34 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp [2012.02.05 18:00:10 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp [2012.02.05 17:57:57 | 001,255,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg [2012.02.05 16:40:33 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp [2012.02.05 16:32:24 | 000,038,745 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG [2012.02.05 16:01:51 | 000,012,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt [2012.02.02 01:01:54 | 000,012,468 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt [2012.02.02 00:58:00 | 000,000,268 | -H-- | C] () -- C:\sqmdata13.sqm [2012.02.02 00:58:00 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm [2012.01.24 18:07:39 | 000,010,391 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt [2012.01.23 23:39:57 | 000,000,268 | -H-- | C] () -- C:\sqmdata12.sqm [2012.01.23 23:39:57 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm [2012.01.22 14:08:28 | 000,010,875 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt [2011.07.11 23:11:09 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\winscp.rnd [2011.03.11 06:36:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2007.11.03 11:38:50 | 000,094,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.12.15 05:34:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2006.08.29 11:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2006.12.15 19:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox [2008.04.11 07:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg [2009.05.17 07:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ImagesWords [2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EasyPCGate [2009.11.13 19:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 [2011.03.09 17:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2006.12.15 19:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Opera [2006.12.26 18:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\FileMaker [2006.12.29 12:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\RTPlayer [2007.07.08 13:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free [2008.10.04 18:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Spamihilator [2008.10.24 16:43:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller [2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\ImagesWords [2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\EasyPCGate [2009.11.09 20:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CoSoSys [2010.11.22 18:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\BBZ [2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko [2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx [2010.11.28 22:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org [2010.11.28 23:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Foxit Software [2011.02.15 19:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\SampleDecks [2011.06.16 20:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1 [2011.08.21 04:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\LolClient [2012.02.19 04:17:44 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WefiStartup.job [2012.02.19 04:41:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job [2012.02.19 04:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2004.09.13 12:09:24 | 000,000,000 | ---D | M] -- C:\I386 [2004.09.13 12:13:12 | 000,000,000 | ---D | M] -- C:\DOCS [2004.09.13 12:13:12 | 000,000,000 | ---D | M] -- C:\DOTNETFX [2004.09.13 12:13:22 | 000,000,000 | ---D | M] -- C:\SUPPORT [2004.09.13 12:13:26 | 000,000,000 | ---D | M] -- C:\VALUEADD [2004.09.13 12:14:16 | 000,000,000 | ---D | M] -- C:\ELEMENTS [2004.09.13 12:20:38 | 000,000,000 | ---D | M] -- C:\WINDOWS [2004.09.13 12:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2004.09.13 12:32:24 | 000,000,000 | ---D | M] -- C:\Programme [2006.08.25 14:21:04 | 000,000,000 | ---D | M] -- C:\BOOK [2006.08.25 14:21:18 | 000,000,000 | ---D | M] -- C:\Sysinfo [2006.08.29 10:59:16 | 000,000,000 | -HSD | M] -- C:\system volume information [2006.08.29 11:21:18 | 000,000,000 | ---D | M] -- C:\My Music [2006.12.15 05:37:44 | 000,000,000 | ---D | M] -- C:\Program Files [2006.12.15 05:38:56 | 000,000,000 | ---D | M] -- C:\Acer [2006.12.15 19:03:42 | 000,000,000 | -HSD | M] -- C:\Recycled [2006.12.26 19:11:44 | 000,000,000 | ---D | M] -- C:\KPCMS [2006.12.29 00:43:56 | 000,000,000 | ---D | M] -- C:\musik [2008.01.15 17:55:36 | 000,000,000 | ---D | M] -- C:\Games [2006.12.29 00:38:44 | 000,000,000 | R--D | M] -- C:\Eigene Musik [2010.03.03 18:38:00 | 000,000,000 | ---D | M] -- C:\scripts [2010.03.03 18:38:00 | 