![]() |
|
Log-Analyse und Auswertung: Bundesplizei TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Bundesplizei Trojaner Hallo, mich hats ebenso erwischt wie viele andere. Gestern veränderte sich mein Bildschirm und dann stand da, dass mein Laptop gesperrt sei aufgrund einer Sicherheitskontrolle. Ich hab hier schon ein bißchen gelesen und erhoffe mir nun Unterstützung und Hilfe. Ich bin ein bißchen verzweifelt und ratlos. Ich hoffe ihr könnt mir helfen! ich habe die Malwarebytes software durchlaufen lassen und das kam dabei heraus: Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.17.05 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 7.0.6002.18005 Icke :: TINA-PC [administrator] Protection: Disabled 17.08.2012 15:08:38 mbam-log-2012-08-17 (15-08-38).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 398359 Time elapsed: 1 hour(s), 12 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ntmeuzdendlkora (Trojan.Ransom) -> Data: C:\ProgramData\ntmeuzde.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Icke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1X446OUJ\PDFCreator_Stub_5874[1].exe (PUP.Adware.Agent) -> No action taken. C:\ProgramData\ntmeuzde.exe (Trojan.Ransom) -> Quarantined and deleted successfully. C:\Users\Icke\0.5339669088365301.exe (Trojan.Ransom) -> Quarantined and deleted successfully. (end) OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.08.2012 16:32:27 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Icke\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,47 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 57,74% Memory free 5,17 Gb Paging File | 4,37 Gb Available in Paging File | 84,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 39,63 Gb Free Space | 27,51% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 91,53 Gb Free Space | 65,15% Space Free | Partition Type: NTFS Computer Name: TINA-PC | User Name: Icke | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Icke\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Adobe\Reader 8.0\Reader\ViewerPS.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe () SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (a7alu80y) -- File not found DRV - (rldpvaes) -- C:\Windows\System32\drivers\nphby.sys () DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (DiWan) -- C:\Windows\System32\drivers\DISDN\Diwan.sys (Eicon Technology) DRV - (DiMaint) -- C:\Windows\System32\drivers\DISDN\dimaint.sys (Eicon Technology) DRV - (DiCapi) -- C:\Windows\System32\drivers\DISDN\capi202k.sys (Eicon Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Icke\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Icke\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Icke\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Icke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 07:18:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.20 16:11:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 07:18:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.20 16:11:29 | 000,000,000 | ---D | M] [2008.09.24 17:41:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Extensions [2011.04.11 14:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\dixslq37.default\extensions [2011.04.11 14:27:46 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\dixslq37.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.08.14 12:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\k1d3xd16.default\extensions [2010.09.18 10:52:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\k1d3xd16.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.07.26 11:21:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\k1d3xd16.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.04.07 08:44:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\k1d3xd16.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.23 17:22:18 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\k1d3xd16.default\extensions\2020Player_IKEA@2020Technologies.com [2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\dixslq37.default\searchplugins\icqplugin.xml [2012.01.08 09:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.19 22:48:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.12.14 16:40:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.20 07:18:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.20 16:10:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.21 07:30:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.21 07:30:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.21 07:30:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 07:30:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 07:30:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 07:30:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll File not found O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\Icke\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44A842EA-A6DE-460D-A267-709A7954EEF6}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6DBB13E-27FC-49B0-93DC-DF128AFAE313}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.17 16:29:37 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe [2012.08.17 15:07:24 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.08.17 10:50:37 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\Malwarebytes [2012.08.17 10:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.17 10:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.17 