| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.05.2012, 20:07
| #1 |
| |  AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen Hallo. Mein Rechner hat mir im Ordner AppData\Roaming eine Datei gemeldet, die anscheinend der Trojaner Spy.Gen sein soll. AntiVir hat probiert die Datei zu löschen, aber das hat nicht funktioniert. Nach einer kleinen Internetrecherche habe ich dann erstmal den Komplettscan von Malwarebytes laufen lassen. Der hat 8 Funde gehabt und konnte die anscheinend nach einem Neustart auch alle löschen. Zumindest hat der Quickscan nach dem Neustart keine Funde mehr gehabt. Ich habe probiert, mich an die Regeln zu halten, aber leider konnte ich diesen dds-Download nicht machen. Vielleicht weil ich gerade im Hochschulnetz unterwegs bin. Den Defogger habe ich laufen lassen. Einen Neustart wollte er nicht haben. Die genauen Angaben von AntiVir kann ich leider nicht angeben, da ich nicht weiß, wo ich sie jetzt hernehmen soll. Nach dem durch Malwarebytes verordneten Neustart zeigt es den Fund nicht mehr an. Dafür aber zwei neue, die aber anscheinend behoben werden konnten. Zumindest wurden sie je nur einmal angezeigt und nicht immer wieder wie der Spy.Gen. Die Namen und den Fundort hab ich mir aber leider nicht gemerkt gerade eben. Ich versuche mal die Log-Dateien von Malwarebytes anzuhängen und hoffe, dass mir geholfen werden kann. Vielleicht ist der Rechner ja auch schon wieder sauber, aber hier steht ja überall, dass der Rechner nicht unbedingt sauber sein muss, wenn nichts mehr gefunden wird. Bitte sagt mir was fehlt, wenn was fehlt, um mir zu helfen. Viele Grüße und Danke im Voraus, Steini ---Log-Datei direkt nach dem Scan--- Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.11.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] Schutz: Aktiviert 11.05.2012 18:33:25 mbam-log-2012-05-11 (20-20-37).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 372925 Laufzeit: 1 Stunde(n), 43 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\***\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\***\Downloads\casinoaction.exe (PUP.Casino.Gen) -> Keine Aktion durchgeführt. C:\Users\***\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt. (Ende) ---Log-Datei nachdem ich einen Haken an alle Funde gemacht habe und dann den Entfernen-Button geklickt habe--- Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.11.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] Schutz: Aktiviert 11.05.2012 18:33:25 mbam-log-2012-05-11 (18-33-25).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 372925 Laufzeit: 1 Stunde(n), 43 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\***\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\***\Downloads\casinoaction.exe (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart. (Ende) ---Log-Datei nach dem Quickscan nach Neustart--- Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.11.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] Schutz: Aktiviert 11.05.2012 20:35:02 mbam-log-2012-05-11 (20-35-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206246 Laufzeit: 10 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
11.05.2012, 22:23
| #2 | |||
| /// Helfer-Team    | AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen: Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
2. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw gruß kira
__________________ |
|
12.05.2012, 15:40
| #3 |
| | AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 12.05.2012 16:19:18 - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\acer\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 60,65% Memory free 7,71 Gb Paging File | 5,91 Gb Available in Paging File | 76,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 60,49 Gb Free Space | 25,97% Space Free | Partition Type: NTFS Computer Name: ACER-PC | User Name: acer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\acer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla\Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Mozilla\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla\Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla\Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla\Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla\Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Mozilla\Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\DRIVERS\AF15BDA.sys (ITETech ) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys (Realtek Semiconductor Corporation ) DRV - (NinjaUSB) -- C:\Windows\SysWOW64\drivers\NinjaUSB.sys () DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.hotmail.com" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.04.15 19:51:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2011.05.08 12:15:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla\Thunderbird\components [2012.05.10 13:59:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\acer\AppData\Roaming\11023 [2012.05.11 18:57:55 | 000,000,000 | ---D | M] [2010.12.20 21:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions [2010.12.20 21:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.03 14:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions [2010.07.16 14:05:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.29 22:23:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.16 00:43:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.10 09:09:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com [2010.08.03 14:55:19 | 000,002,361 | ---- | M] () -- C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\6lqgvnj2.default\searchplugins\ecosia.xml [2012.05.07 18:52:59 | 000,008,130 | ---- | M] () -- C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\6lqgvnj2.default\searchplugins\moviepilot.xml [2012.05.03 14:02:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6LQGVNJ2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Performance Center] C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe -m File not found O4 - HKLM..\Run: [StartCCC] C:\ATI\Update\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe File not found O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.173.245.9 131.173.245.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{149947A4-F016-49BC-A41C-3B369D5D0067}: DhcpNameServer = 131.173.245.9 131.173.245.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81DC895A-DA8A-4E4D-9E93-81090B43754A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\Shell - "" = AutoRun O33 - MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe O33 - MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\Shell\AutoRun\command - "" = G:\ O33 - MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{dba2c640-8110-11de-ba0f-00163689a870}\Shell\AutoRun\command - "" = WDSetup.exe O33 - MountPoints2\{fc191942-093d-11df-a274-00163689a870}\Shell\AutoRun\command - "" = w9hw8.exe O33 - MountPoints2\{fc191942-093d-11df-a274-00163689a870}\Shell\open\Command - "" = w9hw8.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.12 16:17:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe [2012.05.11 18:57:55 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\11023 [2012.05.11 18:24:26 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Malwarebytes [2012.05.11 18:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.11 18:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.11 18:24:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.11 18:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.11 18:17:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.10 11:36:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll [2012.05.10 11:36:32 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.10 11:36:31 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012.05.10 11:36:31 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012.05.10 11:36:31 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012.05.10 11:36:31 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012.05.10 11:36:12 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.08 17:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.05.08 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.05.08 17:33:25 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\11022 [2012.05.05 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\UAs [2012.05.04 14:34:18 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\11021 [2012.05.02 07:56:12 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.05.02 07:56:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.05.02 07:56:08 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.05.02 07:56:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.05.02 07:56:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.05.02 07:56:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.05.02 07:56:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.05.02 07:56:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.05.02 07:56:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.05.02 07:56:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.05.02 07:56:03 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.05.01 20:37:45 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.05.01 19:43:42 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.05.01 19:43:21 | 000,772,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll [2012.05.01 19:43:21 | 000,419,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll [2012.05.01 19:43:21 | 000,136,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl100.dll [2012.05.01 19:43:21 | 000,080,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcm100u.dll [2012.05.01 19:43:20 | 004,421,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc100u.dll [2012.04.29 12:24:55 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\11019 [2012.04.16 11:38:26 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\11013 [2012.04.16 11:37:55 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\xmldm [2012.04.16 11:37:54 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\kock [2012.04.16 03:09:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.04.16 03:09:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.04.16 03:09:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.04.16 03:09:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.04.16 03:09:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.04.16 03:09:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.04.16 03:09:29 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.04.16 03:09:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.04.16 03:09:29 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.04.16 03:09:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.04.16 03:09:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.04.16 03:09:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.04.16 03:09:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.04.16 03:09:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.04.16 03:09:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.04.16 