Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:04:28, on 14.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Windows\SysWOW64\regsvr32.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Download\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,C:\Windows\system32\msytes32.exe,C:\Windows\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: ezLife browser enhancer rdfvgsdu - {10134F49-AA57-444E-B1A4-9BC7488B87C3} - C:\Windows\SysWow64\rdfvgsdu.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
O2 - BHO: gooochi browser enhancer - {3B97AB0B-9FF2-B93C-FB57-B6A9724436CA} - C:\Windows\SysWow64\udxllgjlildrw.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [krrxttnyslqnji] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\udxllgjlildrw.dll"
O4 - HKLM\..\Run: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [a-squared] "C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files (x86)\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\xxxxx\AppData\Local\Temp\Nbd.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://E:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://62.146.191.133/atlas_activex.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EBB89B-0FD6-4B28-8211-DF67F56C1E97}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: kbupdate - kbupdate.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10732 bytes
         

--------------------------------------------------------------------------

Code: Alles auswählenAufklappen

ATTFilter

ComboScan v20070226.18 run by xxxxxxxxx on 2010-03-14 at 16:20:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis Clone -------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2010-03-14 16:21:59
Platform: Windows Vista Service Pack 2 (6.00.6002)
MSIE: Internet Explorer (8.0.6001.18882)

Running processes:
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Windows\SysWOW64\regsvr32.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe
D:\Download\HiJackThis\HijackThis.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Download\comboscan\comboscan\comboscan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,C:\Windows\system32\msytes32.exe,C:\Windows\system32\sdra64.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: ezLife browser enhancer rdfvgsdu - {10134F49-AA57-444E-B1A4-9BC7488B87C3} - C:\Windows\SysWOW64\rdfvgsdu.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
O2 - BHO: gooochi browser enhancer - {3B97AB0B-9FF2-B93C-FB57-B6A9724436CA} - C:\Windows\SysWOW64\udxllgjlildrw.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [krrxttnyslqnji] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\udxllgjlildrw.dll"
O4 - HKLM\..\Run: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [a-squared] "C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files (x86)\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\xxxxxxxxx\AppData\Local\Temp\Nbd.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: Download with &Shareaza - res://E:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://62.146.191.133/atlas_activex.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{79EBB89B-0FD6-4B28-8211-DF67F56C1E97}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: kbupdate - C:\Windows\system32\kbupdate.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - "C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe"
O23 - Service: Acer HomeMedia Connect Service - "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
O23 - Service: Avira AntiVir Guard (AntiVirService) - "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
O23 - Service: Autodesk Licensing Service - "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
O23 - Service: Bonjour-Dienst (Bonjour Service) - "C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X64 (clr_optimization_v2.0.50727_64) - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
O23 - Service: eDataSecurity Service - "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
O23 - Service: eRecovery Service (eRecoveryService) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service 64 - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
O23 - Service: HASP License Manager (hasplms) - C:\Windows\system32\hasplms.exe  -run
O23 - Service: iPod-Dienst (iPod Service) - "C:\Program Files (x86)\iPod\bin\iPodService.exe"
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
O23 - Service: Microsoft Office Groove Audit Service - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe"
O23 - Service: Nero BackItUp Scheduler 4.0 - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - C:\Windows\system32\nvvsvc.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
O23 - Service: Office Source Engine (ose) - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - C:\Windows\SysWOW64\perfhost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - C:\Windows\system32\svchost.exe -k LocalService


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "%SystemRoot%\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\winhlp32.exe %1
.inf - inffile - %SystemRoot%\system32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\system32\NOTEPAD.EXE %1
.js - JSFile - C:\Windows\SysWOW64\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - AutoCADScriptFile - C:\Windows\system32\notepad.exe "%1"
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - "%SystemRoot%\System32\WScript.exe" "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

1R acedrv09 - C:\Windows\system32\drivers\acedrv09.sys (not found)
2R aksdf - C:\Windows\system32\drivers\aksdf.sys (not found)
2R aksfridge - C:\Windows\system32\drivers\aksfridge.sys (not found)
2R avgntflt - C:\Windows\system32\DRIVERS\avgntflt.sys (not found)
4S blbdrive - C:\Windows\system32\drivers\blbdrive.sys (not found)
1R ElbyCDIO (ElbyCDIO Driver) - C:\Windows\system32\Drivers\ElbyCDIO.sys (not found)
4S ErrDev (Microsoft Hardware Error Device Driver) - C:\Windows\system32\drivers\errdev.sys (not found)
3S exfat (exFAT File System Driver) - C:\Windows\system32\drivers\exfat.sys (not found)
2R hardlock - C:\Windows\system32\drivers\hardlock.sys (not found)
3S HdAudAddService (Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst) - C:\Windows\system32\drivers\HdAudio.sys (not found)
2R int15 - \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\Windows\system32\drivers\RTKVHD64.sys (not found)
3R ksthunk (Kernel Streaming Thunks) - C:\Windows\system32\drivers\ksthunk.sys (not found)
4S MegaSR - C:\Windows\system32\drivers\megasr.sys (not found)
1R MIPFSv364 - C:\Windows\system32\drivers\MIPFSv364.sys (not found)
1R MIPv364 - C:\Windows\system32\drivers\MIPv364.sys (not found)
3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\Windows\system32\DRIVERS\nvmfdx64.sys (not found)
3R NVHDA (Service for NVIDIA High Definition Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys (not found)
3R nvlddmkm - C:\Windows\system32\DRIVERS\nvlddmkm.sys (not found)
0R nvrd64 (NVIDIA nForce RAID Driver) - C:\Windows\system32\drivers\nvrd64.sys (not found)
3R nvsmu - C:\Windows\system32\DRIVERS\nvsmu.sys (not found)
0R nvstor64 - C:\Windows\system32\drivers\nvstor64.sys (not found)
0R PSDFilter - C:\Windows\system32\DRIVERS\psdfilter.sys (not found)
2R PSDNServ - C:\Windows\system32\DRIVERS\PSDNServ.sys (not found)
2R psdvdisk - C:\Windows\system32\DRIVERS\PSDVdisk.sys (not found)
3R RasSstp (WAN-Miniport (SSTP)) - C:\Windows\system32\DRIVERS\rassstp.sys (not found)
3S sscdbus (SAMSUNG USB Composite Device driver (WDM)) - C:\Windows\system32\DRIVERS\sscdbus.sys (not found)
3S sscdmdfl (SAMSUNG Mobile Modem Filter) - C:\Windows\system32\DRIVERS\sscdmdfl.sys (not found)
3S sscdmdm (SAMSUNG Mobile Modem Drivers) - C:\Windows\system32\DRIVERS\sscdmdm.sys (not found)
3S ss_bus (SAMSUNG Mobile USB Device 1.0 driver (WDM)) - C:\Windows\system32\DRIVERS\ss_bus.sys (not found)
3S ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - C:\Windows\system32\DRIVERS\ss_mdfl.sys (not found)
3S ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - C:\Windows\system32\DRIVERS\ss_mdm.sys (not found)
3S usbscan (USB-Scannertreiber) - C:\Windows\system32\DRIVERS\usbscan.sys (not found)
3R USBSTOR (USB-Massenspeichertreiber) - C:\Windows\system32\DRIVERS\USBSTOR.SYS (not found)
3R VClone - C:\Windows\system32\DRIVERS\VClone.sys (not found)
3S WpdUsb - C:\Windows\system32\DRIVERS\wpdusb.sys (not found)
3R WUDFRd - C:\Windows\system32\DRIVERS\WUDFRd.sys (not found)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2R Acer HomeMedia Connect Service - "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
2R AcerMemUsageCheckService (ePerformance Service) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2R AntiVirSchedulerService (Avira AntiVir Planer) - "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
2R AntiVirService (Avira AntiVir Guard) - "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
3S Autodesk Licensing Service - "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
2R Bonjour Service (Bonjour-Dienst) - "C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
3S clr_optimization_v2.0.50727_64 (Microsoft .NET Framework NGEN v2.0.50727_X64) - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
2R eDataSecurity Service - "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
2R eRecoveryService (eRecovery Service) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2R eSettingsService (eSettings Service) - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3S FLEXnet Licensing Service 64 - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
3S FontCache (Windows-Dienst für Schriftartencache) - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
2R hasplms (HASP License Manager) - C:\Windows\system32\hasplms.exe  -run
3S iPod Service (iPod-Dienst) - "C:\Program Files (x86)\iPod\bin\iPodService.exe"
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
2R Nero BackItUp Scheduler 4.0 - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
2R nvsvc (NVIDIA Display Driver Service) - C:\Windows\system32\nvvsvc.exe
3S PerfHost (Leistungsindikator-DLL-Host) - C:\Windows\SysWow64\perfhost.exe
2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
3R SstpSvc (SSTP-Dienst) - C:\Windows\system32\svchost.exe -k LocalService
2R a2AntiMalware (a-squared Anti-Malware Service) - "C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe"
3S ose (Office Source Engine) - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
3S Microsoft Office Groove Audit Service - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe"
3S odserv (Microsoft Office Diagnostics Service) - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"


-- Scheduled Tasks --------------------------------------------------------------

2010-03-14 15:44:02       262 --ah----- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job<{35DC3~1.JOB>
2010-03-13 15:03:39       314 --ah----- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job<{66BA5~1.JOB>


-- Files created between 2010-02-14 and 2010-03-14 ------------------------------



-- Find3M Report ----------------------------------------------------------------