000,000,000 | ---D | M] -- C:\logs [2008.11.02 20:56:28 | 000,000,000 | ---D | M] -- C:\Belkin < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2005.04.07 19:47:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=64322E8399B205B7281FF883737A9B03 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe < MD5 for: REGEDIT.EXE > [2004.08.04 05:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\I386\REGEDIT.EXE [2004.08.04 05:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-16 15:56:59 < End of report > [/QUOTE] und die Extras.Txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.02.2012 04:37:49 - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,44 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 64,56% Memory free
2,72 Gb Paging File | 2,12 Gb Available in Paging File | 77,72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,68 Gb Total Space | 2,56 Gb Free Space | 4,77% Space Free | Partition Type: FAT32
Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32
Computer Name: ACER-A9CE03BBC6 | User Name: Poppel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\ART\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher
"8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher
"6945:TCP" = 6945:TCP:*:Enabled:League of Legends Launcher
"6945:UDP" = 6945:UDP:*:Enabled:League of Legends Launcher
"8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher
"8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6994:TCP" = 6994:TCP:*:Enabled:League of Legends Launcher
"6994:UDP" = 6994:UDP:*:Enabled:League of Legends Launcher
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe:*:Enabled:GMX Update
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts
"C:\Programme\EA GAMES\MOHAA\MOHAA.exe" = C:\Programme\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)
"C:\WINDOWS\System32\java.exe" = C:\WINDOWS\System32\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player Beta
"C:\Programme\AVG\AVG9\avgemc.exe" = C:\Programme\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Java\JRE6\launch4j-tmp\UltraMixer.exe" = C:\Programme\Java\JRE6\launch4j-tmp\UltraMixer.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"\" = C:\WINDOWS\system\dwm.exe:*:Enabled:KL
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{D0AB9921-CB80-4C1E-9509-637FB524AFA9}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{D0AB9921-CB80-4C1E-9509-637FB524AFA9}\bin\javaw.exe:*:Enabled:xp2p
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{1D243D6A-A01D-4029-B447-0E7ABAF3B541}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{1D243D6A-A01D-4029-B447-0E7ABAF3B541}\bin\javaw.exe:*:Enabled:xp2p
"D:\Programme\EA GAMES\Battlefield 2\BF2.exe" = D:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
"D:\Programme\Wolfenstein - Enemy Territory\ET.exe" = D:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Desktop\Battlefield 2\BF2.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\Battlefield 2\BF2.exe:*:Enabled:BF2
"C:\Dokumente und Einstellungen\Poppel\Desktop\Wolfenstein - Enemy Territory\ET.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Desktop\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\UnrealTournament\System\0CLICK.exe:*:Enabled:0CLICK
"C:\Dokumente und Einstellungen\Poppel\Desktop\scheiß shirtinator ich will die titten sehen\Age of Empires\EMPIRES.EXE" = C:\Dokumente und Einstellungen\Poppel\Desktop\scheiß shirtinator ich will die titten sehen\Age of Empires\EMPIRES.EXE:*:Enabled:Age of Empires
"C:\WINDOWS\System32\dplaysvr.exe" = C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Poppel\Desktop\hallo\Battlefield 2\Bf2_w32ded.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\hallo\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Battlefield 2\BF2.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Battlefield 2\BF2.exe:*:Enabled:BF2 -- ()
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{4D0A2FE6-88BD-4D8C-8B94-68717BB1D3D5}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{4D0A2FE6-88BD-4D8C-8B94-68717BB1D3D5}\bin\javaw.exe:*:Enabled:NETDIS-WSDEVNTS-In-TCP-Java
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Wolfenstein - Enemy Territory\ET.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\UnrealTournament\System\0CLICK.exe:*:Disabled:0CLICK
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Re-Volt\REVOLT.EXE" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Re-Volt\REVOLT.EXE:*:Enabled:REVOLT -- ()
"C:\Programme\Wolfenstein - Enemy Territory\ET.exe" = C:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari schule\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari schule\UnrealTournament\System\0CLICK.exe:*:Enabled:0CLICK -- ()