03:09:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.04.16 03:09:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.04.16 03:09:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.04.16 03:09:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.04.16 03:09:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.04.16 03:09:24 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.04.16 03:09:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.04.16 03:09:24 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.04.16 03:09:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.04.16 03:09:24 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll [2012.04.16 03:09:24 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.04.16 03:09:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.04.16 03:09:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.04.16 03:09:18 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.04.16 03:09:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.04.16 03:09:18 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.04.16 03:09:17 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.04.16 03:09:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.04.16 03:09:17 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.04.16 03:09:17 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll [2012.04.16 03:09:17 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.04.16 03:09:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.04.16 03:09:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.04.16 03:09:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.04.16 03:09:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.04.16 03:09:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.04.16 03:09:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.04.16 03:09:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.04.16 03:09:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.04.16 03:09:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.04.16 03:09:15 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.04.16 03:09:15 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.04.16 03:09:15 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.04.16 03:09:15 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.04.16 03:09:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.04.16 03:09:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.04.16 03:09:14 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.04.16 03:09:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.04.16 03:09:14 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.04.16 03:09:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.04.16 03:09:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.04.16 03:09:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.04.16 03:09:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.04.16 03:09:13 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.04.16 03:09:13 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.04.16 03:09:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.04.16 03:09:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.04.16 03:09:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.04.16 03:06:46 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll [2012.04.16 03:06:45 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll [2012.04.16 03:06:45 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll [2012.04.16 03:06:45 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll [2012.04.16 03:06:45 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll [2012.04.16 03:06:45 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll [2012.04.16 03:06:44 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2012.04.16 03:06:44 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2012.04.16 03:06:44 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2012.04.16 03:06:44 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2012.04.16 03:06:44 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2012.04.16 03:06:44 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll [2012.04.16 03:06:44 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe [2012.04.16 03:06:43 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2012.04.16 03:06:43 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll [2012.04.16 03:06:43 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll [2012.04.16 03:06:42 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll [2012.04.16 03:06:36 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2012.04.16 03:06:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2012.04.16 03:06:32 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.04.16 03:06:31 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2012.04.16 03:06:31 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2012.04.16 03:06:30 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe [2012.04.16 03:06:30 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2012.04.16 03:06:30 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv [2012.04.16 03:06:30 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2012.04.16 03:06:30 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll [2012.04.16 03:06:29 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll [2012.04.16 03:06:29 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll [2012.04.16 03:06:29 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll [2012.04.16 03:06:29 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2012.04.16 03:06:27 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll [2012.04.16 03:06:27 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2012.04.16 03:06:27 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2012.04.16 03:06:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2012.04.13 09:42:50 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.04.13 09:42:50 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012.04.13 09:42:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ] [1 C:\Users\acer\AppData\Roaming\*.tmp files -> C:\Users\acer\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.12 16:19:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.12 16:17:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe [2012.05.12 16:16:12 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.12 16:16:12 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.12 16:06:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.12 16:06:01 | 000,406,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.12 16:05:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.11 21:56:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.05.11 20:36:29 | 000,000,000 | ---- | M] () -- C:\Users\acer\defogger_reenable [2012.05.11 19:44:59 | 000,050,477 | ---- | M] () -- C:\Users\acer\Desktop\Defogger.exe [2012.05.11 18:57:49 | 000,007,360 | ---- | M] () -- C:\Users\acer\AppData\Roaming\BAcroIEHelpe120.dll [2012.05.11 18:57:48 | 000,218,592 | ---- | M] () -- C:\Users\acer\AppData\Roaming\AcroIEHelpe120.dll [2012.05.11 18:05:10 | 000,000,016 | ---- | M] () -- C:\Users\acer\AppData\Roaming\blckdom.res [2012.05.10 14:50:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.05.05 15:09:37 | 000,000,680 | ---- | M] () -- C:\Users\acer\AppData\Local\d3d9caps.dat [2012.05.03 14:21:10 | 000,000,668 | ---- | M] () -- C:\Users\acer\Desktop\Diplomarbeit.lnk [2012.05.01 21:49:49 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.01 21:49:49 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.01 21:49:49 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.01 21:49:49 | 000,122,842 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.01 21:49:49 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.18 13:49:50 | 000,405,176 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.04.16 03:09:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat [2012.04.16 03:09:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat [2012.04.16 03:09:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat [2012.04.16 03:09:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat [2012.04.16 03:09:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.04.16 03:09:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.04.16 03:09:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.04.16 03:09:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.04.16 03:09:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.04.16 03:09:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.04.16 03:09:29 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.04.16 03:09:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.04.16 03:09:29 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.04.16 03:09:28 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.04.16 03:09:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.04.16 03:09:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.04.16 03:09:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.04.16 03:09:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.04.16 03:09:28 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.04.16 03:09:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.04.16 03:09:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.04.16 03:09:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.04.16 03:09:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.04.16 03:09:25 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.04.16 03:09:25 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.04.16 03:09:24 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.04.16 03:09:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.04.16 03:09:24 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.04.16 03:09:24 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.04.16 03:09:24 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll [2012.04.16 03:09:24 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.04.16 03:09:24 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.04.16 03:09:24 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.04.16 03:09:18 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.04.16 03:09:18 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.04.16 03:09:18 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.04.16 03:09:18 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.04.16 03:09:17 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.04.16 03:09:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.04.16 03:09:17 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.04.16 03:09:17 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll [2012.04.16 03:09:17 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.04.16 03:09:17 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.04.16 03:09:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.04.16 03:09:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.04.16 03:09:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.04.16 03:09:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.04.16 