2010-03-14 15:24:44         0 d-------- C:\Program Files (x86)\Mozilla Firefox<MOZILL~1>
2010-03-14 15:17:54         0 d-------- C:\Program Files (x86)\Microsoft Works<MICROS~2>
2010-03-14 15:17:37         0 d-------- C:\Program Files (x86)\MSBuild
2010-03-14 15:16:51         0 d-------- C:\Program Files (x86)\Microsoft.NET<MICROS~1.NET>
2010-03-14 15:15:05         0 d-------- C:\Program Files (x86)\Microsoft Visual Studio 8<MID05A~1>
2010-03-14 15:07:19         0 d-------- C:\Program Files (x86)\a-squared Anti-Malware<A-SQUA~1>
2010-03-14 15:03:53         0 d-------- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2<MOZILL~1.6BE>
2010-03-14 14:52:53       288 --a------ C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\wklnhst.dat
2010-03-14 14:43:52         0 d-------- C:\Program Files (x86)\Windows Live<WI1F86~1>
2010-03-14 14:43:14         0 d-------- C:\Program Files (x86)\Microsoft SQL Server Compact Edition<MICROS~4>
2010-03-14 14:42:30         0 d-------- C:\Program Files (x86)\Microsoft<MICROS~3>
2010-03-13 15:28:45         0 d-------- C:\Program Files (x86)\Windows Mail<WINDOW~1>
2010-03-12 22:11:50         0 d-------- C:\Program Files (x86)\Autodesk
2010-03-12 22:09:22         0 d-------- C:\Program Files (x86)\Common Files\Autodesk Shared<AUTODE~1>
2010-03-12 21:53:08        43 --a------ C:\Windows\system32\kboem32.dat
2010-03-12 21:27:22       198 --a------ C:\Users\xxxxxxxx\AppData\Roaming\default.rss
2010-03-12 21:25:24         0 d-------- C:\Program Files (x86)\Rhinoceros 4.0<RHINOC~1.0>
2010-03-12 20:18:49         0 d-------- C:\Program Files (x86)\Common Files\McNeel Shared<MCNEEL~1>
2010-03-12 17:33:27         0 d-------- C:\Users\xxxxxxxxx\AppData\Roaming\Autodesk
2010-03-11 17:28:52         0 d-------- C:\Program Files (x86)\Common Files\Nero
2010-03-10 21:31:25         0 d-------- C:\Program Files (x86)\SweetIM
2010-03-10 21:28:50         0 d-------- C:\Users\xxxxxxxx\AppData\Roaming\Any Video Converter<ANYVID~1>
2010-03-10 21:27:50         0 d--h----- C:\Program Files (x86)\InstallShield Installation Information<INSTAL~1>
2010-03-10 21:27:32         0 d-------- C:\Program Files (x86)\Creative
2010-03-10 20:35:27         0 d-------- C:\Users\xxxxxx\AppData\Roaming\Nero
2010-03-10 20:31:07         0 d-------- C:\Program Files (x86)\Nero
2010-03-10 18:40:13         0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard<WISEIN~1>
2010-03-09 18:12:58         0 d-------- C:\Users\xxxxxxxx\AppData\Roaming\DICAD_Systeme_GmbH<DICAD_~1>
2010-03-09 17:57:28         0 d-------- C:\Program Files (x86)\Common Files\Aladdin Shared<ALADDI~1>
2010-03-08 23:24:44         0 d---s---- C:\Users\xxxxxxxxx\AppData\Roaming\Microsoft<MICROS~1>
2010-03-08 23:24:32         0 d-------- C:\Program Files (x86)\Common Files\Acronis
2010-03-08 23:19:13         0 d-------- C:\Users\xxxxxxxxxx\AppData\Roaming\Acronis
2010-03-08 17:57:51         0 d-------- C:\Users\xxxxxxxxxxx\AppData\Roaming\GetRightToGo<GETRIG~1>
2010-03-08 13:28:38         0 d-------- C:\Users\xxxxxxxxx\AppData\Roaming\LimeWire
2010-03-04 16:11:53     48283 --a------ C:\Windows\system32\uaohlaofcedigp.exe<UAOHLA~1.EXE>
2010-03-04 16:11:22         0 d-------- C:\Program Files (x86)\ezLife
2010-03-01 19:57:56         0 d-------- C:\Program Files (x86)\AviSynth 2.5<AVISYN~1.5>
2010-02-21 00:06:41     24064 --a------ C:\Windows\system32\nshhttp.dll
2010-02-21 00:05:14     30720 --a------ C:\Windows\system32\httpapi.dll
2010-02-03 12:30:48    290816 --a------ C:\Windows\system32\rdfvgsdu.dll
2010-02-02 16:51:38         0 d-------- C:\Users\xxxxxxxxx\AppData\Roaming\Shareaza
2010-01-27 02:14:34    499200 --a------ C:\Windows\system32\udxllgjlildrw.dll<UDXLLG~1.DLL>
2010-01-26 17:56:49         0 dr-h----- C:\Users\xxxxxxxxxxx\AppData\Roaming\SecuROM
2010-01-25 13:00:35    152576 --a------ C:\Windows\system32\secproc_ssp_isv.dll
2010-01-25 13:00:35    152064 --a------ C:\Windows\system32\secproc_ssp.dll
2010-01-25 13:00:35    471552 --a------ C:\Windows\system32\secproc_isv.dll
2010-01-25 13:00:22    471552 --a------ C:\Windows\system32\secproc.dll
2010-01-25 12:58:52    332288 --a------ C:\Windows\system32\msdrm.dll
2010-01-25 09:21:20    346624 --a------ C:\Windows\system32\RMActivate_ssp_isv.exe
2010-01-25 09:21:20    526336 --a------ C:\Windows\system32\RMActivate_isv.exe
2010-01-25 09:21:18    347136 --a------ C:\Windows\system32\RMActivate_ssp.exe
2010-01-25 09:21:18    518144 --a------ C:\Windows\system32\RMActivate.exe
2010-01-23 10:26:13      2048 --a------ C:\Windows\system32\tzres.dll
2010-01-22 22:01:06    348160 --a------ C:\Windows\system32\msvcr71.dll
2010-01-22 22:00:57         0 d-------- C:\Program Files (x86)\Common Files\DVDVideoSoft<DVDVID~1>
2010-01-22 16:43:17         0 d-------- C:\Program Files (x86)\CoreAAC
2010-01-21 09:09:09         0 d-------- C:\Program Files (x86)\Microsoft Silverlight<MI2020~1>
2010-01-19 18:24:05         0 d-------- C:\Users\xxxxxxxxxx\AppData\Roaming\IMSIDesign<IMSIDE~1>
2010-01-18 22:59:08         0 d-------- C:\Users\xxxxxxxxxxx\AppData\Roaming\uTorrent
2010-01-18 21:35:48         0 d-------- C:\Users\xxxxxxxxxxx\AppData\Roaming\Azureus
2010-01-17 16:26:59         6 --ahs---- C:\Users\xxxxxxxxxx\AppData\Roaming\desktop.ini
2010-01-17 16:15:25         0 d-------- C:\Program Files (x86)\BearShare Applications<BEARSH~1>
2010-01-17 16:09:12         0 d-------- C:\Users\xxxxxxxxx\AppData\Roaming\Mozilla
2010-01-17 14:14:59         0 d-------- C:\Users\xxxxxxx\AppData\Roaming\SZMaster
2010-01-15 15:58:14    796672 --a------ C:\Windows\GPInstall.exe<GPINST~1.EXE>
2010-01-14 17:57:32         0 d-------- C:\Users\xxxxxxxx\AppData\Roaming\WinRAR
2010-01-12 17:44:17     29480 --a------ C:\Windows\system32\msxml3a.dll
2010-01-12 17:44:16    505128 --a------ C:\Windows\system32\msvcp71.dll
2010-01-06 16:39:38   1696256 --a------ C:\Windows\system32\gameux.dll
2010-01-06 16:38:47     28672 --a------ C:\Windows\system32\Apphlpdm.dll
2010-01-06 14:30:41   4240384 --a------ C:\Windows\system32\GameUXLegacyGDFs.dll
2010-01-02 07:36:10    206848 --a------ C:\Windows\system32\occache.dll
2010-01-02 07:33:32     55296 --a------ C:\Windows\system32\msfeedsbs.dll
2010-01-02 07:33:32    594432 --a------ C:\Windows\system32\msfeeds.dll
2010-01-02 07:32:33    164352 --a------ C:\Windows\system32\ieui.dll
2010-01-02 07:32:33    109056 --a------ C:\Windows\system32\iesysprep.dll
2010-01-02 07:32:33     71680 --a------ C:\Windows\system32\iesetup.dll
2010-01-02 07:32:33   1985536 --a------ C:\Windows\system32\iertutil.dll
2010-01-02 07:32:32     55808 --a------ C:\Windows\system32\iernonce.dll
2010-01-02 07:32:32  11070464 --a------ C:\Windows\system32\ieframe.dll
2010-01-02 07:32:26    387584 --a------ C:\Windows\system32\iedkcs32.dll
2010-01-02 05:57:00    133632 --a------ C:\Windows\system32\ieUnatt.exe
2010-01-02 05:56:50    173056 --a------ C:\Windows\system32\ie4uinit.exe
2010-01-02 05:56:14     13312 --a------ C:\Windows\system32\msfeedssync.exe
2009-12-30 13:30:20   1568768 --a------ C:\Windows\bsdsetup.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"MtdAcq"="C:\\Program Files (x86)\\Creative\\Shared Files\\Media Sniffer\\MtdAcq.exe /s"
"WMPNSCFG"="C:\\Program Files (x86)\\Windows Media Player\\WMPNSCFG.exe"
"TOY5KNQ8OC"="C:\\Users\\xxxxxxxxxxx\\AppData\\Local\\Temp\\Nbd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PCMMediaSharing"="\"C:\\Program Files (x86)\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe\""
"WarReg_PopUp"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe"
"avgnt"="\"C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Java\\jre6\\bin\\jusched.exe\""
"SweetIM"="C:\\Program Files (x86)\\SweetIM\\Messenger\\SweetIM.exe"
"ezLife"=dword:00000000
"krrxttnyslqnji"="C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Windows\\SysWow64\\udxllgjlildrw.dll\""
"VirtualCloneDrive"="\"e:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"a-squared"="\"C:\\Program Files (x86)\\a-squared Anti-Malware\\a2guard.exe\""
"GrooveMonitor"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
	