"D:\Riot Games\League of Legends\air\LolClient.exe" = D:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Riot Games\League of Legends\game\League of Legends.exe" = D:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"D:\Riot Games\League of Legends\lol.launcher.exe" = D:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00180407-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FC2DFF2-D86A-4775-8940-4081D60B4E1C}" = Philips Firmware Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.4.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA396ABC-98AF-4F4A-B0F8-EB160DFF344B}" = Acer OrbiCam Utility Bar
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cb8abcef-9183-4de7-9b90-3443479441f2}_is1" = SampleDecks 1.9.0
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"7-Zip" = 7-Zip 4.42
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BBZ" = BBZ 4.12 30.10.2010
"BeobachtungZeugnis_is1" = BeobachtungZeugnis
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"CFF5FD902CAD8828AC62E155C542E69D5439C37A" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"hp deskjet 930c series_Driver" = hp deskjet 930c series
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3081
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.61.1250" = Opera 11.61
"PhotoFiltre" = PhotoFiltre
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RealPlayer 6.0" = RealPlayer Basic
"Success 1.0" = Success 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueImage" = Acronis*TrueImage
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"xp-AntiSpy" = xp-AntiSpy 3.96-2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.02.2012 14:23:44 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3938
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7891
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7891
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11813
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11813
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29725031
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29725031
[ System Events ]
Error - 09.02.2012 13:13:25 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.35 für die Netzwerkkarte mit der Netzwerkadresse
0016CF9D054D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 09.02.2012 13:14:22 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 15.02.2012 11:10:54 | Computer Name = ACER-A9CE03BBC6 | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker hp deskjet
930c series, Freigabename Drucker4.
Error - 16.02.2012 12:53:28 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.29 für die Netzwerkkarte mit der Netzwerkadresse
0016CF9D054D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 16.02.2012 21:22:04 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.39 für die Netzwerkkarte mit der Netzwerkadresse
0016CF9D054D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 18.02.2012 11:35:09 | Computer Name = ACER-A9CE03BBC6 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "USER-B13783889A",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B1C6B3C2-A7C-Transport zu sein
scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 18.02.2012 14:23:35 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.39 für die Netzwerkkarte mit der Netzwerkadresse
0016CF9D054D wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 18.02.2012 22:58:31 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7034
Description = Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 18.02.2012 23:17:35 | Computer Name = ACER-A9CE03BBC6 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 18.02.2012 23:19:54 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
gagp30kx
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
< End of report >
[/QUOTE] Vielen Dank! Geändert von ricu123 (19.02.2012 um 04:43 Uhr) Grund: Verlinkung hat nicht funktioniert |
|
19.02.2012, 20:06
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | 50-€ Virus infiziert Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
19.02.2012, 23:41
| #3 | ||
| | 50-€ Virus infiziert nr1:
__________________Zitat:
nr2: Zitat:
|
|
20.02.2012, 10:34
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50-€ Virus infiziertZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.02.2012, 14:57
| #5 |
| | 50-€ Virus infiziert hi, weiss es leider nicht, soll ich es mal ausführen um zu sehen was es ist? |
|
20.02.2012, 15:29
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50-€ Virus infiziert Hallo?! Das Teil ist deinem Musikordner und du hast keine Ahnung wie das in "Rap-Musik" reinkommt?