10:50:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.17 10:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.16 22:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ueskigvqneqbbjh [2012.08.16 00:23:48 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.15 08:05:48 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012.08.15 08:05:48 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.08.15 08:05:47 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.08.15 08:05:47 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.08.15 08:05:47 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.15 08:05:46 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.15 08:05:46 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.15 08:05:45 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.15 08:05:44 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.08.14 12:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012.08.14 12:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2012.08.14 12:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.08.14 12:45:02 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\pdfforge [2012.08.14 12:44:58 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2012.08.14 12:44:58 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2012.08.14 12:44:58 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll [2012.08.14 12:44:56 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2012.08.14 12:44:56 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2012.08.14 12:44:56 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2012.08.14 12:44:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2012.08.14 12:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.08.09 10:03:11 | 000,000,000 | ---D | C] -- C:\Users\Icke\Desktop\dessau vom 3-9.08.12 [2 C:\Users\Icke\Documents\*.tmp files -> C:\Users\Icke\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.17 16:29:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe [2012.08.17 16:22:50 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\nphby.sys [2012.08.17 15:08:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.08.17 15:00:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.17 10:50:31 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.16 22:24:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.08.16 22:23:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.16 22:22:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.16 22:22:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.16 22:19:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.16 22:14:09 | 000,000,051 | ---- | M] () -- C:\ProgramData\twwjhhxdrtpukcp [2012.08.16 20:49:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3964052105-1468430595-4155204716-1000UA.job [2012.08.16 11:50:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.08.16 10:18:02 | 000,381,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.16 00:11:59 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3964052105-1468430595-4155204716-1000Core.job [2012.08.14 12:45:20 | 000,000,213 | ---- | M] () -- C:\Users\Icke\Desktop\SweetPcFix.url [2012.08.14 12:45:05 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.08.14 12:45:04 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.08.12 19:11:07 | 000,006,944 | ---- | M] () -- C:\Users\Icke\AppData\Local\d3d9caps.dat [2 C:\Users\Icke\Documents\*.tmp files -> C:\Users\Icke\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.17 16:22:50 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\nphby.sys [2012.08.17 10:50:31 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.16 22:02:24 | 000,000,051 | ---- | C] () -- C:\ProgramData\twwjhhxdrtpukcp [2012.08.14 12:45:20 | 000,000,213 | ---- | C] () -- C:\Users\Icke\Desktop\SweetPcFix.url [2012.08.14 12:45:05 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.08.14 12:45:04 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2011.06.06 17:12:37 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.11.03 01:19:11 | 000,008,156 | -HS- | C] () -- C:\Users\Icke\AlbumArt_{5BC4D910-F398-4718-90F8-E4A4A4F50E24}_Large.jpg [2010.11.03 01:19:11 | 000,001,969 | -HS- | C] () -- C:\Users\Icke\AlbumArt_{5BC4D910-F398-4718-90F8-E4A4A4F50E24}_Small.jpg [2010.10.31 23:45:47 | 000,008,156 | -HS- | C] () -- C:\Users\Icke\Folder.jpg [2010.10.31 23:45:47 | 000,001,969 | -HS- | C] () -- C:\Users\Icke\AlbumArtSmall.jpg [2009.12.02 11:22:55 | 004,356,570 | ---- | C] () -- C:\Users\Icke\Walls.mp3 [2008.10.29 09:34:43 | 000,006,944 | ---- | C] () -- C:\Users\Icke\AppData\Local\d3d9caps.dat [2008.09.20 18:44:34 | 000,001,024 | ---- | C] () -- C:\Users\Icke\.rnd [2008.09.20 14:16:12 | 000,101,888 | ---- | C] () -- C:\Users\Icke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:30C46519 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E6C58E14 @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:7F66BF58 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DCDE7C60 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:B894C266 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:ABA71843 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:CF2C26D2 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0651F96C @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:765C6A14 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2FF4577A @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:D88D995C @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D05E7A8B @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:940ECC98 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:26EE282C @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:41C283B2 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0AE8FC60 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F878F14A @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:13B137AF @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:ED45A20F @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:B652B720 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:9B0F9E15 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3F22DA14 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:E55CE2D1 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C40E212B @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:426796C0 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:860D9052 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:9446E8B9 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5A173E50 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:550179F5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:50A11A00 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:05816AFA @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EB603FE4 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:F50F1555 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2FAFBD6A @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:0EE601C7 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CF5C4195 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:9AB338B9 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8DB5ACDD @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:79F970BE @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3B3A35EC @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F65733F1 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E33D6212 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:8BB2EE92 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:62197B73 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8F7ECF6A @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:8DD623B3 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0D31DA45 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:FA8B212D @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E71141D2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:994AEA06 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:87FA5E8A @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:77846FFE @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:7091055F @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E89EDC52 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A724744F @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:580E04D8 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4B49E3BC @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:20451762 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8AB6C1D7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0A73A758 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:D26DD363 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:369A9F46 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:273A8657 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C0A4F645 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:F951183D @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:8C458D50 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:72E546C1 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7079A696 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:1C9565AC @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:7C8950EF @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:4E903DEB @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:567AC0A6 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:A696643D @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:8FBE0E9C @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:5466F106 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:9A2521F1 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:615435BE @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:389D51A1 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:D8A7F3FF @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:2FC9D9C0 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:18AE7C5A @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:981349EA @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:6A18D1F5 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:588B60C7 < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.08.2012 16:32:27 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Icke\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,47 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 57,74% Memory free 5,17 Gb Paging File | 4,37 Gb Available in Paging File | 84,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 39,63 Gb Free Space | 27,51% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 91,53 Gb Free Space | 65,15% Space Free | Partition Type: NTFS Computer Name: TINA-PC | User Name: Icke | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{085E722E-DEE7-466B-9757-BD7468A6C6AC}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{0FBDCDB9-F380-4520-A8CB-C034C7CA4A63}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{112227B7-1331-462A-B6E8-B372E0B2D6D9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1342C8C9-FA1A-4E35-8935-38539BD8BE54}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{13DE1542-C1CE-4DFF-94F0-BD704E111E66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{16101005-D105-4B32-8FB0-3BACFDCF5EE7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1901D751-6CEF-4A2A-B6BA-8CCAAF698E30}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{200895D6-D874-4CCF-98F2-1D934AED4789}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{20F85B2E-D671-4CFE-B569-E58C0ED4EE1D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{24DC5CB8-203B-407E-B201-F1546FEC58DA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{251D5F47-06BD-417B-A589-79ED55569A0E}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "{278CDD48-A371-4468-99F2-98436663B492}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{28C6D4E0-C719-4196-B86B-A7AB3F68E068}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2CB4C31C-F2BD-49AE-9DB9-766AA9088DA3}" = dir=in | app=c:\users\icke\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{336DCD16-5512-4A52-8A81-69A9475E5423}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{33F47290-DAB7-45AB-921C-A00AAF156C10}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{35EAB0C6-1CC8-45A6-B8BD-56BE1D71E021}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{41699FC6-C0E9-415A-89F8-86A5903C2890}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{448B3BA6-231C-41F4-A7F8-31E1C0375D9D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{48921C51-0D84-4EB2-873E-E7942093C7D1}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{494C5C52-8CC2-48F4-A510-B54FDD586858}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4B566410-D639-401C-A7D4-02656518BA9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5529ABEB-1A7C-482A-B33F-2ABA616EA3BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{57917753-478A-4F68-98FA-CA143DBB133E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5810D58C-ED56-4AAC-BD87-38F57B77BF1C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{58A39E41-12F8-4AE4-B89C-89AE4FE4682D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5DD06989-5FD4-4EAA-A6F9-2D01C2B309E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5F8E40B6-FA00-45A6-BB79-1DF39824505C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{6194BE03-C365-4CCB-BCB5-C94471764B4B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{66B02610-006B-4FE0-9BAF-EDE26F78569E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{67D35399-8AFE-476C-A2CB-FB636760550B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{6898BE29-A5A0-410B-B3CE-898B31867327}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{70776BD7-A543-477E-A80B-847500D0180D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{7375FD29-F3CC-42F5-9F5A-181E9123AB9C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{7451BFEC-0A07-433E-8AA8-07218FEE9F5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{7ED2DFB7-AB0D-43F0-AD96-282C8D545CB0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7FECCFC2-CB52-4C40-A2BC-37CF159CF489}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8250DCA1-6E10-4EFF-B26B-5A7D6CE60E93}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{88581F31-8959-47CB-88EA-41856664A455}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8A84E71D-CB3D-46B0-9B3C-13E822AF4C11}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8C6D2641-73A8-4048-8147-1460ECA1E4D7}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{92C91076-EAFE-4906-86D9-3A6537784A10}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "{957512EE-4688-470F-86D8-6C2353D8ED56}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{9FB8D58E-3F5C-42EA-8A0D-BB320C1269D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B0C061B0-C1F2-4769-A002-FD7AA0BCEFE8}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{B169B6EE-3318-48FA-BCF0-3CF1E56A948E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B19E02C4-DFE8-4E08-9459-4B0623BEF7C0}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{B99B68FE-67B7-4E83-9BA9-1583A1ACC30F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BA73C548-8D57-4000-A755-EFC8B0F47563}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{BF1277B8-2A83-4540-8372-9E79E06F68B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C11FAC47-A209-4D65-9F3E-8FC4FDF6F3D1}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{C5BB9284-A691-4CEE-99C8-0B945D0B0FFA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C7378611-C175-4AE0-AB4C-EEF29DFA7351}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C763A346-CDA7-4BCA-8A05-AFBA5A5DB893}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CAF1547C-7F78-41C7-A8A2-F8AD349FD187}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CB2E9942-304A-47DA-81ED-BAD46CCB22BF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{CB90D112-0BCE-4F5D-B726-DF2829060A31}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CEC19068-5195-49C5-8ABF-37A403F1FAA8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "{D15F2E39-E48E-43E7-95CE-E5765B6CF780}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D24C4024-876F-4A23-923D-E459DA1ED29C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D38943BD-2CD2-4CAE-BA69-AFCC1EA403B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D38A0193-A6F0-435D-8C03-B86883BB6874}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{DA67B334-E7D2-4D8B-B59B-978B2389D074}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DB9D7