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000001
"NoActiveDesktopChanges"=dword:00000001
"ForceActiveDesktopOn"=dword:00000000
"BindDirectlyToPropertySetStorage"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbupdate
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalSystemNetworkRestricted	REG_MULTI_SZ   	hidserv\0Netman\0AudioEndpointBuilder\0dot3svc\0WPDBusEnum\0wlansvc\0\0
termsvcs	REG_MULTI_SZ   	TermService\0\0
LocalService	REG_MULTI_SZ   	NSI\0SSDPSRV\0upnphost\0SCardSvr\0RemoteRegistry\0WinHttpAutoProxySvc\0TBS\0SLUINotify\0netprofm\0QWAVE\0WebClient\0\0
rpcss	REG_MULTI_SZ   	RpcSs\0\0
LocalServiceNetworkRestricted	REG_MULTI_SZ   	AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
wcssvc	REG_MULTI_SZ   	WcsPlugInService\0\0
DcomLaunch	REG_MULTI_SZ   	PlugPlay\0DcomLaunch\0\0
NetworkService	REG_MULTI_SZ   	DHCP\0TermService\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
imgsvc	REG_MULTI_SZ   	StiSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
CertPropSvc
SCPolicySvc
gpsvc
LogonHours
PCAudit
iphlpsvc
msiscsi
SessionEnv



-- End of ComboScan: finished at 2010-03-14 at 16:22:44
         

---------------------------------------------------------------------

Code: Alles auswählenAufklappen

ATTFilter

ComboScan v20070226.18 run by xxxxxxxxxxxx on 2010-03-14 at 16:20:46
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium  (build 6002) SP 2.0
Architecture: X64; Language: German

CPU 0: Intel(R) Core(TM)2 Quad  CPU   Q8200  @ 2.33GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 4094.32 MiB / 2195.94 MiB
Pagefile Memory (total/avail): 8401.93 MiB / 6217.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1893.89 MiB

C: is Fixed (NTFS) - 293.33 GiB total, 161.89 GiB free. 
D: is Fixed (NTFS) - 596.17 GiB total, 594.61 GiB free. 
E: is Fixed (NTFS) - 293.08 GiB total, 275.74 GiB free. 
F: is CDROM (No Media)
G: is CDROM (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
M: is Removable (No Media)


-- Security Center --------------------------------------------------------------

Windows Internal Firewall is enabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\xxxxxxxxx\AppData\Roaming
CLASSPATH=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files (x86)\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=xxxxxxxxxxpc
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\xxxxxxxxx
LOCALAPPDATA=C:\Users\xxxxxxxxxxx\AppData\Local
LOGONSERVER=\\xxxxxxxxxPC
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files (x86)\Samsung\Samsung PC Studio 3\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_ARCHITEW6432=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1707
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files (x86)
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\CHRIST~1\AppData\Local\Temp
TMP=C:\Users\CHRIST~1\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
USERDOMAIN=xxxxxxxxPC
USERNAME=xxxxxxxxxx
USERPROFILE=C:\Users\xxxxxxxxx
windir=C:\Windows


-- User Profiles ----------------------------------------------------------------

xxxxxxxx


-- Add/Remove Programs ----------------------------------------------------------

 --> C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
a-squared Anti-Malware 4.5 --> "C:\Program Files (x86)\a-squared Anti-Malware\unins000.exe"
Acer Arcade Live Main Page --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\SETUP.exe"  -uninstall
Acer DV Magician --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\SETUP.exe"  -uninstall
Acer DVDivine --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\SETUP.exe"  -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology --> "C:\Program Files (x86)\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ePerformance Management --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x7  -removeonly
Acer eSettings Management --> "C:\Program Files (x86)\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer HomeMedia --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\SETUP.exe"  -uninstall
Acer HomeMedia Connect --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe"  -uninstall
Acer HomeMedia Trial Creator --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B580C409-E16F-44FF-904D-3AE94E113BE0}\SETUP.EXE"  -uninstall
Acer ScreenSaver --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Acer SlideShow DVD --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\SETUP.exe"  -uninstall
Acer VideoMagician --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\SETUP.exe"  -uninstall
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin --> C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.5 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Advertising Center --> MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Apple Software Update --> MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus --> C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5 --> "C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe"
Bonjour --> MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
ContentSAFER for Wizmax --> 
CoreAAC --> "C:\Program Files (x86)\CoreAAC\Uninstall.exe"
DesignPro 5 SE Goldedition --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6373F2B-6B98-4C84-8C25-78EB41BA31B9} /l1031 
Didi V3 --> "C:\Program Files (x86)\Degener\DidiV3\unins000.exe"
DivX Codec --> C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters --> C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player --> C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DolbyFiles --> MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
EPSON Scan --> C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
eSobi v2 --> C:\Program Files (x86)\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0407
eSobi v2 --> MsiExec.exe /X{15D967B5-A4BE-42AE-9E84-64CD062B25AA}
ezLife browser enhancer --> "C:\Program Files (x86)\ezLife\ezLife\1.3.6.0\uninstall.exe"
Free Realms Installer --> C:\Users\xxxxxxxxxxx\AppData\LocalLow\Sony Online Entertainment\uninst.exe
Gehirnjogging - Der Trainer fürs Gedächtnis... --> C:\PROGRA~2\HAPPYN~1\GEHIRN~1\UNWISE.EXE C:\PROGRA~2\HAPPYN~1\GEHIRN~1\INSTALL.LOG
Gehirnjogging 2 --> C:\PROGRA~2\HAPPYN~1\GEHIRN~2\UNWISE.EXE C:\PROGRA~2\HAPPYN~1\GEHIRN~2\INSTALL.LOG
Gehirnjogging 3 --> C:\PROGRA~2\HAPPYN~1\GEHIRN~3\UNWISE.EXE C:\PROGRA~2\HAPPYN~1\GEHIRN~3\INSTALL.LOG
Google SketchUp 6 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x7  -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x7  -removeonly
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) --> C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) --> C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
iTunes --> MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 17 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update --> MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KB408682 --> 
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\swflash.inf,DefaultUninstall,5
Menu Templates - Starter Kit --> MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Microsoft Choice Guard --> MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (German) 2007 --> MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007 --> MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007 --> MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007 --> MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007 --> MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft VC80 Support DLLs --> MsiExec.exe /I{342F5437-C87D-4BB5-89B9-B23E16C6A395}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 --> MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 --> MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 --> MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable Package --> C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
Movie Templates - Starter Kit --> MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.5.5) --> C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT --> MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430) --> MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688) --> MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 9 Trial --> C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights --> MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter --> MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner --> MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero Disc Copy Gadget --> MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed --> MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed --> MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool --> MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer --> MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap --> MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode --> MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent --> MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime --> MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart --> MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision --> MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor --> MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM --> MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress --> MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTI Backup NOW! 4.7 --> C:\Program Files (x86)\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0407
NTI CD & DVD-Maker --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1031 CDM7
PSP ISO Compressor --> MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}
PSPVC :: PSP Video Converter v3.75 --> "e:\Program Files (x86)\pspvc\Uninstall.exe"
QuickTime --> MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver --> RtlUpd64.exe -r -m -nrg2709
RON Too1 Gooochi --> C:\Windows\system32\uaohlaofcedigp.exe
Samsung PC Studio 3 --> "C:\Program Files (x86)\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0007 -removeonly
Samsung PC Studio 3 USB Driver Installer --> "C:\Program Files (x86)\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0007 -removeonly
Shareaza 2.5.2.0 --> "E:\Program Files (x86)\Shareaza\Uninstall\unins000.exe"
SoundTrax --> MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
Supreme Commander - Forged Alliance --> C:\Program Files (x86)\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe -runfromtemp -l0x0007 -removeonly
SweetIM for Messenger 2.8 --> MsiExec.exe /X{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}
Uniblue RegistryBooster 2010 --> "E:\Program Files (x86)\RegistryBooster\unins000.exe"
Uninstall 1.0.0.1 --> "C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) --> C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053 --> MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VirtualCloneDrive --> "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive"
VLC media player 0.9.9 --> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live-Uploadtool --> MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Anmelde-Assistent --> MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call --> MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform --> MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials --> C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials --> MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Fotogalerie --> MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}
Windows Live Mail --> MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger --> MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Sync --> MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}


-- End of ComboScan: finished at 2010-03-14 at 16:22:44 -------------------------
         

Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

• Als erstes versteckte Dateien anzeigen lassen!
  (nur Punkt 1 durchführen!)

• Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
  und suche folgende Datei/Dateien:

Code: Alles auswählenAufklappen

ATTFilter

C:\Windows\SysWow64\udxllgjlildrw.dll
         

• Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

• Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

• Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Dann gibt es noch das hier (neben ein paar anderen Sachen

Zitat:

O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\xxxxx\AppData\Local\Temp\Nbd.exe

Das sollte MAM aber schaffen...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris
Für mich:
...
O4 - HKLM\..\Run: [krrxttnyslqnji] C:\Windows\System32\regsvr32.exe /s "C:\Windows\SysWow64\udxllgjlildrw.dll"
F2 - REG:system.ini: UserInit=userinit.exe,C:\Windows\system32\msytes32.exe,C:\Windows\system32\sdra64.exe,
O2 - BHO: ezLife browser enhancer rdfvgsdu - {10134F49-AA57-444E-B1A4-9BC7488B87C3} - C:\Windows\SysWOW64\rdfvgsdu.dll
O2 - BHO: gooochi browser enhancer - {3B97AB0B-9FF2-B93C-FB57-B6A9724436CA} - C:\Windows\SysWOW64\udxllgjlildrw.dll
...