__________________ --> 50-€ Virus infiziert |
|
20.02.2012, 15:33
| #7 |
| | 50-€ Virus infiziert Ums kurz zu sagen, ja. Ich informier mich mal im Internet was das sein könnte. gruß |
|
20.02.2012, 15:36
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50-€ Virus infiziertZitat:
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.02.2012, 18:48
| #9 |
| | 50-€ Virus infiziert Hi, hier die OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.02.2012 18:42:27 - Run 2 OTL by OldTimer - Version 3.2.33.1 Folder = C:\Dokumente und Einstellungen\Poppel\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,44 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 73,37% Memory free 2,72 Gb Paging File | 2,14 Gb Available in Paging File | 78,68% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 53,68 Gb Total Space | 2,47 Gb Free Space | 4,60% Space Free | Partition Type: FAT32 Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32 Computer Name: ACER-A9CE03BBC6 | User Name: Poppel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.20 18:41:36 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Desktop\OTL.exe PRC - [2012.02.19 21:42:42 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\RtkBtMnt.exe PRC - [2011.08.25 15:25:00 | 000,886,760 | ---- | M] (Search-Results) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.11.30 20:06:04 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.01.14 21:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.08.09 17:42:06 | 000,342,016 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2006.08.08 14:15:14 | 000,634,880 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe PRC - [2006.06.28 12:24:30 | 000,348,160 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe PRC - [2006.06.13 16:23:50 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe PRC - [2006.06.07 20:18:12 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe PRC - [2006.06.01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe PRC - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe PRC - [2006.04.27 12:10:10 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe PRC - [2006.04.27 12:09:50 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe PRC - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe PRC - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2001.12.12 01:32:56 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe ========== Modules (No Company Name) ========== MOD - [2012.01.11 15:57:58 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_22279648\mscorlib.dll MOD - [2012.01.11 15:57:56 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_21750a87\system.drawing.dll MOD - [2012.01.11 15:57:48 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cec5e857\system.xml.dll MOD - [2012.01.11 15:57:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_278b595e\system.windows.forms.dll MOD - [2012.01.11 15:57:28 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7e1616a1\system.dll MOD - [2012.01.11 15:57:18 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012.01.11 15:57:16 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011.02.06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2010.01.28 12:57:54 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.08.25 14:58:00 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll MOD - [2006.08.25 14:57:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006.08.25 14:57:58 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2006.08.25 14:57:58 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2006.08.25 14:57:58 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2006.08.25 14:57:20 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2006.08.25 14:57:20 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll MOD - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe MOD - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe MOD - [2006.06.02 14:08:58 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll MOD - [2006.05.19 16:09:40 | 000,352,256 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll MOD - [2006.04.27 12:10:38 | 000,192,616 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll MOD - [2006.04.27 12:10:38 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll MOD - [2006.04.27 12:10:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll MOD - [2006.04.27 12:10:38 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll MOD - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe MOD - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe MOD - [2006.03.30 00:05:20 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system\BisonCam.dll MOD - [2006.03.16 12:03:24 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll MOD - [2006.01.12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll MOD - [2005.11.04 17:07:22 | 000,151,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll MOD - [2005.11.04 17:02:18 | 000,007,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\locPcd.dll MOD - [2005.11.04 16:46:42 | 000,258,048 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaEmail.dll MOD - [2005.11.04 16:35:44 | 000,090,112 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll MOD - [2005.11.04 16:31:46 | 000,708,608 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll MOD - [2005.11.04 16:31:16 | 000,094,208 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll MOD - [2005.11.04 16:28:56 | 000,008,704 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll MOD - [2005.11.04 15:43:18 | 000,327,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx MOD - [2005.11.04 15:42:12 | 000,393,216 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESCom.dll MOD - [2005.11.04 15:23:16 | 000,421,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaEmail.esx MOD - [2005.11.04 15:21:02 | 000,266,240 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx MOD - [2005.11.04 15:20:38 | 000,091,648 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx MOD - [2005.11.04 15:19:06 | 000,162,304 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Pcd.esx MOD - [2005.11.04 15:18:12 | 000,203,776 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaControls.esx MOD - [2005.11.04 15:17:58 | 000,046,592 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll MOD - [2005.11.04 15:17:14 | 000,074,752 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx MOD - [2005.11.04 15:17:04 | 000,684,032 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll MOD - [2005.11.04 15:15:42 | 000,131,072 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll MOD - [2005.11.04 15:13:52 | 000,693,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESSkin.esx MOD - [2005.11.04 15:13:24 | 000,076,800 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\keml40.dll MOD - [2005.11.04 15:12:08 | 000,095,232 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\kpri40.dll MOD - [2005.11.04 15:07:16 | 000,186,880 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\AppCore.dll MOD - [2005.11.04 15:06:54 | 000,262,144 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KFx.dll