03:09:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.04.16 03:09:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.04.16 03:09:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.04.16 03:09:15 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.04.16 03:09:15 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.04.16 03:09:15 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.04.16 03:09:15 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.04.16 03:09:15 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.04.16 03:09:15 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.04.16 03:09:14 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.04.16 03:09:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.04.16 03:09:14 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.04.16 03:09:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.04.16 03:09:14 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.04.16 03:09:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.04.16 03:09:14 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.04.16 03:09:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.04.16 03:09:13 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.04.16 03:09:13 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.04.16 03:09:12 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.04.16 03:09:12 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.04.16 03:09:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.04.16 03:06:46 | 001,257,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll [2012.04.16 03:06:46 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll [2012.04.16 03:06:45 | 000,428,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll [2012.04.16 03:06:45 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll [2012.04.16 03:06:45 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll [2012.04.16 03:06:45 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll [2012.04.16 03:06:44 | 003,548,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2012.04.16 03:06:44 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2012.04.16 03:06:44 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2012.04.16 03:06:44 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2012.04.16 03:06:44 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2012.04.16 03:06:44 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll [2012.04.16 03:06:44 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe [2012.04.16 03:06:43 | 001,204,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2012.04.16 03:06:43 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll [2012.04.16 03:06:43 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll [2012.04.16 03:06:42 | 000,748,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll [2012.04.16 03:06:36 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2012.04.16 03:06:36 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2012.04.16 03:06:32 | 000,566,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.04.16 03:06:31 | 001,268,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2012.04.16 03:06:31 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2012.04.16 03:06:30 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe [2012.04.16 03:06:30 | 000,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2012.04.16 03:06:30 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv [2012.04.16 03:06:30 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2012.04.16 03:06:30 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll [2012.04.16 03:06:29 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll [2012.04.16 03:06:29 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll [2012.04.16 03:06:29 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll [2012.04.16 03:06:29 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2012.04.16 03:06:27 | 003,068,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll [2012.04.16 03:06:27 | 001,653,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2012.04.16 03:06:27 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2012.04.16 03:06:27 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ] [1 C:\Users\acer\AppData\Roaming\*.tmp files -> C:\Users\acer\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.11 20:36:29 | 000,000,000 | ---- | C] () -- C:\Users\acer\defogger_reenable [2012.05.11 19:44:58 | 000,050,477 | ---- | C] () -- C:\Users\acer\Desktop\Defogger.exe [2012.05.11 18:57:49 | 000,007,360 | ---- | C] () -- C:\Users\acer\AppData\Roaming\BAcroIEHelpe120.dll [2012.05.11 18:57:48 | 000,218,592 | ---- | C] () -- C:\Users\acer\AppData\Roaming\AcroIEHelpe120.dll [2012.05.03 14:21:10 | 000,000,668 | ---- | C] () -- C:\Users\acer\Desktop\Diplomarbeit.lnk [2012.04.16 11:38:03 | 000,000,016 | ---- | C] () -- C:\Users\acer\AppData\Roaming\blckdom.res [2012.04.16 03:09:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.04.16 03:09:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.07.23 00:00:29 | 000,000,157 | ---- | C] () -- C:\Users\acer\AppData\Local\svc2dll.dat [2010.10.11 15:17:03 | 000,001,490 | ---- | C] () -- C:\Users\acer\AppData\Local\RecConfig.xml [2010.07.14 22:24:16 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.05.2012 16:19:18 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\acer\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 60,65% Memory free
7,71 Gb Paging File | 5,91 Gb Available in Paging File | 76,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 60,49 Gb Free Space | 25,97% Space Free | Partition Type: NTFS
Computer Name: ACER-PC | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 6A 45 96 C7 D7 E9 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0367972A-A65B-4881-AA28-9EDC069912DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{087B8FE2-7311-4BEB-AF0C-524FF1A46BC3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0E958350-E963-4F88-83E7-0D40B069A753}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1065F5E4-FA1F-41F7-BC46-62489EADEB43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1103CDFE-340E-4B04-8B9D-FF73CAB71EF8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{12C3DFD2-0CCC-4578-BC87-CB53A9A70376}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1BE4D439-C335-46BA-90CD-001C1E853A83}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F13C911-0825-41D4-AB92-D6803415CA5A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{211DD3B1-2FB3-4C81-95EE-5ED5843C2E97}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{23D51A42-3087-4749-AC79-AD9568D5DAE4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{26D3E49D-17BB-40A9-88AF-05E68788107A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29A6A1E1-242C-4297-B30C-4F216A86B99B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3841F094-016F-4C57-B820-469E22E395B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F986C0C-18A5-4C55-B97D-3B1F9EA6CCA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F0DB38F-58D5-498E-845D-974A3C8956DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5CD9C156-13A1-40F8-A47E-98839629D251}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65A261CE-8829-44A5-8883-3B40CAE971C3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6D46504E-1CF1-4B10-9DD2-4E0FD336C0F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C384D40-5A07-4741-A04A-CB187039EF18}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ADD0EB09-AFE8-4E0C-ACC9-0991AD1EFCB4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0FD0234-E7CF-47FE-8C9D-3EB17E0E88DC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CEE2329E-FED4-4596-BC6C-460B474E7FAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9E40563-7FAB-44F7-BA9A-AEA99F35D388}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DEC07AC9-C66E-4515-A38F-72527DED8CE4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E4821BAA-5FE4-467D-8FF4-CB8A2FF54933}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F0731AB7-C349-4EB9-9C46-1DF578A88057}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{191325D0-44BE-438C-AA78-5A0654026C0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CD918CC-4E73-42BC-9B47-CFF84EE6A51A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EF07557-7EF0-4E39-A4E8-7CF99C0F247E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{205625EC-E620-40E9-B174-27D447181F26}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2C467438-9209-48CA-98EC-FE2B1DB998F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EF14FC6-40F1-4F6A-9174-6D75A071A6C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{631A91B2-28F3-4175-B877-F3B9A6C78220}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{650A51D9-ABAC-44E2-98C0-FE0D2702BC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6D6BDD67-821B-4149-93B9-F8D0F3A85B69}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{837966C1-997D-4CA9-8AD7-4618511D728D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{871833A3-641A-41CC-BEAF-27DAAD719F95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A3728FB-C768-4F02-B961-22155279D501}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B99D4C6-B5CB-484B-B502-2E29F92E9A69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D90A929-E530-40D8-8210-CB49B3DAEFA6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F889015-0A29-4928-869B-308FF2FF2033}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{94774BE6-6DD9-4798-9A1A-B626A35B5617}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{95C53F17-C83A-4419-8827-DAEAB33346FD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{9C326B71-50C7-4672-900A-C39E5E3E3331}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{A0EC8EAF-4CA0-430D-A001-E08636AF8B39}" = protocol=6 | dir=out | app=system |
"{A4608754-6906-494C-A03D-247014461D13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8123C92-18EB-4E7C-9E7D-CF67388E38D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B06CB572-4ED7-4B7C-859A-C9FCB0AEC629}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0BE8C01-B63E-4D34-9991-42F9C8FF70FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B9FFCCA9-4396-4D3C-9CD5-EF5B8B2D2A84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DA7647EF-B7A0-4E67-84C1-892425B0FF6B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DBFDFAF3-09CC-45DA-9B51-6A8313DDC256}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA2AA23-D2B4-4C16-8945-C888E2574FAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7C5729F-3FE8-4506-B97C-831E949DB5F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0BDBCA74-E9B3-4E2C-9F10-73BF835ED5F6}C:\users\acer\appdata\local\svc2dll.exe" = protocol=6 | dir=in | app=c:\users\acer\appdata\local\svc2dll.exe |
"TCP Query User{35A5C973-0B7B-4AAF-A865-130C32BD1C33}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{3B0844EB-C79E-4687-82DB-F7089F7F8F81}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{4066F300-7E2D-46E2-A7EC-CA563336FE00}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