das geht mit dem button (durchsuchen) auf virustotal

gibt es noch eine seite die das macht

dauert einwenig ab grade denn die datei acedrv09.sys in den arch getretten

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:13:48, on 15.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Download\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [a-squared] "C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files (x86)\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://E:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://62.146.191.133/atlas_activex.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EBB89B-0FD6-4B28-8211-DF67F56C1E97}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9903 bytes
         

jetzt hab ich das mit dem MAM
nur das mit dem Virtustotal geht irgendwie nicht

das ist von OTL [code]OTL Extras logfile created on: 15.03.2010 01:56:00 - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = D:\Download
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 156,71 Gb Free Space | 53,42% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 594,03 Gb Free Space | 99,64% Space Free | Partition Type: NTFS
Drive E: | 293,08 Gb Total Space | 275,74 Gb Free Space | 94,09% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1,82 Gb Total Space | 0,04 Gb Free Space | 2,10% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: CHRISTINASPC
Current User Name: cHrIsTiNaLiCiOuS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 78 32 0A ED 0F 60 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE" = C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE:*:Enabled:ACER.EMPOWERING.FRAMEWORK.SUPERVISOR -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSrf.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSrf.exe:*:Enabled:eDSrf -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE" = C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE:*:Enabled:ACER.EMPOWERING.FRAMEWORK.SUPERVISOR???1????????? -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSrf.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSrf.exe:*:Enabled:eDSrf -- (Egis Incorporated.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FA05792-FB7E-474F-AF07-0F9AA474C502}" = rport=138 | protocol=17 | dir=out | app=system |
"{27B50138-A60C-4392-A74D-5ED1F03E4BE8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{357A372F-2C3E-4758-A482-FD8078153941}" = lport=138 | protocol=17 | dir=in | app=system |
"{521A456B-A43E-484B-941D-9E47571D39E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{56B1B21C-61AC-4574-8CDF-5C3F16549531}" = rport=137 | protocol=17 | dir=out | app=system |
"{5780BE94-5B14-4133-8E1E-A27E59022A50}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{760000E7-7385-45C9-A2C0-3E5DBA5FEBAB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{76893480-5EA7-488D-8F95-1DC6B7C4CA25}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7CB9D303-78F1-4968-A09D-D7305922779B}" = lport=445 | protocol=6 | dir=in | app=system |
"{980C54B1-FC85-4969-93D1-ADD20E19A69A}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1994B60-60D8-4F8D-B5F5-4580A0798B73}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3D93E56-AB0A-48B9-8963-31AC4827ED57}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F632B6AC-3385-4C93-9742-61DCA92CC561}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088641C2-EAB6-4E71-ACDC-C49E2AF6F3C0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{0E1AFC82-916C-4D85-A5B5-632BD2ADD679}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{160EE90E-D237-4642-9514-35C802C89203}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1C9FB18B-967D-430C-B169-14D1D93C58E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{20A5EC57-B14E-4A59-99D2-871FA0B1B762}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{21683066-D4DA-4C18-AA4F-32767F8E4967}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2BBE1537-0262-409D-95AF-BABAAD7AEF7E}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{309564D5-7BF3-41C0-ABDE-F7DC3A8FE2A5}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{39163BB1-8783-4623-93E2-7655EE030654}" = protocol=17 | dir=in | app=c:\users\christinalicious\appdata\local\temp\dologin.exe |
"{453A6BAF-1BD1-4E18-B903-F47781A7F21C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4DD79626-2267-4990-9F8C-8386DB8F2DF2}" = protocol=6 | dir=in | app=c:\users\christinalicious\appdata\local\temp\dologin.exe |
"{4EDD497D-1237-4341-8F1D-AA6824294602}" = protocol=6 | dir=in | app=c:\users\christinalicious\appdata\local\temp\jmstart.exe |
"{5333F88A-77DF-4DCE-A29A-F73D802BE100}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{5D1450C6-D3E4-4733-8122-ED307707AB86}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5F25F558-C588-44F8-BE18-3B15B2EE9A97}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{69CB0511-ED7D-4797-8A9D-4FCA1116000E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{71725025-0AA5-4AFD-AD83-C67DCB177A71}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{742E9FFA-3E8C-4394-B3FC-7E1F884DFED0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7ED5E35B-21F2-4247-955D-6E4283DA082D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{86E0281D-9A12-48E3-AE14-41EAC4E604B9}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{8E5962B0-C8EF-4E85-BA8B-4412EC7B15E9}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{90A93270-2158-4CE8-AEE4-2A1EBB641CF1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{91DAC26F-F35C-4190-B0F0-447FDC4F6CA6}" = protocol=17 | dir=in | app=c:\users\christinalicious\appdata\local\temp\jmstart.exe |
"{98706121-A054-49AA-83F6-225848460864}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A03E20C6-D02F-44C5-80D0-05CCA57E5F5A}" = protocol=17 | dir=in | app=e:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{A7CDF499-DC4C-478E-BEE4-825B195CA79E}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{AA62440C-D6CA-4A8B-8C8B-4D32ED8DD6D3}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C8439F3F-D823-43AC-88ED-C7A8DF7C9A3D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D45A21FB-0D1A-48AA-B55D-681BD7AD758F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D5984256-DFC7-4750-B0ED-4F6D249E279E}" = protocol=6 | dir=in | app=e:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{DC649DC1-89C5-49EA-AE0E-DF7959EF63DA}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{E504C940-8C19-4E86-B448-C2464B06615F}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{E8DCA116-67F8-4F69-9421-3F9A158FDB76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EBAE139E-7E48-47E0-9F40-B0B2902E9AE5}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{F10CFEE6-EFD6-4B6B-B6E3-C207C038C0C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{F5A5CD4B-CD70-4B8A-9FA3-B557704E7195}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"TCP Query User{0700D86C-CC6F-4D27-8C5D-AA7559CF1A22}C:\users\christinalicious\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\christinalicious\program files (x86)\dna\btdna.exe |
"TCP Query User{4811A943-234E-4483-99EB-B39C3D643C62}C:\users\christinalicious\downloads\keygen.cyberlink.power.producer.5.0.0314.exe" = protocol=6 | dir=in | app=c:\users\christinalicious\downloads\keygen.cyberlink.power.producer.5.0.0314.exe |
"TCP Query User{5C9FDA12-707E-4D37-BAAE-D6CB915054A0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{871283E4-7B6A-4597-973C-61F0F14E6999}C:\users\christinalicious\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\christinalicious\program files (x86)\dna\btdna.exe |
"TCP Query User{B1E2732D-B870-4E14-B786-A173ED1DA2F5}E:\program files (x86)\shareaza\shareaza.exe" = protocol=6 | dir=in | app=e:\program files (x86)\shareaza\shareaza.exe |
"UDP Query User{217DBADB-A6B4-4D8A-BA5A-91A48B357F82}C:\users\christinalicious\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\christinalicious\program files (x86)\dna\btdna.exe |
"UDP Query User{504851D6-D827-4A10-AA2E-B3BA5DE5B7CB}C:\users\christinalicious\downloads\keygen.cyberlink.power.producer.5.0.0314.exe" = protocol=17 | dir=in | app=c:\users\christinalicious\downloads\keygen.cyberlink.power.producer.5.0.0314.exe |
"UDP Query User{6855874B-CDEE-46A1-ADB7-A92BB8A6FBE6}C:\users\christinalicious\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\christinalicious\program files (x86)\dna\btdna.exe |
"UDP Query User{B1090DAD-FBE1-411E-B62A-18B13E69B6A3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{CB8F309E-D5BC-4CBA-AE22-F9A270648D61}E:\program files (x86)\shareaza\shareaza.exe" = protocol=17 | dir=in | app=e:\program files (x86)\shareaza\shareaza.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFE7D1F-B20F-4E81-B27C-B3C701702250}" = ATI Catalyst Install Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FF12BFD-84AC-4E81-9A8F-496E5C2DDA79}_is1" = Didi V3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4c96d036-3475-45bf-9ddc-81bc736b9f4b}" = Nero 9 Trial
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D3EC9E5A-27BA-4834-828E-5D7A77CDE964}" = Samsung PC Studio 3
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D6373F2B-6B98-4C84-8C25-78EB41BA31B9}" = DesignPro 5 SE Goldedition
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Anti-Malware_is1" = a-squared Anti-Malware 4.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CoreAAC" = CoreAAC
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Gehirnjogging - Der Trainer fürs Gedächtnis..." = Gehirnjogging - Der Trainer fürs Gedächtnis...
"Gehirnjogging 2" = Gehirnjogging 2
"Gehirnjogging 3" = Gehirnjogging 3
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{D6373F2B-6B98-4C84-8C25-78EB41BA31B9}" = DesignPro 5 SE Goldedition
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"PSPVC" = PSPVC :: PSP Video Converter v3.75
"Shareaza_is1" = Shareaza 2.5.2.0
"ShockwaveFlash" = Macromedia Flash Player 8
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Free Realms Installer" = Free Realms Installer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13.03.2010 10:30:37 | Computer Name = ChristinasPC | Source = WinMgmt | ID = 10
Description =

Error - 13.03.2010 10:31:36 | Computer Name = ChristinasPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
0x4a6ce533, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824,
Ausnahmecode 0xc0000022, Fehleroffset 0x0006f04e, Prozess-ID 0x1720, Anwendungsstartzeit
01cac2b9e05680df.

Error - 13.03.2010 11:30:45 | Computer Name = ChristinasPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
0x4a6ce533, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824,
Ausnahmecode 0xc0000022, Fehleroffset 0x0006f04e, Prozess-ID 0x17c8, Anwendungsstartzeit
01cac2c2256f090f.

Error - 13.03.2010 12:13:20 | Computer Name = ChristinasPC | Source = WinMgmt | ID = 10
Description =

Error - 13.03.2010 12:14:24 | Computer Name = ChristinasPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
0x4a6ce533, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824,
Ausnahmecode 0xc0000022, Fehleroffset 0x0006f04e, Prozess-ID 0x6e0, Anwendungsstartzeit
01cac2c82da8e028.

Error - 13.03.2010 12:14:25 | Computer Name = ChristinasPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
0x4a6ce533, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824,
Ausnahmecode 0xc0000022, Fehleroffset 0x0006f04e, Prozess-ID 0x10ec, Anwendungsstartzeit
01cac2c82dbe4c88.

Error - 13.03.2010 12:14:26 | Computer Name = ChristinasPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
0x4a6ce533, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824,
Ausnahmecode 0xc0000022, Fehleroffset 0x0006f04e, Prozess-ID 0x11ec, Anwendungsstartzeit
01cac2c82e88ef88.

Error - 13.03.2010 12:14:26 | Computer Name = ChristinasPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
0x4a6ce533, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824,
Ausnahmecode 0xc0000022, Fehleroffset 0x0006f04e, Prozess-ID 0x10b4, Anwendungsstartzeit
01cac2c83d567c88.

Error - 13.03.2010 12:18:41 | Computer Name = ChristinasPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e03824, Ausnahmecode 0xc0000142, Fehleroffset 0x0006f04e, Prozess-ID 0xe78, Anwendungsstartzeit
01cac2c8d73dbf78.