393-232F-4FC8-A2D1-146D1E6F0891}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{DC93D6D6-C0C2-4A15-8462-6DEDDD277CDB}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{DD53BAED-6CDA-436C-AEE3-D535384C6C93}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{E0A303B7-4CBC-4EF4-9BAA-50A2EDD00E82}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{E85FF5C0-7B9B-41DE-9151-B81CAE9456CD}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "{ECECB04A-98CF-4932-98F3-DEFAE5DA8FC0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F1B07E56-4F4D-47CF-84AF-9A2A9F5E3E2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F64F9CB2-ADA3-4AE9-8ABA-29FD8EE348D8}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{F6F8670F-CDE7-441B-81F3-19912734F7F1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{FBE29BEB-94BC-45B0-93F1-BE3A8710047C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FEFEBBEE-95C4-4CE4-87A8-64C0EB892E0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{2D7C97E7-9E52-4FD8-8DF5-12E76EFE3B65}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{376836CE-0470-4417-BAC8-A3ECBD024C63}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0087799A-6484-2297-16D1-314C8D51EB5C}" = CCC Help Turkish "{008B104E-AD08-D176-D974-9E795A3B5930}" = CCC Help English "{01D60497-9C75-DFB2-6702-73288FAAF569}" = CCC Help Finnish "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{08E77A66-9566-2C8F-4924-87AF3EEC4C8D}" = Catalyst Control Center Localization Korean "{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6 "{0F685585-6664-3B0F-8FFF-824EF3EC808F}" = CCC Help Chinese Standard "{111E336D-30BF-4CD4-8D69-4541732AFB27}" = Rayman Raving Rabbids "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{11FA22E0-699F-57FB-2ED5-81518FD4D26B}" = Catalyst Control Center Localization Czech "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1ADA324F-E40F-1763-8A4C-C2B1C3221C8B}" = Catalyst Control Center Localization German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{21BC64BE-7760-932B-9070-BAE49E82E4C0}" = CCC Help Russian "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{247EC1CE-C81F-298F-EDDE-666C02C58193}" = CCC Help Spanish "{2503CD86-B4C1-2EB7-30F8-A06F1156EE44}" = CCC Help German "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{27F3E373-93BF-441E-826B-98C33DF309B5}" = AMD USB Audio Driver Filter "{2A6F9CF1-E874-FAAE-ACBF-50DEAB6A2866}" = Catalyst Control Center Localization Chinese Traditional "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2C3AD6F9-0DD7-E2A2-363F-749247AE9603}" = CCC Help Czech "{2E484859-4C24-718C-C637-368B04F14142}" = Catalyst Control Center Localization Russian "{30C5CDC6-67DE-F761-507F-E156FB7CF098}" = Catalyst Control Center Localization Italian "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3304A9B5-C51F-42D4-B827-C77D607AC87B}" = Catalyst Control Center Localization Chinese Standard "{36E3F10E-E909-0B45-B58B-CAF9864B22FF}" = Catalyst Control Center Localization Danish "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CFD59CA-BC0C-0A69-C420-5F6E54565246}" = ccc-core-static "{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite "{448D6CAA-B84F-148E-DF21-D9145CD70791}" = Catalyst Control Center Localization Thai "{459E81F6-51BB-F78C-EB9A-619499B7E7B8}" = CCC Help Korean "{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{4EA50CE2-3549-5E6B-DB7F-EC1FB21C98EB}" = CCC Help Italian "{5025C2C2-E2DA-54CA-6AA3-2B796ED5E371}" = CCC Help Dutch "{5204292B-0CDB-B240-65CE-F4CF17919E2D}" = Catalyst Control Center Localization Hungarian "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{5776FA35-21C8-A6C6-3B32-C5528AE4054F}" = CCC Help Danish "{58A8EF55-37A0-F2C2-A35B-CA97E8F3D5C3}" = CCC Help Hungarian "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59ED508E-4239-EAD2-8D50-8923AADCFD76}" = Catalyst Control Center Graphics Full New "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5 "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{5D751B45-0F9F-0B9E-F3EA-25821C9D7F49}" = CCC Help Thai "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{672CFCDF-759F-5F3C-077D-8B1A172FE150}" = Catalyst Control Center Localization Swedish "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A5A8BEE-5493-C8F3-978F-6DC2A612D070}" = Catalyst Control Center Localization Portuguese "{6CB07378-C076-D335-7D38-37AC272D899A}" = Catalyst Control Center Localization Greek "{70B7E2EA-6CF1-C7BC-5F0E-7467F114BD5E}" = Catalyst Control Center Core Implementation "{70E392D0-9A63-CD3B-11E4-4B66B7C68DE9}" = Catalyst Control Center Localization Spanish "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{796127AB-1065-1DE9-3F6B-B4A00455FD34}" = CCC Help Chinese Traditional "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114044400}" = Chocolatier 2 Secret Ingredients "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114323150}" = Jojo’s Fashion Show "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115189690}" = Hells Kitchen "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115334267}" = Fashionista "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1197000}" = Women’s Murder Club - Triple Crime Pack "{85D808E9-8D08-90FF-B0FB-2732EC386A58}" = Catalyst Control Center Localization Japanese "{89AD7027-B6B2-47DF-21F2-D8A46A6DB13F}" = ATI Catalyst Install Manager "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C55354D-62FC-7BBD-91CB-199365A64331}" = CCC Help French "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{95C8E6D2-8D1A-1846-F8CF-FC5BF2682D3E}" = Catalyst Control Center Graphics Full Existing "{9B28716A-CAB1-F0E0-A975-83F9C7294F64}" = Catalyst Control Center Graphics Light "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A176487F-227E-3F91-C7AF-679E0E34AC0C}" = ccc-utility "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0 "{AD0EF554-9674-3C40-914C-E728036D6B5B}" = CCC Help Polish "{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B1AAC909-15F7-74EC-5D4D-70E3240CD30A}" = Catalyst Control Center Localization Dutch "{B24380E2-B8C4-5FC5-F11D-27300AB9B3A3}" = Catalyst Control Center Localization Norwegian "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B8E11DD5-8FC7-6EFB-42A3-1D9C58CDFD84}" = CCC Help Portuguese "{BE282C23-5484-47FF-B2C1-EBEA5C891031}" = Nero 8 "{BF23DA5D-6205-4BE2-36B4-B74D671FF0D1}" = CCC Help Greek "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC434C7B-54AF-7181-1F33-6BD4DF382FE2}" = CCC Help Japanese "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D7C81D2F-9490-518E-893F-0E9AC41415DE}" = Catalyst Control Center Localization Finnish "{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari "{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord "{DF39E385-C2E0-F044-022B-2A8A565B7182}" = Catalyst Control Center Localization Polish "{E5FB0690-C5F4-DD4F-4360-D1F360582DCE}" = CCC Help Swedish "{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0 "{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner "{EE94CB5C-9DD8-0373-42C3-A4F9F4A775BA}" = Catalyst Control Center Localization Turkish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4BCAAD1-95DF-DF91-4A06-471D97884038}" = CCC Help Norwegian "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA378A8C-5F03-519A-AE78-91E93B50FC6A}" = Catalyst Control Center Localization French "{FA4DDF14-0227-47ED-9FB0-3290E84E8938}" = Catalyst Control Center - Branding "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0) "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "avast" = avast! Free Antivirus "CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000 "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "EPSON Stylus S20_T10_T20 Benutzerhandbuch" = EPSON Stylus S20_T10_T20 Handbuch "Frozen-Bubble_is1" = Frozen-Bubble 1.0 "Google Updater" = Google Updater "GridVista" = Acer GridVista "ICQToolbar" = ICQ Toolbar "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "LastFM_is1" = Last.fm 1.5.4.27091 "LimeWire" = LimeWire 4.16.0 "LManager" = Launch Manager "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NetLCR_is1" = NetLCR v4.10.405 "PROPLUS" = Microsoft Office Professional Plus 2007 "Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2 "VLC media player" = VLC media player 1.1.5 "WinRAR archiver" = WinRAR archiver "Yahoo! Companion" = Yahoo! Toolbar "Zuma Deluxe 1.0" = Zuma Deluxe 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "Game Organizer" = EasyBits GO "Move Media Player" = Move Media Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.08.2012 16:23:58 | Computer Name = tina-PC | Source = WinMgmt | ID = 10 Description = Error - 17.08.2012 04:40:37 | Computer Name = tina-PC | Source = EventSystem | ID = 4609 Description = Error - 17.08.2012 04:41:34 | Computer Name = tina-PC | Source = WinMgmt | ID = 10 Description = Error - 17.08.2012 04:42:57 | Computer Name = tina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584 Description = Error - 17.08.2012 04:44:29 | Computer Name = tina-PC | Source = EventSystem | ID = 4609 Description = Error - 17.08.2012 04:45:27 | Computer Name = tina-PC | Source = WinMgmt | ID = 10 Description = Error - 17.08.2012 05:28:15 | Computer Name = tina-PC | Source = EventSystem | ID = 4609 Description = Error - 17.08.2012 05:29:08 | Computer Name = tina-PC | Source = WinMgmt | ID = 10 Description = Error - 17.08.2012 09:01:02 | Computer Name = tina-PC | Source = EventSystem | ID = 4609 Description = Error - 17.08.2012 09:02:00 | Computer Name = tina-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 27.01.2009 04:34:49 | Computer Name = tina-PC | Source = WMPNetworkSvc | ID = 866287 Description = Error - 27.01.2009 04:37:32 | Computer Name = tina-PC | Source = bowser | ID = 8003 Description = Error - 27.01.2009 16:14:39 | Computer Name = tina-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Error - 27.01.2009 16:14:49 | Computer Name = tina-PC | Source = HTTP | ID = 15016 Description = Error - 27.01.2009 16:15:22 | Computer Name = tina-PC | Source = WMPNetworkSvc | ID = 866287 Description = Error - 27.01.2009 16:15:23 | Computer Name = tina-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.01.2009 16:22:46 | Computer Name = tina-PC | Source = bowser | ID = 8003 Description = Error - 28.01.2009 04:46:14 | Computer Name = tina-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 Description = Error - 28.01.2009 04:46:23 | Computer Name = tina-PC | Source = HTTP | ID = 15016 Description = Error - 28.01.2009 04:46:55 | Computer Name = tina-PC | Source = WMPNetworkSvc | ID = 866287 Description = < End of report > |
Themen zu Bundesplizei Trojaner |
aufgrund, bildschirm, bundesplizei, canon, crime, erwischt, gesperrt, gestern, google earth, install.exe, laptop, laptop gesperrt, launch, limited.com/facebook, msiexec.exe, plug-in, pup.adware.agent, stand, sweetim, sweetpacks, troja, trojane, trojaner, unterstützung, verzweifel, verzweifelt, veränderte |