"TCP Query User{662F7447-984B-481C-ABE3-9E5C701E63CE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8FDAD9FC-0CA3-401A-96DD-3EB0D53849C2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{92F530D4-69D3-4808-B834-3CEE09196915}C:\users\acer\appdata\local\svc2dll.exe" = protocol=6 | dir=in | app=c:\users\acer\appdata\local\svc2dll.exe |
"TCP Query User{CC37F4F8-8D81-4F34-BEB7-4EAE050F29AB}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{D0DCE4DF-DBBF-43A5-827B-44B103E1C7CC}C:\program files (x86)\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare\bearshare.exe |
"TCP Query User{F028F91B-4F20-47D5-A598-A21CABE4E856}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
"UDP Query User{12D7DDB4-BE7E-4399-9E37-0E583EDB2249}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{2E46EB0E-6D92-47F8-8C7F-A4766EC0A811}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{375839FF-83D6-4EA8-97E1-6D2A4A9C8883}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{47AD530C-5E3B-4C45-B2FB-033454FD5FA7}C:\program files (x86)\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare\bearshare.exe |
"UDP Query User{61A8D2B4-7D0A-4B00-B66F-C52EE1356175}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
"UDP Query User{660E7F48-D95E-40F9-ABBA-1FBB40E7F52A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{6E3E09AD-7FB1-49F5-BCFD-9419C82BD2F8}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
"UDP Query User{84CDE5AE-C145-4374-8AAE-36F74CF3D5C1}C:\users\acer\appdata\local\svc2dll.exe" = protocol=17 | dir=in | app=c:\users\acer\appdata\local\svc2dll.exe |
"UDP Query User{CC52662B-B256-4578-AB4B-2A075F0A995E}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{D5CE957F-DE5E-4D3F-B58C-0B204EEAD221}C:\users\acer\appdata\local\svc2dll.exe" = protocol=17 | dir=in | app=c:\users\acer\appdata\local\svc2dll.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5840FB7C-D53A-C906-4051-536F6621F3C6}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A116AC61-8223-C019-9F66-2FEBA27A9ABE}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"doPDF 7 printer_is1" = doPDF 7.1 printer
"FinePrint" = FinePrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0483BE07-260D-4E4D-815E-F737C0A72E40}" = Adobe Flash Player 10 ActiveX
"{08A1400E-E040-1C31-2E90-49ADACDCE8FF}" = Catalyst Control Center Graphics Light
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter Mobile
"{18F04681-FCB2-602E-DB5E-302F65268FBE}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212BB5C2-A702-6A1B-A964-C672D94B467D}" = Catalyst Control Center InstallProxy
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 30
"{3060F83F-3A04-DCD1-3BC4-35EC73164AF1}" = CCC Help English
"{3D3AFDE9-A3F1-4F1C-434A-9BC75604CE9D}" = Catalyst Control Center Graphics Full Existing
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}" = Opera 11.01
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{662E830F-830E-1644-9469-607CA1814F4F}" = Catalyst Control Center Core Implementation
"{6804F085-58B9-8E92-CB0F-769F730F0185}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CDA6D95-78B3-B62C-4E25-2E24883749E1}" = Catalyst Control Center Graphics Previews Vista
"{8F2F35B0-4019-4291-BBF5-121F51637FC7}" = VC80MFCRedist - 8.0.50727.4053
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D48818BC-744E-A732-BA1B-59043861F445}" = Catalyst Control Center Graphics Full New
"{D6987225-AECA-91BC-FA4B-9A2D812BF9D3}" = Catalyst Control Center HydraVision Full
"{DD9E3191-A37E-8A0D-D5A6-5D3C5A8AACBF}" = Skins
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.10.423
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.10.423
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.3.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"Google Updater" = Google Updater
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"PoiZone" = PoiZone
"RealAlt_is1" = Real Alternative 2.0.2
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"YTdetect" = Yahoo! Detect
"Zattoo4" = Zattoo4 4.0.4
========== Last 10 Event Log Errors ==========
[ OSession Events ]
Error - 20.05.2009 06:31:18 | Computer Name = acer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.05.2009 17:46:38 | Computer Name = acer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11.05.2012 12:16:05 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 11.05.2012 12:16:05 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.05.2012 12:20:43 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 11.05.2012 12:20:43 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.05.2012 12:21:29 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 11.05.2012 12:21:29 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.05.2012 12:23:43 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 11.05.2012 12:23:43 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 11.05.2012 12:23:44 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 11.05.2012 12:23:44 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter 7-Zip 4.65 27.04.2010 3,13MB Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 18.11.2011 2,96MB 10.3.181.26 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 10.10.2011 11.0.1.152 Adobe Reader 9 - Deutsch Adobe Systems Incorporated 22.02.2009 232MB 9.0.0 Adobe Shockwave Player 11.5 Adobe Systems, Inc. 22.02.2010 11.5.6.606 ATI Catalyst Install Manager ATI Technologies, Inc. 19.05.2009 18,2MB 3.0.715.0 Avira AntiVir Personal - Free Antivirus Avira GmbH 02.04.2012 132,1MB 10.2.0.707 CCleaner Piriform 11.05.2012 8,97MB 3.18 CDBurnerXP CDBurnerXP 26.04.2010 12,1MB 4.3.1.2101 DivX Codec DivX, Inc. 23.04.2011 1,31MB 6.8.5 DivX Converter DivX, Inc. 16.11.2010 37,1MB 7.0.0 DivX Converter Mobile DivX, Inc. 19.11.2010 43,4MB 1.0.0 DivX Player DivX, Inc. 23.04.2011 8,41MB 7.2.0 DivX Plus DirectShow Filters DivX, Inc. 23.04.2011 1,22MB DivX Web Player DivX,Inc. 23.04.2011 2,53MB 1.5.0 DivX-Setup DivX, LLC 23.04.2011 2,13MB 2.5.0.8 doPDF 7.1 printer Softland 14.08.2010 4,94MB FinePrint 03.01.2011 FL Studio 9 Image-Line 10.03.2010 416MB Free Mp3 Wma Converter V 1.9 Koyote Soft 19.02.2010 5,20MB 1.9.0.0 Free MP4 Video Converter version 5.0.10.423 DVDVideoSoft Ltd. 30.04.2012 14,5MB 5.0.10.423 Free Video to MP3 Converter version 5.0.10.423 DVDVideoSoft Ltd. 30.04.2012 14,5MB 5.0.10.423 Free YouTube Download version 3.0.16.923 DVDVideoSoft Ltd. 28.09.2011 5,04MB Free YouTube to DVD Converter version 3.0.3.923 DVDVideoSoft Ltd. 28.09.2011 5,14MB Free YouTube to MP3 Converter version 3.11.20.423 DVDVideoSoft Ltd. 30.04.2012 3,38MB 3.11.20.423 Gigaflat Bitrockers Inc. 19.02.2010 74,1MB Google Earth Google 05.12.2011 92,8MB 6.1.0.5001 Google Updater Google Inc. 10.05.2010 3,60MB 2.4.1739.5352 Hardcore Image-Line 10.03.2010 7,34MB IL Download Manager Image-Line 10.03.2010 4,27MB Java(TM) 6 Update 30 Sun Microsystems, Inc. 15.04.2009 94,5MB 6.0.300 LG USB Modem Drivers LG Electronics 05.01.2011 1,02MB 4.9.4 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 10.05.2012 11,7MB 1.61.0.1400 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 02.05.2010 42,1MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 13.05.2009 32,4MB Microsoft Office Enterprise 2007 Microsoft Corporation 09.04.2012 1,11MB 12.0.6612.1000 Microsoft Office File Validation Add-In Microsoft Corporation 10.05.2012 7,95MB 14.0.5130.5003 Microsoft Office Live Add-in 1.5 Microsoft Corporation 07.05.2012 0,49MB 2.0.4024.1 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 30.07.2009 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 08.12.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 19.05.2009 0,68MB 8.0.61000 Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 22.05.2011 0,56MB 8.0.51011 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 25.08.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 23.05.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.08.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 28.11.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 22.06.2011 0,58MB 9.0.30729.6161 Mozilla Firefox 11.0 (x86 de) Mozilla 14.04.2012 41,4MB 11.0 Mozilla Thunderbird 12.0.1 (x86 de) Mozilla 09.05.2012 39,7MB 12.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 08.03.2010 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 08.03.2010 1,34MB 4.20.9876.0 Opera 11.01 Opera Software ASA 26.01.2011 28,1MB 11.01 PoiZone Image-Line 10.03.2010 10,1MB QuickTime Apple Inc. 19.12.2010 73,7MB 7.69.80.9 Real Alternative 2.0.2 07.06.2010 21,8MB 2.0.2 Sawer Image-Line 10.03.2010 8,77MB Skype™ 4.0 Skype Technologies S.A. 06.03.2009 32,0MB 4.0.206 Toxic Biohazard Image-Line 10.03.2010 10,6MB Uninstall 1.0.0.1 05.08.2010 30,8MB VLC media player 0.9.8a VideoLAN Team 22.02.2009 60,9MB 0.9.8a WinZip 14.0 WinZip Computing, S.L. 10.03.2010 17,7MB 14.0.8708 Zattoo4 4.0.4 Zattoo Inc. 07.03.2010 40,2MB 4.0.4 |
|
12.05.2012, 20:11
| #4 | ||
| /// Helfer-Team | AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen Systemreinigung und Prüfung: 1. Windows Defender abschalten: Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender ► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen ► Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> Starttyp "Deaktiviert" auswählen 2. war schon mal installiert...: Code:
ATTFilter Bearshare
Zitat:
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!  Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen! 3. Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2011.05.10 09:09:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\Shell - "" = AutoRun
O33 - MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{dba2c640-8110-11de-ba0f-00163689a870}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{fc191942-093d-11df-a274-00163689a870}\Shell\AutoRun\command - "" = w9hw8.exe
O33 - MountPoints2\{fc191942-093d-11df-a274-00163689a870}\Shell\open\Command - "" = w9hw8.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
[2012.05.12 16:19:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.12 16:06:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{35A5C973-0B7B-4AAF-A865-130C32BD1C33}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" =-
"TCP Query User{D0DCE4DF-DBBF-43A5-827B-44B103E1C7CC}C:\program files (x86)\bearshare\bearshare.exe" =-
"UDP Query User{2E46EB0E-6D92-47F8-8C7F-A4766EC0A811}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" =-
"UDP Query User{47AD530C-5E3B-4C45-B2FB-033454FD5FA7}C:\program files (x86)\bearshare\bearshare.exe" =-
:Files
C:\Users\acer\AppData\Roaming\11023
C:\Users\acer\AppData\Roaming\11022
C:\Users\acer\AppData\Roaming\UAs
C:\Users\acer\AppData\Roaming\11021
C:\Users\acer\AppData\Roaming\11019
C:\Users\acer\AppData\Roaming\11019
C:\Users\acer\AppData\Roaming\11013
C:\Users\acer\AppData\Roaming\xmldm
C:\Users\acer\AppData\Roaming\kock
C:\Users\acer\AppData\Roaming\BAcroIEHelpe120.dll
C:\Users\acer\AppData\Roaming\AcroIEHelpe120.dll
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
4. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 32 " von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 5. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 6. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 7. reinige dein System mit CCleaner:
8.
9. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 10. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 11. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
15.05.2012, 09:28
| #5 |
| | AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen 1.OTL Log: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20cfb0a4-f0fb-11df-8a48-00163689a870}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20cfb0a4-f0fb-11df-8a48-00163689a870}\ not found.
File E:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{774739f5-ecc5-11de-9f29-00163689a870}\ not found.
File G:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{774739f5-ecc5-11de-9f29-00163689a870}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba2c640-8110-11de-ba0f-00163689a870}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dba2c640-8110-11de-ba0f-00163689a870}\ not found.
File WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc191942-093d-11df-a274-00163689a870}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc191942-093d-11df-a274-00163689a870}\ not found.
File w9hw8.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc191942-093d-11df-a274-00163689a870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc191942-093d-11df-a274-00163689a870}\ not found.
File w9hw8.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\USBAutoRun.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{35A5C973-0B7B-4AAF-A865-130C32BD1C33}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D0DCE4DF-DBBF-43A5-827B-44B103E1C7CC}C:\program files (x86)\bearshare\bearshare.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2E46EB0E-6D92-47F8-8C7F-A4766EC0A811}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{47AD530C-5E3B-4C45-B2FB-033454FD5FA7}C:\program files (x86)\bearshare\bearshare.exe not found.
========== FILES ==========
C:\Users\acer\AppData\Roaming\11023\components folder moved successfully.
C:\Users\acer\AppData\Roaming\11023 folder moved successfully.
C:\Users\acer\AppData\Roaming\11022\components folder moved successfully.
C:\Users\acer\AppData\Roaming\11022 folder moved successfully.
C:\Users\acer\AppData\Roaming\UAs folder moved successfully.
C:\Users\acer\AppData\Roaming\11021\components folder moved successfully.
C:\Users\acer\AppData\Roaming\11021 folder moved successfully.
C:\Users\acer\AppData\Roaming\11019\components folder moved successfully.
C:\Users\acer\AppData\Roaming\11019 folder moved successfully.
File\Folder C:\Users\acer\AppData\Roaming\11019 not found.
C:\Users\acer\AppData\Roaming\11013\components folder moved successfully.
C:\Users\acer\AppData\Roaming\11013 folder moved successfully.
C:\Users\acer\AppData\Roaming\xmldm folder moved successfully.
C:\Users\acer\AppData\Roaming\kock folder moved successfully.
C:\Users\acer\AppData\Roaming\BAcroIEHelpe120.dll moved successfully.
File\Folder C:\Users\acer\AppData\Roaming\AcroIEHelpe120.dll not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\acer\Desktop\cmd.bat deleted successfully.
C:\Users\acer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: acer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1491078 bytes
->Java cache emptied: 72928166 bytes
->FireFox cache emptied: 54504009 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1882322 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 73586508 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 195,00 mb
OTL by OldTimer - Version 3.2.42.3 log created on 05142012_153052
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 05/14/2012 at 06:30 PM
Application Version : 5.0.1148
Core Rules Database Version : 8590
Trace Rules Database Version: 6402
Scan type : Complete Scan
Total Scan Time : 01:56:56
Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User
Memory items scanned : 623
Memory threats detected : 0
Registry items scanned : 64588
Registry threats detected : 0
File items scanned : 57453
File threats detected : 3
Adware.Tracking Cookie
.olympiaverlag.122.2o7.net [ C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6LQGVNJ2.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6LQGVNJ2.DEFAULT\COOKIES.SQLITE ]
Trojan.Agent/Gen-Krpytik
C:\USERS\ACER\VIDEOS\GIGAFLAT\COMMAND AND CONQUER - ALARMSTUFE ROT 3 DER AUFSTAND\EXTRACTED\KEYGEN.EXE
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a2e35c8d7533b345b2a970efc0ba44a2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-14 10:29:26
# local_time=2012-05-15 12:29:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 266555 111923850 24472 0
# compatibility_mode=5892 16776574 100 56 63233457 174551192 0 0
# compatibility_mode=8192 67108863 100 0 473 473 0 0
# scanned=174910
# found=2
# cleaned=2
# scan_time=7280
C:\Users\acer\Downloads\Setup19_FreeConverter.exe Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05142012_153052\C_Users\acer\AppData\Roaming\BAcroIEHelpe120.dll a variant of Win32/Spy.Banker.XSL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.05.2012 09:36:37 - Run 2 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\acer\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,42% Memory free 7,73 Gb Paging File | 5,91 Gb Available in Paging File | 76,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 232,88 Gb Total Space | 67,01 Gb Free Space | 28,77% Space Free | Partition Type: NTFS Computer Name: ACER-PC | User Name: acer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.12 16:17:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe PRC - [2012.04.15 19:51:57 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla\Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.07.01 23:24:57 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.28 21:21:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.11.30 22:53:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe ========== Modules (No Company Name) ========== MOD - [2012.04.15 19:51:56 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla\Firefox\mozjs.dll MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2009.02.25 23:34:02 | 000,949,760 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV:64bit: - [2008.01.21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.01 23:24:57 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 21:21:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011.07.01 23:24:58 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.01 23:24:58 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.07.14 22:20:18 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AF15BDA.sys -- (AF15BDA) DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.09.05 14:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr) DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.04.11 07:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2009.02.26 01:00:20 | 005,265,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV:64bit: - [2009.02.26 01:00:20 | 005,265,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2008.01.21 04:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV) DRV:64bit: - [2008.01.21 04:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf) DRV:64bit: - [2008.01.21 04:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL) DRV:64bit: - [2006.09.18 23:27:33 | 000,055,640 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys -- (RTL8023x64) DRV - [2010.02.08 14:01:11 | 000,024,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\NinjaUSB.sys -- (NinjaUSB) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Ecosia" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.hotmail.com" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.04.15 19:51:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.05.14 16:22:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla\Thunderbird\components [2012.05.10 13:59:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\acer\AppData\Roaming\11023 [2010.12.20 21:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions [2010.12.20 21:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.14 15:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions [2010.07.16 14:05:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.29 22:23:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.16 00:43:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.03 14:55:19 | 000,002,361 | ---- | M] () -- C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\6lqgvnj2.default\searchplugins\ecosia.xml [2012.05.07 18:52:59 | 000,008,130 | ---- | M] () -- C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\6lqgvnj2.default\searchplugins\moviepilot.xml [2012.05.03 14:02:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6LQGVNJ2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\ATI\Update\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe File not found O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{149947A4-F016-49BC-A41C-3B369D5D0067}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81DC895A-DA8A-4E4D-9E93-81090B43754A}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.14 16:22:18 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\SUPERAntiSpyware.com [2012.05.14 16:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.05.14 16:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.05.14 16:20:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.14 16:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.05.14 16:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.05.14 16:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.05.14 16:18:36 | 000,772,552 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.05.14 16:18:36 | 000,227,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.05.14 16:18:18 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.05.14 16:18:18 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.05.14 15:30:52 | 000,000,000 | ---D | C] -- C:\_OTL [2012.05.12 16:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.05.12 16:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.05.12 16:35:43 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\acer\Desktop\ccsetup318.exe [2012.05.12 16:17:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe [2012.05.11 18:24:26 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Malwarebytes [2012.05.11 18:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.11 18:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.11 18:24:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.11 18:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.10 11:36:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll [2012.05.10 11:36:32 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.10 11:36:31 