Error - 13.03.2010 12:19:32 | Computer Name = ChristinasPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
0x4a6ce533, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824,
Ausnahmecode 0xc0000022, Fehleroffset 0x0006f04e, Prozess-ID 0xc68, Anwendungsstartzeit
01cac2c8f219a9d8.

[ System Events ]
Error - 14.03.2010 17:59:04 | Computer Name = ChristinasPC | Source = Service Control Manager | ID = 7026
Description =

Error - 14.03.2010 18:52:21 | Computer Name = ChristinasPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 14.03.2010 18:52:32 | Computer Name = ChristinasPC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.03.2010 um 23:50:36 unerwartet heruntergefahren.

Error - 14.03.2010 18:52:38 | Computer Name = ChristinasPC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Epson Stylus CX3600 (M) nicht
unter dem Namen Epson Stylus CX3600 (M) freigeben. Fehler: 2114. Der Drucker kann
nicht von anderen Benutzern im Netzwerk verwendet werden.

Error - 14.03.2010 18:52:38 | Computer Name = ChristinasPC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon Inkjet PIXMA iP4000 nicht
unter dem Namen Canon Inkjet PIXMA iP4000 freigeben. Fehler: 2114. Der Drucker
kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error - 14.03.2010 18:53:10 | Computer Name = ChristinasPC | Source = Service Control Manager | ID = 7026
Description =

Error - 14.03.2010 20:09:55 | Computer Name = ChristinasPC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 14.03.2010 20:10:03 | Computer Name = ChristinasPC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Epson Stylus CX3600 (M) nicht
unter dem Namen Epson Stylus CX3600 (M) freigeben. Fehler: 2114. Der Drucker kann
nicht von anderen Benutzern im Netzwerk verwendet werden.

Error - 14.03.2010 20:10:03 | Computer Name = ChristinasPC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon Inkjet PIXMA iP4000 nicht
unter dem Namen Canon Inkjet PIXMA iP4000 freigeben. Fehler: 2114. Der Drucker
kann nicht von anderen Benutzern im Netzwerk verwendet werden.

Error - 14.03.2010 20:10:38 | Computer Name = ChristinasPC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 15.03.2010 01:56:00 - Run 1
OTL by OldTimer - Version 3.1.37.1     Folder = D:\Download
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 293,33 Gb Total Space | 156,71 Gb Free Space | 53,42% Space Free | Partition Type: NTFS
Drive D: | 596,17 Gb Total Space | 594,03 Gb Free Space | 99,64% Space Free | Partition Type: NTFS
Drive E: | 293,08 Gb Total Space | 275,74 Gb Free Space | 94,09% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1,82 Gb Total Space | 0,04 Gb Free Space | 2,10% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: CHRISTINASPC
Current User Name: cHrIsTiNaLiCiOuS
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - File not found -- C:\Windows\SysWow64\hasplms.exe
PRC - [2010.03.14 23:03:59 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.03.14 17:21:11 | 000,555,008 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
PRC - [2009.10.20 13:59:18 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2009.10.01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
PRC - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.06 11:00:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.17 12:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009.06.10 20:04:57 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.03.04 22:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.04 22:38:30 | 000,454,704 | ---- | M] (Egis inc.) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
PRC - [2008.01.25 17:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2007.06.28 14:36:16 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- D:\Download\HiJackThis\HijackThis.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.03.14 17:21:11 | 000,555,008 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
MOD - [2009.04.11 07:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.11 22:48:24 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.09.25 02:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.04.21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2010.03.06 22:35:26 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.10.01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.06 11:00:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.10 20:04:57 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.03.30 05:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008.03.04 22:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 17:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007.12.19 17:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.10.17 09:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.11.02 14:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 07:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 07:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2009.12.17 23:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.12.08 11:41:19 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.26 07:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.07 09:59:50 | 000,064,040 | --S- | M] (GetData Pty Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MIPv364.sys -- (MIPv364)
DRV:64bit: - [2009.06.18 16:06:20 | 000,190,504 | ---- | M] (GetData Pty Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MIPFSv364.sys -- (MIPFSv364)
DRV:64bit: - [2009.03.13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009.01.08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008.04.28 18:02:40 | 000,055,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008.03.04 22:39:22 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
DRV:64bit: - [2008.03.04 22:39:22 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008.03.04 22:39:20 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV:64bit: - [2008.02.22 15:33:00 | 000,151,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2008.02.22 15:32:58 | 000,113,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2008.02.22 15:32:58 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2007.05.02 11:11:14 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2007.05.02 11:11:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV:64bit: - [2007.05.02 11:11:14 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2006.11.02 06:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2009.09.28 19:20:43 | 000,089,256 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysWOW64\ElbyCDIO.dll -- (ElbyCDIO)
DRV - [2008.12.10 18:54:35 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007.12.13 02:07:34 | 000,003,481 | ---- | M] () [File_System | Boot | Running] -- C:\Acer\Empowering Technology\eDataSecurity\PSDFilter.inf -- (PSDFilter)
DRV - [2007.12.13 02:07:34 | 000,003,460 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\PSDNserv.inf -- (PSDNServ)
DRV - [2007.12.13 02:07:34 | 000,003,459 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\PSDVDisk.inf -- (psdvdisk)
DRV - [2006.10.04 11:45:16 | 000,015,656 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.09.18 22:36:40 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006.09.18 22:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?mkt=fr-FR&form=MIMWA2&q="
 
FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 
FF - user.js..network.proxy.no_proxies_on: ""
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.03.14 23:04:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.03.14 23:04:07 | 000,000,000 | ---D | M]
 