MOD - [2005.11.04 15:06:12 | 000,059,392 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DibLibIP.dll MOD - [2005.11.04 15:06:00 | 000,299,520 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Atlas.dll MOD - [2005.11.04 15:05:18 | 000,032,768 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocCamBack.dll MOD - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe MOD - [2005.11.04 15:04:44 | 000,101,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx MOD - [2005.11.04 15:04:42 | 000,215,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll MOD - [2005.10.20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll MOD - [2005.10.11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll MOD - [2005.07.13 10:21:08 | 000,503,808 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCommon30.dll MOD - [2005.07.13 10:20:50 | 000,319,488 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxProc30.dll MOD - [2005.07.13 10:20:32 | 000,565,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxXML30.dll MOD - [2005.07.13 10:20:12 | 000,311,296 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxFF30.dll MOD - [2005.07.13 10:20:00 | 001,126,400 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCmp30.dll MOD - [2005.07.13 10:19:12 | 000,438,272 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxIm30.dll MOD - [2005.07.13 10:18:50 | 000,516,096 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxBase30.dll MOD - [2005.03.04 08:26:10 | 000,024,576 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KcmsMgr.dll MOD - [2003.06.07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ) SRV - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.03.30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS) ========== Driver Services (SafeList) ========== DRV - [2012.02.07 18:36:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.06.28 19:47:42 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 19:47:42 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 11:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.10.04 12:01:56 | 000,201,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2008.10.04 12:01:56 | 000,081,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2008.10.04 12:01:56 | 000,028,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2006.07.24 02:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.06.30 10:40:40 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2006.06.25 22:19:54 | 000,564,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006.06.08 17:54:24 | 000,017,664 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver) DRV - [2006.06.06 18:36:30 | 000,090,112 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver) DRV - [2006.06.02 13:59:54 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport) DRV - [2006.06.02 13:59:52 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport) DRV - [2006.06.02 13:59:50 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15) DRV - [2006.05.17 18:32:38 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2006.05.10 11:27:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.03.07 05:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2006.03.04 06:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006.03.04 06:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006.01.27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005.10.24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.10.18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.10.18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.06.16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam) DRV - [2005.03.31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit) DRV - [2005.03.31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP) DRV - [2005.03.31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps) DRV - [2005.03.31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K) DRV - [2005.03.31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint) DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ [binary data] IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search-results.com/?l=dis&o=41648036 IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) [2006.12.15 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions [2011.12.24 21:01:34 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com [2011.08.25 15:21:20 | 000,003,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml [2006.12.15 19:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.10.22 21:25:44 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB} [2006.10.30 14:34:52 | 000,010,582 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml [2006.11.28 18:03:38 | 000,005,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml [2008.10.22 21:25:36 | 000,002,390 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\zumie.xml ========== Chrome ========== O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (no name) - {BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0} - No CLSID value found. O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O2 - BHO: (no name) - {E859E13A-569E-463D-BE84-A259AD7DB843} - No CLSID value found. O2 - BHO: (no name) - {F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found. O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Search-Results) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe ( ) O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe () O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\QTTask.exe (Apple Inc.) O4 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent File not found O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Poppel\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C6B3C2-A7C9-4320-BE0A-DD7D6D0200AA}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\byXQKefG: DllName - (byXQKefG.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awttqnMe) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell - "" = AutoRun O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe O33 - MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "AntiVirService" MsConfig - Services: "AntiVirSchedulerService" MsConfig - StartUpReg: 557839895 - hkey= - key= - File not found MsConfig - StartUpReg: BisonBar - hkey= - key= - C:\WINDOWS\BUtilityBar\BisonBar.exe () MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found MsConfig - StartUpReg: portwexexe.exe - hkey= - key= - File not found MsConfig - StartUpReg: {D6F5BC5F-543D-5AFB-146E-FE8A27A8AC05} - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - File not found Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM File not found Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com) Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.20 18:41:34 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Desktop\OTL.exe [2012.02.19 21:47:41 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.02.16 18:13:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Poppel\Recent [2012.02.15 18:30:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\didi [2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies [2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Active@ ISO Burner [2012.02.05 18:30:38 | 023,229,504 | ---- | C] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe [2012.01.31 16:48:58 | 002,548,777 | ---- | C] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe [2012.01.31 16:30:38 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe [2012.01.29 17:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\BilderLernwerkstatt Mathe [2007.11.03 11:38:50 | 000,094,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.12.15 05:42:32 | 000,041,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2006.12.15 05:34:20 | 002,813,702 | -H-- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2006.12.15 05:34:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== Files - Modified Within 30 Days ========== [2012.02.20 18:41:36 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Desktop\OTL.exe [2012.02.20 18:38:52 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job [2012.02.20 18:24:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.02.20 18:24:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.02.20 18:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.02.19 21:44:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2012.02.19 21:44:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2012.02.19 21:44:36 | 010,082,304 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mbb [2012.02.19 21:44:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.02.19 21:44:32 | 007,117,824 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mb [2012.02.19 21:42:26 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.02.19 21:42:26 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml [2012.02.19 21:42:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WefiStartup.job [2012.02.19 21:42:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.02.19 21:42:00 | 1542,107,136 | -HS- | M] () -- C:\hiberfil.sys [2012.02.19 21:36:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm [2012.02.19 21:36:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2012.02.19 04:03:16 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.19 04:02:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2012.02.19 04:02:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2012.02.16 18:51:32 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.02.16 18:50:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2012.02.16 18:50:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2012.02.16 18:13:02 | 001,281,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg [2012.02.16 18:03:44 | 000,009,289 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt [2012.02.15 22:48:16 | 000,000,153 | -H-- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt# [2012.02.15 22:46:42 | 000,012,468 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt [2012.02.15 19:31:34 | 000,013,364 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt [2012.02.15 16:35:26 | 000,011,157 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt [2012.02.14 18:22:02 | 000,013,814 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt [2012.02.08 01:19:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2012.02.08 01:19:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2012.02.06 21:52:42 | 006,381,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf [2012.02.05 23:35:14 | 000,227,980 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf [2012.02.05 18:32:44 | 023,229,504 | ---- | M] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe [2012.02.05 18:04:54 | 000,825,374 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp [2012.02.05 18:02:36 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp [2012.02.05 18:00:12 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp [2012.02.05 17:57:52 | 001,255,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg [2012.02.05 16:40:34 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp [2012.02.05 16:32:26 | 000,038,745 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG [2012.02.05 16:28:14 | 000,012,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt [2012.02.02 00:58:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm [2012.02.02 00:58:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2012.01.31 16:49:18 | 002,548,777 | ---- | M] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe [2012.01.31 16:31:00 | 004,179,293 | ---- | M] (Lavalys, Inc. ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe [2012.01.24 18:24:16 | 000,010,391 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt [2012.01.23 23:39:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm [2012.01.23 23:39:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2012.01.22 14:08:30 | 000,010,875 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt ========== Files Created - No Company Name ========== [2012.02.19 21:44:51 | 000,000,268 | -H-- | C] () -- C:\sqmdata18.sqm [2012.02.19 21:44:51 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm [2012.02.19 21:36:19 | 000,000,268 | -H-- | C] () -- C:\sqmdata17.sqm [2012.02.19 21:36:19 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm [2012.02.19 04:37:46 | 000,013,364 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt [2012.02.19 04:37:46 | 000,011,157 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt [2012.02.19 04:37:46 | 000,009,289 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt [2012.02.19 04:03:14 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.19 04:02:09 | 000,000,268 | -H-- | C] () -- C:\sqmdata16.sqm [2012.02.19 04:02:09 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm [2012.02.16 18:50:03 | 000,000,268 | -H-- | C] () -- C:\sqmdata15.sqm [2012.02.16 18:50:03 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm [2012.02.16 18:11:38 | 001,281,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg [2012.02.16 18:09:40 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.02.16 18:09:40 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.02.15 22:48:15 | 000,000,153 | -H-- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt# [2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012.02.14 17:05:59 | 000,013,814 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt [2012.02.08 01:19:06 | 000,000,268 | -H-- | C] () -- C:\sqmdata14.sqm [2012.02.08 01:19:06 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm [2012.02.06 21:52:31 | 006,381,354 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf [2012.02.05 23:35:11 | 000,227,980 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf [2012.02.05 18:04:53 | 000,825,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp [2012.02.05 18:02:34 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp [2012.02.05 18:00:10 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp [2012.02.05 17:57:57 | 001,255,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg [2012.02.05 16:40:33 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp [2012.02.05 16:32:24 | 000,038,745 