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012.05.10 11:36:31 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012.05.10 11:36:31 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012.05.10 11:36:31 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012.05.10 11:36:12 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.08 17:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.05.08 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.05.02 07:56:12 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.05.02 07:56:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.05.02 07:56:08 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.05.02 07:56:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.05.02 07:56:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.05.02 07:56:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.05.02 07:56:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.05.02 07:56:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.05.02 07:56:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.05.02 07:56:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.05.02 07:56:03 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.05.01 20:37:45 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.05.01 19:43:42 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll [2012.05.01 19:43:21 | 000,772,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll [2012.05.01 19:43:21 | 000,419,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll [2012.05.01 19:43:21 | 000,136,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl100.dll [2012.05.01 19:43:21 | 000,080,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcm100u.dll [2012.05.01 19:43:20 | 004,421,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc100u.dll [2012.04.16 03:09:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.04.16 03:09:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.04.16 03:09:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.04.16 03:09:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.04.16 03:09:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.04.16 03:09:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.04.16 03:09:29 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.04.16 03:09:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.04.16 03:09:29 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.04.16 03:09:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.04.16 03:09:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.04.16 03:09:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.04.16 03:09:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.04.16 03:09:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.04.16 03:09:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.04.16 03:09:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.04.16 03:09:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.04.16 03:09:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.04.16 03:09:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.04.16 03:09:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.04.16 03:09:24 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.04.16 03:09:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.04.16 03:09:24 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.04.16 03:09:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.04.16 03:09:24 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll [2012.04.16 03:09:24 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.04.16 03:09:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.04.16 03:09:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.04.16 03:09:18 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.04.16 03:09:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.04.16 03:09:18 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.04.16 03:09:17 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.04.16 03:09:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.04.16 03:09:17 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.04.16 03:09:17 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll [2012.04.16 03:09:17 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.04.16 03:09:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.04.16 03:09:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.04.16 03:09:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.04.16 03:09:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.04.16 03:09:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.04.16 03:09:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.04.16 03:09:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.04.16 03:09:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.04.16 03:09:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.04.16 03:09:15 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.04.16 03:09:15 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.04.16 03:09:15 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.04.16 03:09:15 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.04.16 03:09:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.04.16 03:09:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.04.16 03:09:14 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.04.16 03:09:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.04.16 03:09:14 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.04.16 03:09:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.04.16 03:09:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.04.16 03:09:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.04.16 03:09:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.04.16 03:09:13 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.04.16 03:09:13 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.04.16 03:09:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.04.16 03:09:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.04.16 03:09:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.04.16 03:06:46 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll [2012.04.16 03:06:45 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll [2012.04.16 03:06:45 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll [2012.04.16 03:06:45 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll [2012.04.16 03:06:45 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll [2012.04.16 03:06:45 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll [2012.04.16 03:06:44 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2012.04.16 03:06:44 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2012.04.16 03:06:44 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2012.04.16 03:06:44 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2012.04.16 03:06:44 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2012.04.16 03:06:44 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll [2012.04.16 03:06:44 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe [2012.04.16 03:06:43 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2012.04.16 03:06:43 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll [2012.04.16 03:06:43 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll [2012.04.16 03:06:42 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll [2012.04.16 03:06:36 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2012.04.16 03:06:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2012.04.16 03:06:32 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.04.16 03:06:31 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2012.04.16 03:06:31 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2012.04.16 03:06:30 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe [2012.04.16 03:06:30 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2012.04.16 03:06:30 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv [2012.04.16 03:06:30 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2012.04.16 03:06:30 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll [2012.04.16 03:06:29 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll [2012.04.16 03:06:29 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll [2012.04.16 03:06:29 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll [2012.04.16 03:06:29 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2012.04.16 03:06:27 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll [2012.04.16 03:06:27 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2012.04.16 03:06:27 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2012.04.16 03:06:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [1 C:\Users\acer\AppData\Roaming\*.tmp files -> C:\Users\acer\AppData\Roaming\*.tmp -> ] [1 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.15 09:36:11 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.15 09:36:11 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.15 09:13:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.14 18:43:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.05.14 16:22:05 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.05.14 16:21:11 | 000,001,716 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.14 16:17:50 | 000,227,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.05.14 16:17:50 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.05.14 16:17:50 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.05.14 16:17:49 | 000,772,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.05.14 16:17:49 | 000,687,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.05.14 15:29:37 | 000,330,634 | ---- | M] () -- C:\Users\acer\Desktop\cc_20120514_152843.reg [2012.05.14 14:50:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.05.12 16:35:49 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\acer\Desktop\ccsetup318.exe [2012.05.12 16:17:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe [2012.05.12 16:06:01 | 000,406,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.11 20:36:29 | 000,000,000 | ---- | M] () -- C:\Users\acer\defogger_reenable [2012.05.11 19:44:59 | 000,050,477 | ---- | M] () -- C:\Users\acer\Desktop\Defogger.exe [2012.05.11 18:05:10 | 000,000,016 | ---- | M] () -- C:\Users\acer\AppData\Roaming\blckdom.res [2012.05.05 15:09:37 | 000,000,680 | ---- | M] () -- C:\Users\acer\AppData\Local\d3d9caps.dat [2012.05.03 14:21:10 | 000,000,668 | ---- | M] () -- C:\Users\acer\Desktop\Diplomarbeit.lnk [2012.05.01 21:49:49 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.01 21:49:49 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.01 21:49:49 