[2010.01.17 14:20:31 | 000,000,000 | ---D | M] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\mozilla\Extensions
[2010.01.17 14:20:31 | 000,000,000 | ---D | M] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.01.17 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\mozilla\Extensions\sz@mast.er
[2010.03.14 15:24:45 | 000,000,000 | ---D | M] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\mozilla\Firefox\Profiles\fum6isbm.default\extensions
[2010.02.01 19:56:19 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\mozilla\Firefox\Profiles\fum6isbm.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.01.20 18:19:18 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\mozilla\Firefox\Profiles\fum6isbm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.03.13 20:18:50 | 000,000,000 | ---D | M] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\mozilla\Firefox\Profiles\fum6isbm.default\extensions\corexplayer@l39studios.de
[2009.12.03 10:54:24 | 000,002,476 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Mozilla\FireFox\Profiles\fum6isbm.default\searchplugins\BearShareWebSearch.xml
[2009.11.21 20:55:38 | 000,002,650 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Mozilla\FireFox\Profiles\fum6isbm.default\searchplugins\bing.xml
[2010.01.20 18:19:15 | 000,003,915 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Mozilla\FireFox\Profiles\fum6isbm.default\searchplugins\sweetim.xml
[2010.03.14 15:24:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.07.17 09:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2010.03.14 23:04:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 23:04:01 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.14 23:04:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.14 23:04:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.14 23:04:01 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll File not found
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4:64bit: - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [a-squared] C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [VirtualCloneDrive] e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKCU..\Run: [MtdAcq] C:\Program Files (x86)\Creative\Shared Files\Media Sniffer\MtdAcq.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Download with &Shareaza - E:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O8 - Extra context menu item: Download with &Shareaza - E:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} http://62.146.191.133/atlas_activex.dll (ActiveXControl Object)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.11 22:32:45 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.03.15 01:43:41 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010.03.15 01:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010.03.14 22:13:10 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Malwarebytes
[2010.03.14 22:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.14 22:13:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.14 22:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirusTotalUploader2
[2010.03.14 20:20:04 | 000,463,152 | ---- | C] (Microsoft Corporation) -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\Mircrosoft Office Enterprise 2007  Setup.exe
[2010.03.14 16:20:46 | 000,000,000 | ---D | C] -- C:\ComboScan
[2010.03.14 15:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010.03.14 15:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010.03.14 15:16:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.03.14 15:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.03.14 15:15:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.03.14 15:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010.03.14 15:14:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.03.14 15:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Anti-Malware
[2010.03.14 14:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.03.14 14:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.03.14 14:32:49 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\bookmarkbackups
[2010.03.14 14:21:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.03.13 15:26:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010.03.13 15:26:04 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010.03.13 15:26:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010.03.13 15:26:03 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010.03.13 15:24:08 | 004,698,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.03.13 14:56:34 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\Windows Live
[2010.03.13 14:48:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.03.12 21:27:13 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\Nero
[2010.03.12 21:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rhinoceros 4.0
[2010.03.12 20:54:28 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\McNeel
[2010.03.12 20:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McNeel Shared
[2010.03.12 20:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McNeel
[2010.03.11 22:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.03.11 22:48:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared
[2010.03.11 22:44:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Autodesk Shared
[2010.03.11 22:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010.03.11 22:44:54 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\Autodesk
[2010.03.11 22:44:05 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010.03.11 22:44:05 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010.03.11 22:44:05 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010.03.11 22:44:05 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010.03.11 22:44:04 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010.03.11 22:44:04 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010.03.10 23:14:09 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\CADs kopie
[2010.03.10 20:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010.03.10 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Nero
[2010.03.10 20:24:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010.03.10 20:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.03.10 20:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010.03.10 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.03.09 18:12:58 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\DICAD_Systeme_GmbH
[2010.03.09 17:57:29 | 000,071,040 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksdf.sys
[2010.03.09 17:57:28 | 002,869,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\hasplms.exe
[2010.03.09 17:57:28 | 002,869,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\aksllmtp.exe
[2010.03.09 17:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared
[2010.03.09 17:57:27 | 000,129,280 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksfridge.sys
[2010.03.09 17:57:26 | 000,318,464 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\hardlock.sys
[2010.03.09 17:51:41 | 000,000,000 | ---D | C] -- C:\CAD.Programme
[2010.03.08 23:20:42 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\Documents\MeineBackups
[2010.03.08 23:18:38 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Acronis
[2010.03.08 23:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010.03.08 23:12:00 | 001,477,728 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2010.03.08 23:11:53 | 000,943,712 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010.03.08 23:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010.03.08 22:40:00 | 000,190,504 | ---- | C] (GetData Pty Ltd) -- C:\Windows\SysNative\drivers\MIPFSv364.sys
[2010.03.08 22:40:00 | 000,064,040 | --S- | C] (GetData Pty Ltd) -- C:\Windows\SysNative\drivers\MIPv364.sys
[2010.03.06 22:33:21 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Autodesk
[2010.03.06 22:23:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2010.03.06 22:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2010.03.06 09:53:41 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.03.06 09:53:40 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.03.06 09:53:40 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.03.06 09:53:40 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.03.06 09:53:40 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.03.06 09:53:40 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.03.06 09:53:40 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.03.06 09:53:40 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.03.06 09:53:40 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.03.06 09:53:40 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.03.06 09:53:40 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.03.06 09:53:40 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.03.06 09:53:39 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.03.06 09:53:39 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.03.06 09:53:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.03.06 09:53:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.03.06 09:53:39 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.03.06 09:53:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.03.06 09:53:39 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.03.06 09:53:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.03.06 09:53:39 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.03.06 09:53:39 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.03.06 09:53:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.03.06 09:53:39 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.03.06 09:53:39 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.03.06 09:53:39 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.03.06 09:53:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.03.06 09:53:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010.03.06 09:53:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010.03.06 09:53:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.03.06 09:53:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.03.06 09:53:33 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.03.06 09:53:33 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.03.06 09:53:33 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.03.06 09:53:33 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.03.06 09:53:32 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.03.06 09:53:32 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.03.06 09:53:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.03.06 09:53:32 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.03.06 09:53:32 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010.03.06 09:53:32 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.03.06 09:53:32 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.03.06 09:53:32 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.03.06 09:53:32 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.03.06 09:53:32 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010.03.06 09:53:32 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.03.06 09:53:32 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.03.06 09:53:32 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.03.06 09:53:32 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.03.06 09:53:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010.03.06 09:53:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010.03.06 09:53:30 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010.03.06 09:53:30 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010.03.06 09:53:30 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010.03.06 09:53:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010.03.06 09:53:28 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.03.06 09:53:28 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.03.06 09:53:28 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.03.06 09:53:27 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010.03.06 09:53:27 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.03.06 09:53:27 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.03.06 09:53:27 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.03.06 09:53:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.03.06 09:53:27 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.03.06 09:53:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.03.06 09:53:26 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.03.06 09:53:26 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.03.04 16:26:38 | 000,000,000 | ---D | C] -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\GetRightToGo
[2006.09.27 02:11:09 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\cHrIsTiNaLiCiOuS\*.tmp files -> C:\Users\cHrIsTiNaLiCiOuS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.03.15 01:58:06 | 004,194,304 | -HS- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\NTUSER.DAT
[2010.03.15 01:30:41 | 000,000,036 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\housecall.guid.cache
[2010.03.15 01:10:13 | 000,035,940 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.03.15 01:10:05 | 000,035,940 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.03.15 01:10:04 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.15 01:10:04 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.15 01:10:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.15 01:10:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.15 01:09:07 | 000,524,288 | -HS- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.03.15 01:09:07 | 000,065,536 | -HS- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.03.15 01:09:06 | 003,143,091 | -H-- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\IconCache.db
[2010.03.14 23:56:52 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.03.14 23:56:52 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.03.14 23:56:52 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.03.14 23:56:52 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.03.14 23:56:52 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.03.14 23:52:23 | 858,065,420 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.03.14 22:31:44 | 000,408,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.03.14 22:03:28 | 000,001,890 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\VirusTotal Uploader 2.0.lnk
[2010.03.14 19:39:25 | 000,033,280 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.14 15:44:37 | 000,112,096 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.03.14 15:14:50 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.03.14 15:08:46 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.14 15:04:49 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\a-squared Anti-Malware.lnk
[2010.03.14 14:52:53 | 000,000,288 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\wklnhst.dat
[2010.03.13 17:18:53 | 000,000,680 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\d3d9caps.dat
[2010.03.12 21:27:22 | 000,000,198 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\default.rss
[2010.03.08 23:12:00 | 001,477,728 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2010.03.08 23:11:53 | 000,943,712 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010.03.06 11:33:03 | 863,747,204 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\badleuntnant.mp4
[2010.03.06 10:27:05 | 000,005,285 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\badleuntnant.jpg
[2010.03.01 19:57:53 | 000,000,028 | ---- | M] () -- C:\Windows\pspvc_path.ini
[2010.03.01 19:22:50 | 000,013,938 | ---- | M] () -- C:\Users\cHrIsTiNaLiCiOuS\Kosten.xlsx
[2010.02.21 00:15:56 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010.02.21 00:14:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010.02.21 00:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010.02.21 00:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\cHrIsTiNaLiCiOuS\*.tmp files -> C:\Users\cHrIsTiNaLiCiOuS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.03.15 01:30:41 | 000,000,036 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\housecall.guid.cache
[2010.03.14 22:03:28 | 000,001,890 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\VirusTotal Uploader 2.0.lnk
[2010.03.14 15:08:46 | 000,001,782 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.14 15:04:49 | 000,000,849 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Anti-Malware.lnk
[2010.03.14 14:32:30 | 000,016,384 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\key3.db
[2010.03.14 14:27:40 | 000,006,306 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\bookmarks.html
[2010.03.13 14:48:15 | 000,000,680 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\d3d9caps.dat
[2010.03.12 21:27:22 | 000,000,198 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\default.rss
[2010.03.06 11:32:07 | 863,747,204 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\badleuntnant.mp4
[2010.03.06 10:27:05 | 000,005,285 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\Desktop\badleuntnant.jpg
[2010.03.01 19:57:53 | 000,000,028 | ---- | C] () -- C:\Windows\pspvc_path.ini
[2010.01.22 16:05:28 | 000,001,284 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\edsinstaller.txt-20100122.log
[2010.01.07 19:43:17 | 000,035,940 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.01.07 19:36:09 | 000,035,940 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.11.27 20:46:56 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2009.11.27 19:53:32 | 000,006,067 | ---- | C] () -- C:\Windows\UNWISE.INI
[2009.11.06 16:03:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.11.06 16:01:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.15 15:24:09 | 000,413,522 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\dd_vcredistMSI45E4.txt
[2009.07.15 15:24:09 | 000,012,638 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\dd_vcredistUI45E4.txt
[2009.05.11 16:25:07 | 000,000,288 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\wklnhst.dat
[2009.04.20 21:01:12 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009.04.20 21:01:02 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.03.18 20:25:28 | 000,419,676 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\dd_vcredistMSI5AAF.txt
[2009.03.18 20:25:28 | 000,012,842 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\dd_vcredistUI5AAF.txt
[2009.01.18 19:37:08 | 000,000,027 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini
[2008.12.10 18:41:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.12.10 18:37:50 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2008.11.24 18:25:47 | 000,033,280 | ---- | C] () -- C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.05 18:51:13 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008.10.05 18:51:13 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.10.05 18:47:24 | 000,000,069 | ---- | C] () -- C:\Windows\eAPLauncher.ini
[2008.08.13 09:05:55 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN4.dll
[2008.08.13 07:06:32 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008.08.13 07:06:32 | 000,000,136 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008.08.12 23:20:54 | 000,015,656 | ---- | C] () -- C:\Windows\SysWow64\drivers\int15_64.sys
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2004.08.18 14:00:00 | 000,032,768 | -H-- | C] () -- C:\Windows\SysWow64\msls51.dll
[2003.05.11 18:36:04 | 000,046,448 | R--- | C] () -- C:\ProgramData\OLIVEOIL.TTF
[2003.05.11 18:36:02 | 000,049,764 | R--- | C] () -- C:\ProgramData\OLIVEBI_.TTF
[2003.05.11 18:36:02 | 000,049,428 | R--- | C] () -- C:\ProgramData\OLIVEI__.TTF
[2003.05.11 18:36:00 | 000,046,848 | R--- | C] () -- C:\ProgramData\OLIVEB__.TTF
[2003.05.11 18:36:00 | 000,045,744 | R--- | C] () -- C:\ProgramData\MAXIMO__.TTF
[2003.05.11 18:35:58 | 000,050,104 | R--- | C] () -- C:\ProgramData\MAXIMI__.TTF
[2003.05.11 18:35:58 | 000,049,668 | R--- | C] () -- C:\ProgramData\MAXIMBI_.TTF
[2003.05.11 18:35:56 | 000,049,992 | R--- | C] () -- C:\ProgramData\LYNNI___.TTF
[2003.05.11 18:35:56 | 000,045,600 | R--- | C] () -- C:\ProgramData\MAXIMB__.TTF
[2003.05.11 18:35:54 | 000,049,668 | R--- | C] () -- C:\ProgramData\LYNNBI__.TTF
[2003.05.11 18:35:54 | 000,047,192 | R--- | C] () -- C:\ProgramData\LYNNB___.TTF
[2003.05.11 18:35:52 | 000,067,940 | R--- | C] () -- C:\ProgramData\LIVINI__.TTF
[2003.05.11 18:35:52 | 000,047,208 | R--- | C] () -- C:\ProgramData\LYNN____.TTF
[2003.05.11 18:35:50 | 000,067,312 | R--- | C] () -- C:\ProgramData\LIVINBI_.TTF
[2003.05.11 18:35:48 | 000,065,412 | R--- | C] () -- C:\ProgramData\LIVINB__.TTF
[2003.05.11 18:35:46 | 000,065,212 | R--- | C] () -- C:\ProgramData\LIVIN___.TTF
[2003.05.11 18:35:46 | 000,063,296 | R--- | C] () -- C:\ProgramData\KENDRIC_.TTF
[2003.05.11 18:35:44 | 000,065,340 | R--- | C] () -- C:\ProgramData\KENDRI__.TTF
[2003.05.11 18:35:42 | 000,064,460 | R--- | C] () -- C:\ProgramData\KENDRBI_.TTF
[2003.05.11 18:35:40 | 000,070,140 | R--- | C] () -- C:\ProgramData\JACKII__.TTF
[2003.05.11 18:35:40 | 000,062,908 | R--- | C] () -- C:\ProgramData\KENDRB__.TTF
[2003.05.11 18:35:38 | 000,065,876 | R--- | C] () -- C:\ProgramData\JACKIE__.TTF
[2003.05.11 18:35:36 | 000,070,288 | R--- | C] () -- C:\ProgramData\JACKIBI_.TTF
[2003.05.11 18:35:36 | 000,065,396 | R--- | C] () -- C:\ProgramData\JACKIB__.TTF
[2003.05.11 18:35:34 | 000,078,936 | R--- | C] () -- C:\ProgramData\IRISI___.TTF
[2003.05.11 18:35:32 | 000,076,100 | R--- | C] () -- C:\ProgramData\IRISBI__.TTF
[2003.05.11 18:35:32 | 000,074,800 | R--- | C] () -- C:\ProgramData\IRISB___.TTF
[2003.05.11 18:35:30 | 000,076,524 | R--- | C] () -- C:\ProgramData\IRIS____.TTF
[2003.05.11 18:35:28 | 000,064,320 | R--- | C] () -- C:\ProgramData\HUNTSON_.TTF
[2003.05.11 18:35:26 | 000,065,920 | R--- | C] () -- C:\ProgramData\HUNTSBI_.TTF
[2003.05.11 18:35:26 | 000,065,828 | R--- | C] () -- C:\ProgramData\HUNTSI__.TTF
[2003.05.11 18:35:24 | 000,064,676 | R--- | C] () -- C:\ProgramData\HUNTSB__.TTF
[2003.05.11 18:35:22 | 000,079,488 | R--- | C] () -- C:\ProgramData\HANABI__.TTF
[2003.05.11 18:35:22 | 000,076,128 | R--- | C] () -- C:\ProgramData\HANAI___.TTF
[2003.05.11 18:35:20 | 000,073,380 | R--- | C] () -- C:\ProgramData\HANAB___.TTF
[2003.05.11 18:35:18 | 000,073,332 | R--- | C] () -- C:\ProgramData\HANA____.TTF
[2003.05.11 18:35:18 | 000,053,768 | R--- | C] () -- C:\ProgramData\GENUINE_.TTF
[2003.05.11 18:35:16 | 000,060,224 | R--- | C] () -- C:\ProgramData\GENUIBI_.TTF
[2003.05.11 18:35:16 | 000,060,212 | R--- | C] () -- C:\ProgramData\GENUII__.TTF
[2003.05.11 18:35:14 | 000,053,828 | R--- | C] () -- C:\ProgramData\GENUIB__.TTF
[2003.05.11 18:35:12 | 000,044,168 | R--- | C] () -- C:\ProgramData\FIRSTI__.TTF
[2003.05.11 18:35:12 | 000,044,084 | R--- | C] () -- C:\ProgramData\FIRSTBI_.TTF
[2003.05.11 18:35:12 | 000,040,220 | R--- | C] () -- C:\ProgramData\FIRSTB__.TTF
[2003.05.11 18:35:10 | 000,052,540 | R--- | C] () -- C:\ProgramData\FELTPI__.TTF
[2003.05.11 18:35:10 | 000,040,412 | R--- | C] () -- C:\ProgramData\FIRST___.TTF
[2003.05.11 18:35:08 | 000,052,556 | R--- | C] () -- C:\ProgramData\FELTPBI_.TTF
[2003.05.11 18:35:08 | 000,050,320 | R--- | C] () -- C:\ProgramData\FELTPB__.TTF
[2003.05.11 18:35:06 | 000,190,844 | R--- | C] () -- C:\ProgramData\CAMPBI__.TTF
[2003.05.11 18:35:06 | 000,050,144 | R--- | C] () -- C:\ProgramData\FELTP___.TTF
[2003.05.11 18:35:02 | 000,217,836 | R--- | C] () -- C:\ProgramData\CAMPBELL.TTF
[2003.05.11 18:34:58 | 000,179,608 | R--- | C] () -- C:\ProgramData\CAMPBBI_.TTF
[2003.05.11 18:34:56 | 000,201,572 | R--- | C] () -- C:\ProgramData\CAMPBB__.TTF
[2003.05.11 18:34:52 | 000,085,240 | R--- | C] () -- C:\ProgramData\BRODYI__.ttf
[2003.05.11 18:34:52 | 000,084,324 | R--- | C] () -- C:\ProgramData\BRODYBI_.ttf
[2003.05.11 18:34:50 | 000,080,648 | R--- | C] () -- C:\ProgramData\BRODYB__.ttf
[2003.05.11 18:34:48 | 000,079,500 | R--- | C] () -- C:\ProgramData\BRODY___.ttf
[2003.05.11 18:34:46 | 000,069,356 | R--- | C] () -- C:\ProgramData\BRADDON_.TTF
[2003.05.11 18:34:46 | 000,067,488 | R--- | C] () -- C:\ProgramData\BRADDI__.TTF
[2003.05.11 18:34:44 | 000,069,684 | R--- | C] () -- C:\ProgramData\BRADDBI_.TTF
[2003.05.11 18:34:42 | 000,068,656 | R--- | C] () -- C:\ProgramData\BRADDB__.TTF
[2003.01.15 11:00:00 | 000,074,772 | R--- | C] () -- C:\ProgramData\Eprg____.ttf
[2003.01.15 11:00:00 | 000,062,164 | R--- | C] () -- C:\ProgramData\Flair___.ttf
[2003.01.15 11:00:00 | 000,060,548 | R--- | C] () -- C:\ProgramData\Walba___.ttf
[2003.01.15 11:00:00 | 000,058,920 | R--- | C] () -- C:\ProgramData\Bodbc___.ttf
[2003.01.15 11:00:00 | 000,052,568 | R--- | C] () -- C:\ProgramData\Linea___.ttf
[2003.01.15 11:00:00 | 000,052,024 | R--- | C] () -- C:\ProgramData\Btlt____.ttf
[2003.01.15 11:00:00 | 000,051,952 | R--- | C] () -- C:\ProgramData\Btbd____.ttf
[2003.01.15 11:00:00 | 000,051,948 | R--- | C] () -- C:\ProgramData\Btxl___.ttf
[2003.01.15 11:00:00 | 000,051,948 | R--- | C] () -- C:\ProgramData\Btmd____.ttf
[2003.01.15 11:00:00 | 000,051,888 | R--- | C] () -- C:\ProgramData\Btul____.ttf
[2003.01.15 11:00:00 | 000,044,392 | R--- | C] () -- C:\ProgramData\Plbdc___.ttf
[2003.01.15 11:00:00 | 000,042,664 | R--- | C] () -- C:\ProgramData\Pl__x___.ttf
[2003.01.15 11:00:00 | 000,039,964 | R--- | C] () -- C:\ProgramData\Commef__.ttf
[2003.01.15 11:00:00 | 000,038,732 | R--- | C] () -- C:\ProgramData\Techef__.ttf
[2003.01.15 11:00:00 | 000,031,912 | R--- | C] () -- C:\ProgramData\Warnef__.ttf
[2003.01.15 11:00:00 | 000,021,384 | R--- | C] () -- C:\ProgramData\Textef__.ttf
[2002.10.10 21:09:52 | 000,022,040 | ---- | C] () -- C:\Windows\MSTMON_C.INI
[2002.09.04 04:38:42 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\MCMM___C.DLL
[2002.09.04 00:38:02 | 000,010,242 | ---- | C] () -- C:\Windows\MSUMLT_C.INI
[2002.09.04 00:38:02 | 000,001,407 | ---- | C] () -- C:\Windows\MSD4___C.INI
[2001.12.26 14:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001.09.03 21:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001.07.30 14:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001.07.23 20:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 16 bytes -> C:\Users\cHrIsTiNaLiCiOuS\Downloads:Shareaza.GUID
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C73F91B6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:99671BE2
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:FD34FE88
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54
< End of report >
         