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG [2012.02.05 16:01:51 | 000,012,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt [2012.02.02 01:01:54 | 000,012,468 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt [2012.02.02 00:58:00 | 000,000,268 | -H-- | C] () -- C:\sqmdata13.sqm [2012.02.02 00:58:00 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm [2012.01.24 18:07:39 | 000,010,391 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt [2012.01.23 23:39:57 | 000,000,268 | -H-- | C] () -- C:\sqmdata12.sqm [2012.01.23 23:39:57 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm [2012.01.22 14:08:28 | 000,010,875 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt [2011.07.11 23:11:09 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\winscp.rnd [2011.03.11 06:36:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll ========== LOP Check ========== [2006.08.29 11:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2006.12.15 19:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox [2008.04.11 07:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg [2009.05.17 07:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ImagesWords [2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EasyPCGate [2009.11.13 19:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 [2011.03.09 17:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2006.12.15 19:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Opera [2006.12.26 18:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\FileMaker [2006.12.29 12:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\RTPlayer [2007.07.08 13:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free [2008.10.04 18:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Spamihilator [2008.10.24 16:43:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller [2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\ImagesWords [2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\EasyPCGate [2009.11.09 20:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CoSoSys [2010.11.22 18:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\BBZ [2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko [2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx [2010.11.28 22:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org [2010.11.28 23:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Foxit Software [2011.02.15 19:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\SampleDecks [2011.06.16 20:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1 [2011.08.21 04:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\LolClient [2012.02.19 21:42:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WefiStartup.job [2012.02.20 18:38:52 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job [2012.02.20 18:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2004.09.13 12:38:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Identities [2006.08.29 11:21:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\You've Got Pictures Screensaver [2006.08.29 11:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\AOL [2008.04.14 04:22:46 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Microsoft [2006.12.15 05:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Macromedia [2006.12.15 19:01:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla [2006.12.15 19:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Opera [2006.12.15 19:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Lavasoft [2006.12.26 18:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\FileMaker [2006.12.27 14:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CyberLink [2006.12.28 10:14:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Sun [2006.12.29 12:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\RTPlayer [2007.01.01 20:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Help [2007.01.20 16:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org2 [2007.06.17 12:58:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Google [2007.07.08 13:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free [2008.08.23 10:08:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\vlc [2008.10.04 18:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Spamihilator [2008.10.24 16:43:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller [2008.11.25 20:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Adobe [2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\ImagesWords [2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\EasyPCGate [2009.11.09 20:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CoSoSys [2010.11.22 18:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\BBZ [2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko [2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx [2010.11.28 22:05:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Malwarebytes [2010.11.28 22:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org [2010.11.28 23:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Avira [2010.11.28 23:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Foxit Software [2011.02.15 19:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\SampleDecks [2011.03.09 17:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Apple Computer [2011.06.16 20:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1 [2011.08.21 04:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\LolClient < %APPDATA%\*.exe /s > [2011.06.16 20:18:50 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2008.10.24 16:43:14 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller\msnauins.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVATA.SYS > [2006.01.27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2007.03.08 17:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2012.02.07 18:36:28 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2004.09.13 12:24:16 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav [2004.09.13 12:24:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004.09.13 12:24:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > gruß |
|
20.02.2012, 21:18
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50-€ Virus infiziert Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.search-results.com/?l=dis&o=41648036
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
[2006.12.15 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions
[2011.12.24 21:01:34 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com
[2011.08.25 15:21:20 | 000,003,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml
[2006.12.15 19:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.22 21:25:44 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2006.10.30 14:34:52 | 000,010,582 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml
[2006.11.28 18:03:38 | 000,005,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml
[2008.10.22 21:25:36 | 000,002,390 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\zumie.xml
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0} - No CLSID value found.