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.01 21:49:49 | 000,122,842 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.01 21:49:49 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.04.18 13:49:50 | 000,405,176 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll [2012.04.16 03:09:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat [2012.04.16 03:09:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat [2012.04.16 03:09:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat [2012.04.16 03:09:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat [2012.04.16 03:09:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.04.16 03:09:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.04.16 03:09:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.04.16 03:09:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.04.16 03:09:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.04.16 03:09:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.04.16 03:09:29 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.04.16 03:09:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.04.16 03:09:29 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.04.16 03:09:28 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.04.16 03:09:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.04.16 03:09:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.04.16 03:09:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.04.16 03:09:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.04.16 03:09:28 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.04.16 03:09:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.04.16 03:09:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.04.16 03:09:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.04.16 03:09:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.04.16 03:09:25 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.04.16 03:09:25 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.04.16 03:09:24 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.04.16 03:09:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.04.16 03:09:24 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.04.16 03:09:24 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.04.16 03:09:24 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll [2012.04.16 03:09:24 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.04.16 03:09:24 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.04.16 03:09:24 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.04.16 03:09:18 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.04.16 03:09:18 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.04.16 03:09:18 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.04.16 03:09:18 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.04.16 03:09:17 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.04.16 03:09:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.04.16 03:09:17 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.04.16 03:09:17 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll [2012.04.16 03:09:17 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.04.16 03:09:17 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.04.16 03:09:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.04.16 03:09:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.04.16 03:09:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.04.16 03:09:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.04.16 03:09:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.04.16 03:09:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.04.16 03:09:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.04.16 03:09:15 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.04.16 03:09:15 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.04.16 03:09:15 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.04.16 03:09:15 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.04.16 03:09:15 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.04.16 03:09:15 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.04.16 03:09:14 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.04.16 03:09:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.04.16 03:09:14 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.04.16 03:09:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.04.16 03:09:14 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.04.16 03:09:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.04.16 03:09:14 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.04.16 03:09:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.04.16 03:09:13 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.04.16 03:09:13 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.04.16 03:09:12 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.04.16 03:09:12 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.04.16 03:09:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.04.16 03:06:46 | 001,257,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll [2012.04.16 03:06:46 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll [2012.04.16 03:06:45 | 000,428,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll [2012.04.16 03:06:45 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll [2012.04.16 03:06:45 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll [2012.04.16 03:06:45 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll [2012.04.16 03:06:44 | 003,548,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2012.04.16 03:06:44 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2012.04.16 03:06:44 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2012.04.16 03:06:44 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2012.04.16 03:06:44 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2012.04.16 03:06:44 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll [2012.04.16 03:06:44 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe [2012.04.16 03:06:43 | 001,204,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2012.04.16 03:06:43 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll [2012.04.16 03:06:43 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll [2012.04.16 03:06:42 | 000,748,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll [2012.04.16 03:06:36 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2012.04.16 03:06:36 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2012.04.16 03:06:32 | 000,566,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.04.16 03:06:31 | 001,268,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2012.04.16 03:06:31 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2012.04.16 03:06:30 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe [2012.04.16 03:06:30 | 000,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2012.04.16 03:06:30 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv [2012.04.16 03:06:30 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2012.04.16 03:06:30 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll [2012.04.16 03:06:29 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll [2012.04.16 03:06:29 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll [2012.04.16 03:06:29 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll [2012.04.16 03:06:29 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2012.04.16 03:06:27 | 003,068,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll [2012.04.16 03:06:27 | 001,653,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2012.04.16 03:06:27 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2012.04.16 03:06:27 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [1 C:\Users\acer\AppData\Roaming\*.tmp files -> C:\Users\acer\AppData\Roaming\*.tmp -> ] [1 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.14 16:22:05 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.05.14 16:22:04 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.05.14 16:21:11 | 000,001,716 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.05.14 15:29:05 | 000,330,634 | ---- | C] () -- C:\Users\acer\Desktop\cc_20120514_152843.reg [2012.05.11 20:36:29 | 000,000,000 | ---- | C] () -- C:\Users\acer\defogger_reenable [2012.05.11 19:44:58 | 000,050,477 | ---- | C] () -- C:\Users\acer\Desktop\Defogger.exe [2012.05.03 14:21:10 | 000,000,668 | ---- | C] () -- C:\Users\acer\Desktop\Diplomarbeit.lnk [2012.04.16 11:38:03 | 000,000,016 | ---- | C] () -- C:\Users\acer\AppData\Roaming\blckdom.res [2012.04.16 03:09:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.04.16 03:09:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.07.23 00:00:29 | 000,000,157 | ---- | C] () -- C:\Users\acer\AppData\Local\svc2dll.dat [2010.10.11 15:17:03 | 000,001,490 | ---- | C] () -- C:\Users\acer\AppData\Local\RecConfig.xml [2010.07.14 22:24:16 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll ========== LOP Check ========== [2010.09.11 00:30:14 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\avidemux [2010.04.27 10:09:50 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Canneverbe Limited [2012.05.01 20:38:02 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DVDVideoSoft [2012.05.01 20:37:55 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.20 17:29:42 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\FreeAudioPack [2010.02.20 17:32:41 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\FreeCDRipper [2009.02.26 23:32:46 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\ICQ [2010.11.21 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\LG Electronics [2010.03.08 05:32:51 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\MAGIX [2010.05.11 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Opera [2010.10.18 22:30:20 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\ScummVM [2010.08.15 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Softland [2011.11.19 02:18:52 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Sony [2010.11.09 23:21:13 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\SuperEasy Software [2010.12.20 21:40:21 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Thunderbird [2009.12.14 18:31:29 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\WordToPDF [2012.05.14 18:43:34 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.05.2012 09:36:37 - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\acer\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,75 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,42% Memory free