Code: Alles auswählenAufklappen

ATTFilter

ComboScan v20070226.18 run by cHrIsTiNaLiCiOuS on 2010-03-15 at 01:56:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone -------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2010-03-15 01:56:34
Platform: Windows Vista Service Pack 2 (6.00.6002)
MSIE: Internet Explorer (8.0.6001.18882)

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Windows\SysWOW64\dllhost.exe
D:\Download\HiJackThis\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Download\OTL.exe
C:\Users\cHrIsTiNaLiCiOuS\AppData\Local\Temp\Rar$EX00.714\comboscan\comboscan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [a-squared] "C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files (x86)\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: Download with &Shareaza - res://E:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://62.146.191.133/atlas_activex.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{79EBB89B-0FD6-4B28-8211-DF67F56C1E97}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - "C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe"
O23 - Service: Acer HomeMedia Connect Service - "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
O23 - Service: Avira AntiVir Guard (AntiVirService) - "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
O23 - Service: Autodesk Licensing Service - "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe"
O23 - Service: Bonjour-Dienst (Bonjour Service) - "C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X64 (clr_optimization_v2.0.50727_64) - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
O23 - Service: eDataSecurity Service - "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"
O23 - Service: eRecovery Service (eRecoveryService) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service 64 - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
O23 - Service: HASP License Manager (hasplms) - C:\Windows\system32\hasplms.exe  -run
O23 - Service: iPod-Dienst (iPod Service) - "C:\Program Files (x86)\iPod\bin\iPodService.exe"
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
O23 - Service: Microsoft Office Groove Audit Service - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe"
O23 - Service: Nero BackItUp Scheduler 4.0 - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - C:\Windows\system32\nvvsvc.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
O23 - Service: Office Source Engine (ose) - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - C:\Windows\SysWOW64\perfhost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - "C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe"
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - C:\Windows\system32\svchost.exe -k LocalService


-- Files created between 2010-02-15 and 2010-03-15 ------------------------------



-- Find3M Report ----------------------------------------------------------------