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (no name) - {E859E13A-569E-463D-BE84-A259AD7DB843} - No CLSID value found.
O2 - BHO: (no name) - {F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent File not found
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - Winlogon\Notify\byXQKefG: DllName - (byXQKefG.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awttqnMe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell - "" = AutoRun
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
[2008.04.11 07:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2012, 14:17
| #11 |
| | 50-€ Virus infiziert Hallo, bei diesem Eintrag: Code:
ATTFilter O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
Was soll ich jetzt tun? Gruß  |
|
21.02.2012, 15:47
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50-€ Virus infiziert Probier den FIx im abgesicherten Modus aus
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2012, 19:26
| #13 |
| | 50-€ Virus infiziert Selbes Problem im abgesichterten Modus! Hab mal nachgeschaut die Datei mit dem Pfad (C:\Programme\Ask.com\GenericAskToolbar.dll) existiert garnicht? |
|
21.02.2012, 19:30
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 50-€ Virus infiziert Dann nimm mal nur diese Zeile raus dem Fixscript und probiers erneut
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2012, 15:29
| #15 |
| | 50-€ Virus infiziert Musste jetzt: Code:
ATTFilter O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
Code:
ATTFilter O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Folder C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\ not found.
Folder C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com\ not found.
File C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml not found.
Folder C:\Programme\Mozilla Firefox\extensions\ not found.
Folder C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}\ not found.
File C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml not found.
File C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml not found.
File C:\Programme\mozilla firefox\searchplugins\zumie.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
File C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E859E13A-569E-463D-BE84-A259AD7DB843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E859E13A-569E-463D-BE84-A259AD7DB843}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ not found.
File C:\WINDOWS\system32\eDStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B99F805C-F0B1-48EA-8C8B-753BFCBED913} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B99F805C-F0B1-48EA-8C8B-753BFCBED913}\ not found.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
File C:\WINDOWS\system32\eDStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byXQKefG\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\awttqnMe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
File F:\Windows\CHECK\DriveNavigator.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\ not found.
File F:\Toshiba\more4you.exe not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg folder moved successfully.
C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko folder moved successfully.
C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35993 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1057171 bytes
->FireFox cache emptied: 0 bytes
User: Poppel
->Temp folder emptied: 48740456 bytes
->Temporary Internet Files folder emptied: 7433580 bytes
->Java cache emptied: 300221 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6052679 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 56972 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840818 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 62,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.33.1 log created on 02222012_152838
Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_9a8.dat moved successfully.
Registry entries deleted on Reboot...
|
|
| Themen zu 50-€ Virus infiziert |
| 0x00000001, 0xc0000001, 7-zip, antivir, askbar, avira, bho, bildschirm, blockiert, bonjour, dateisystem, desktop, document, error, explorer, fehler, firefox, format, frage, heuristiks/extra, heuristiks/shuriken, home, internet browser, launch, league of legends, logfile, plug-in, pup.zwangi, realtek, registry, rundll, safer networking, schutz, schwarzer bildschirm, security update, software, studio, temp, torrent.exe, udp, version=1.0, virus, windows internet, winlogon.exe |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