7,73 Gb Paging File | 5,91 Gb Available in Paging File | 76,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 67,01 Gb Free Space | 28,77% Space Free | Partition Type: NTFS
Computer Name: ACER-PC | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 6A 45 96 C7 D7 E9 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0367972A-A65B-4881-AA28-9EDC069912DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{087B8FE2-7311-4BEB-AF0C-524FF1A46BC3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0E958350-E963-4F88-83E7-0D40B069A753}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1065F5E4-FA1F-41F7-BC46-62489EADEB43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1103CDFE-340E-4B04-8B9D-FF73CAB71EF8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{12C3DFD2-0CCC-4578-BC87-CB53A9A70376}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1BE4D439-C335-46BA-90CD-001C1E853A83}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F13C911-0825-41D4-AB92-D6803415CA5A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{211DD3B1-2FB3-4C81-95EE-5ED5843C2E97}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{23D51A42-3087-4749-AC79-AD9568D5DAE4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{26D3E49D-17BB-40A9-88AF-05E68788107A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29A6A1E1-242C-4297-B30C-4F216A86B99B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3841F094-016F-4C57-B820-469E22E395B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F986C0C-18A5-4C55-B97D-3B1F9EA6CCA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F0DB38F-58D5-498E-845D-974A3C8956DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5CD9C156-13A1-40F8-A47E-98839629D251}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65A261CE-8829-44A5-8883-3B40CAE971C3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6D46504E-1CF1-4B10-9DD2-4E0FD336C0F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C384D40-5A07-4741-A04A-CB187039EF18}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ADD0EB09-AFE8-4E0C-ACC9-0991AD1EFCB4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0FD0234-E7CF-47FE-8C9D-3EB17E0E88DC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CEE2329E-FED4-4596-BC6C-460B474E7FAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9E40563-7FAB-44F7-BA9A-AEA99F35D388}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DEC07AC9-C66E-4515-A38F-72527DED8CE4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E4821BAA-5FE4-467D-8FF4-CB8A2FF54933}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F0731AB7-C349-4EB9-9C46-1DF578A88057}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{191325D0-44BE-438C-AA78-5A0654026C0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CD918CC-4E73-42BC-9B47-CFF84EE6A51A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EF07557-7EF0-4E39-A4E8-7CF99C0F247E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{205625EC-E620-40E9-B174-27D447181F26}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2C467438-9209-48CA-98EC-FE2B1DB998F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EF14FC6-40F1-4F6A-9174-6D75A071A6C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{631A91B2-28F3-4175-B877-F3B9A6C78220}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{650A51D9-ABAC-44E2-98C0-FE0D2702BC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6D6BDD67-821B-4149-93B9-F8D0F3A85B69}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{837966C1-997D-4CA9-8AD7-4618511D728D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{871833A3-641A-41CC-BEAF-27DAAD719F95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A3728FB-C768-4F02-B961-22155279D501}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B99D4C6-B5CB-484B-B502-2E29F92E9A69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D90A929-E530-40D8-8210-CB49B3DAEFA6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F889015-0A29-4928-869B-308FF2FF2033}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{94774BE6-6DD9-4798-9A1A-B626A35B5617}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0EC8EAF-4CA0-430D-A001-E08636AF8B39}" = protocol=6 | dir=out | app=system |
"{A4608754-6906-494C-A03D-247014461D13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8123C92-18EB-4E7C-9E7D-CF67388E38D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B06CB572-4ED7-4B7C-859A-C9FCB0AEC629}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0BE8C01-B63E-4D34-9991-42F9C8FF70FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B9FFCCA9-4396-4D3C-9CD5-EF5B8B2D2A84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DA7647EF-B7A0-4E67-84C1-892425B0FF6B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DBFDFAF3-09CC-45DA-9B51-6A8313DDC256}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA2AA23-D2B4-4C16-8945-C888E2574FAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7C5729F-3FE8-4506-B97C-831E949DB5F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{4066F300-7E2D-46E2-A7EC-CA563336FE00}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
"TCP Query User{8FDAD9FC-0CA3-401A-96DD-3EB0D53849C2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{F028F91B-4F20-47D5-A598-A21CABE4E856}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
"UDP Query User{375839FF-83D6-4EA8-97E1-6D2A4A9C8883}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{61A8D2B4-7D0A-4B00-B66F-C52EE1356175}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
"UDP Query User{6E3E09AD-7FB1-49F5-BCFD-9419C82BD2F8}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5840FB7C-D53A-C906-4051-536F6621F3C6}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A116AC61-8223-C019-9F66-2FEBA27A9ABE}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"CCleaner" = CCleaner
"doPDF 7 printer_is1" = doPDF 7.1 printer
"FinePrint" = FinePrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0483BE07-260D-4E4D-815E-F737C0A72E40}" = Adobe Flash Player 10 ActiveX
"{08A1400E-E040-1C31-2E90-49ADACDCE8FF}" = Catalyst Control Center Graphics Light
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter Mobile
"{18F04681-FCB2-602E-DB5E-302F65268FBE}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212BB5C2-A702-6A1B-A964-C672D94B467D}" = Catalyst Control Center InstallProxy
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{3060F83F-3A04-DCD1-3BC4-35EC73164AF1}" = CCC Help English
"{3D3AFDE9-A3F1-4F1C-434A-9BC75604CE9D}" = Catalyst Control Center Graphics Full Existing
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}" = Opera 11.01
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{662E830F-830E-1644-9469-607CA1814F4F}" = Catalyst Control Center Core Implementation
"{6804F085-58B9-8E92-CB0F-769F730F0185}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CDA6D95-78B3-B62C-4E25-2E24883749E1}" = Catalyst Control Center Graphics Previews Vista
"{8F2F35B0-4019-4291-BBF5-121F51637FC7}" = VC80MFCRedist - 8.0.50727.4053
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D48818BC-744E-A732-BA1B-59043861F445}" = Catalyst Control Center Graphics Full New
"{D6987225-AECA-91BC-FA4B-9A2D812BF9D3}" = Catalyst Control Center HydraVision Full
"{DD9E3191-A37E-8A0D-D5A6-5D3C5A8AACBF}" = Skins
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.10.423
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.10.423
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.3.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"Google Updater" = Google Updater
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"PoiZone" = PoiZone
"RealAlt_is1" = Real Alternative 2.0.2
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"YTdetect" = Yahoo! Detect
"Zattoo4" = Zattoo4 4.0.4
========== Last 10 Event Log Errors ==========
[ OSession Events ]
Error - 20.05.2009 06:31:18 | Computer Name = acer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 26.05.2009 17:46:38 | Computer Name = acer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.05.2012 07:37:04 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 14.05.2012 07:39:15 | Computer Name = acer-PC | Source = DCOM | ID = 10005
Description =
Error - 14.05.2012 07:39:16 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 14.05.2012 07:39:16 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.05.2012 07:41:51 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 14.05.2012 07:41:55 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.05.2012 10:21:29 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 14.05.2012 10:21:29 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.05.2012 10:21:31 | Computer Name = acer-PC | Source = DCOM | ID = 10005
Description =
Error - 14.05.2012 12:34:16 | Computer Name = acer-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 131.173.192.147 für die Netzwerkkarte mit der Netzwerkadresse
0016CF709A06 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
< End of report >
Hallo. Den eigentlichen Trojaner hat mein AntiVir nicht mehr gefunden, aber noch 1 oder 2 mal etwas anderes. Das waren auch anscheinend auch Trojaner. Der Rechner läuft ansonsten ohne Probleme. Vielen Dank für die bisherige Hilfe, Steini |
|
15.05.2012, 09:57
| #6 | ||
| /// Helfer-Team | AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen ohje...ohje: - Das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizieren  - Ich beführte dass Du Dein Problem nur lösen kannst, wenn du dein System neu installierst, da geht`s um: Zitat:
** Du solltest in so einem Fall mal dein Konsummuster überdenken  Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne cracks & Keygens!) und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von... -> Forumregel! Zitat:
__________________ --> AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen |
|
15.05.2012, 12:58
| #7 |
| | AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen Alles klar, wusste nicht mehr dass das noch auf dem Rechner ist(Das hört ihr wahrscheinlich häufiger). Ich danke auf jeden Fall für die Hilfe. Kann das Verhalten vom Trojaner-Board oder dir im Speziellen gut verstehen. Werd mal schauen, ob ich das Neuinstallieren hinkriege. Nochmals vielen Dank, Steini |
|
16.05.2012, 07:38
| #8 | |
| /// Helfer-Team | AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) Lesestoff Nr.1:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen |
| administrator, anti-malware, antivir, appdata, autostart, browser, datei, dateisystem, explorer, gelöscht, helper, heuristiks/extra, heuristiks/shuriken, löschen, malwarebytes, microsoft, namen, neue, neustart, nicht mehr, ordner, rechner, scan, software, spy.gen, spy.gen., trojaner, unbedingt, vista |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen. 
Linear-Darstellung