2010-03-14 23:04:07         0 d-------- C:\Program Files (x86)\Mozilla Firefox<MOZILL~1>
2010-03-14 22:13:10         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Malwarebytes<MALWAR~1>
2010-03-14 22:03:28         0 d-------- C:\Program Files (x86)\VirusTotalUploader2<VIRUST~1>
2010-03-14 15:17:54         0 d-------- C:\Program Files (x86)\Microsoft Works<MICROS~2>
2010-03-14 15:17:37         0 d-------- C:\Program Files (x86)\MSBuild
2010-03-14 15:16:51         0 d-------- C:\Program Files (x86)\Microsoft.NET<MICROS~1.NET>
2010-03-14 15:15:05         0 d-------- C:\Program Files (x86)\Microsoft Visual Studio 8<MID05A~1>
2010-03-14 15:07:19         0 d-------- C:\Program Files (x86)\a-squared Anti-Malware<A-SQUA~1>
2010-03-14 15:03:53         0 d-------- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2<MOZILL~1.6BE>
2010-03-14 14:52:53       288 --a------ C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\wklnhst.dat
2010-03-14 14:43:52         0 d-------- C:\Program Files (x86)\Windows Live<WI1F86~1>
2010-03-14 14:43:14         0 d-------- C:\Program Files (x86)\Microsoft SQL Server Compact Edition<MICROS~4>
2010-03-14 14:42:30         0 d-------- C:\Program Files (x86)\Microsoft<MICROS~3>
2010-03-13 15:28:45         0 d-------- C:\Program Files (x86)\Windows Mail<WINDOW~1>
2010-03-12 22:11:50         0 d-------- C:\Program Files (x86)\Autodesk
2010-03-12 22:09:22         0 d-------- C:\Program Files (x86)\Common Files\Autodesk Shared<AUTODE~1>
2010-03-12 21:27:22       198 --a------ C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\default.rss
2010-03-12 21:25:24         0 d-------- C:\Program Files (x86)\Rhinoceros 4.0<RHINOC~1.0>
2010-03-12 20:18:49         0 d-------- C:\Program Files (x86)\Common Files\McNeel Shared<MCNEEL~1>
2010-03-12 17:33:27         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Autodesk
2010-03-11 17:28:52         0 d-------- C:\Program Files (x86)\Common Files\Nero
2010-03-10 21:31:25         0 d-------- C:\Program Files (x86)\SweetIM
2010-03-10 21:28:50         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Any Video Converter<ANYVID~1>
2010-03-10 21:27:50         0 d--h----- C:\Program Files (x86)\InstallShield Installation Information<INSTAL~1>
2010-03-10 21:27:32         0 d-------- C:\Program Files (x86)\Creative
2010-03-10 20:35:27         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Nero
2010-03-10 20:31:07         0 d-------- C:\Program Files (x86)\Nero
2010-03-10 18:40:13         0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard<WISEIN~1>
2010-03-09 18:12:58         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\DICAD_Systeme_GmbH<DICAD_~1>
2010-03-09 17:57:28         0 d-------- C:\Program Files (x86)\Common Files\Aladdin Shared<ALADDI~1>
2010-03-08 23:24:44         0 d---s---- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Microsoft<MICROS~1>
2010-03-08 23:24:32         0 d-------- C:\Program Files (x86)\Common Files\Acronis
2010-03-08 23:19:13         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Acronis
2010-03-08 17:57:51         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\GetRightToGo<GETRIG~1>
2010-03-08 13:28:38         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\LimeWire
2010-03-01 19:57:56         0 d-------- C:\Program Files (x86)\AviSynth 2.5<AVISYN~1.5>
2010-02-21 00:06:41     24064 --a------ C:\Windows\system32\nshhttp.dll
2010-02-21 00:05:14     30720 --a------ C:\Windows\system32\httpapi.dll
2010-02-02 16:51:38         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Shareaza
2010-01-26 17:56:49         0 dr-h----- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\SecuROM
2010-01-25 13:00:35    152576 --a------ C:\Windows\system32\secproc_ssp_isv.dll
2010-01-25 13:00:35    152064 --a------ C:\Windows\system32\secproc_ssp.dll
2010-01-25 13:00:35    471552 --a------ C:\Windows\system32\secproc_isv.dll
2010-01-25 13:00:22    471552 --a------ C:\Windows\system32\secproc.dll
2010-01-25 12:58:52    332288 --a------ C:\Windows\system32\msdrm.dll
2010-01-25 09:21:20    346624 --a------ C:\Windows\system32\RMActivate_ssp_isv.exe
2010-01-25 09:21:20    526336 --a------ C:\Windows\system32\RMActivate_isv.exe
2010-01-25 09:21:18    347136 --a------ C:\Windows\system32\RMActivate_ssp.exe
2010-01-25 09:21:18    518144 --a------ C:\Windows\system32\RMActivate.exe
2010-01-23 10:26:13      2048 --a------ C:\Windows\system32\tzres.dll
2010-01-22 22:01:06    348160 --a------ C:\Windows\system32\msvcr71.dll
2010-01-22 22:00:57         0 d-------- C:\Program Files (x86)\Common Files\DVDVideoSoft<DVDVID~1>
2010-01-22 16:43:17         0 d-------- C:\Program Files (x86)\CoreAAC
2010-01-21 09:09:09         0 d-------- C:\Program Files (x86)\Microsoft Silverlight<MI2020~1>
2010-01-19 18:24:05         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\IMSIDesign<IMSIDE~1>
2010-01-18 22:59:08         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\uTorrent
2010-01-18 21:35:48         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Azureus
2010-01-17 16:26:59         6 --ahs---- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\desktop.ini
2010-01-17 16:15:25         0 d-------- C:\Program Files (x86)\BearShare Applications<BEARSH~1>
2010-01-17 16:09:12         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\Mozilla
2010-01-17 14:14:59         0 d-------- C:\Users\cHrIsTiNaLiCiOuS\AppData\Roaming\SZMaster
2010-01-15 15:58:14    796672 --a------ C:\Windows\GPInstall.exe<GPINST~1.EXE>
2010-01-12 17:44:17     29480 --a------ C:\Windows\system32\msxml3a.dll
2010-01-12 17:44:16    505128 --a------ C:\Windows\system32\msvcp71.dll
2010-01-06 16:39:38   1696256 --a------ C:\Windows\system32\gameux.dll
2010-01-06 16:38:47     28672 --a------ C:\Windows\system32\Apphlpdm.dll
2010-01-06 14:30:41   4240384 --a------ C:\Windows\system32\GameUXLegacyGDFs.dll
2010-01-02 07:36:10    206848 --a------ C:\Windows\system32\occache.dll
2010-01-02 07:33:32     55296 --a------ C:\Windows\system32\msfeedsbs.dll
2010-01-02 07:33:32    594432 --a------ C:\Windows\system32\msfeeds.dll
2010-01-02 07:32:33    164352 --a------ C:\Windows\system32\ieui.dll
2010-01-02 07:32:33    109056 --a------ C:\Windows\system32\iesysprep.dll
2010-01-02 07:32:33     71680 --a------ C:\Windows\system32\iesetup.dll
2010-01-02 07:32:33   1985536 --a------ C:\Windows\system32\iertutil.dll
2010-01-02 07:32:32     55808 --a------ C:\Windows\system32\iernonce.dll
2010-01-02 07:32:32  11070464 --a------ C:\Windows\system32\ieframe.dll
2010-01-02 07:32:26    387584 --a------ C:\Windows\system32\iedkcs32.dll
2010-01-02 05:57:00    133632 --a------ C:\Windows\system32\ieUnatt.exe
2010-01-02 05:56:50    173056 --a------ C:\Windows\system32\ie4uinit.exe
2010-01-02 05:56:14     13312 --a------ C:\Windows\system32\msfeedssync.exe
2009-12-30 13:30:20   1568768 --a------ C:\Windows\bsdsetup.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"MtdAcq"="C:\\Program Files (x86)\\Creative\\Shared Files\\Media Sniffer\\MtdAcq.exe /s"
"WMPNSCFG"="C:\\Program Files (x86)\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PCMMediaSharing"="\"C:\\Program Files (x86)\\Acer Arcade Live\\Acer HomeMedia Connect\\Kernel\\DMS\\PCMMediaSharing.exe\""
"WarReg_PopUp"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe"
"avgnt"="\"C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Java\\jre6\\bin\\jusched.exe\""
"SweetIM"="C:\\Program Files (x86)\\SweetIM\\Messenger\\SweetIM.exe"
"VirtualCloneDrive"="\"e:\\Program Files (x86)\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"a-squared"="\"C:\\Program Files (x86)\\a-squared Anti-Malware\\a2guard.exe\""
"GrooveMonitor"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
	

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000001
"ForceActiveDesktopOn"=dword:00000000
"BindDirectlyToPropertySetStorage"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalSystemNetworkRestricted	REG_MULTI_SZ   	hidserv\0Netman\0AudioEndpointBuilder\0dot3svc\0WPDBusEnum\0wlansvc\0\0
termsvcs	REG_MULTI_SZ   	TermService\0\0
LocalService	REG_MULTI_SZ   	NSI\0SSDPSRV\0upnphost\0SCardSvr\0RemoteRegistry\0WinHttpAutoProxySvc\0TBS\0SLUINotify\0netprofm\0QWAVE\0WebClient\0\0
rpcss	REG_MULTI_SZ   	RpcSs\0\0
LocalServiceNetworkRestricted	REG_MULTI_SZ   	AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
wcssvc	REG_MULTI_SZ   	WcsPlugInService\0\0
DcomLaunch	REG_MULTI_SZ   	PlugPlay\0DcomLaunch\0\0
NetworkService	REG_MULTI_SZ   	DHCP\0TermService\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
imgsvc	REG_MULTI_SZ   	StiSvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
CertPropSvc
SCPolicySvc
gpsvc
LogonHours
PCAudit
iphlpsvc
msiscsi
SessionEnv



-- End of ComboScan: finished at 2010-03-15 at 01:57:29 -------------------------
         

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:13:48, on 15.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Download\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [a-squared] "C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files (x86)\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Download with &Shareaza - res://E:\Program Files (x86)\Shareaza\RazaWebHook64.dll/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://62.146.191.133/atlas_activex.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EBB89B-0FD6-4B28-8211-DF67F56C1E97}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9903 bytes
         

Hi,

poste das Log von MAM noch...

Du hast sehr viel Filesharing-Sw am Laufen, Bearshare würde ich auf jeden Fall komplett entfernen:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.bearshare.com/
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)

Folgendes File suchen und bei virustotal.com prüfen lassen:
O4 - Global Startup: ASETRES.EXE

Ein Active-X das geladen wird (kennst Du das? Sonst mit HJ fixen lassen):
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - hxxp://62.146.191.133/atlas_activex.dll

Fixen HJ:
Hijackthis, fixen:
Öffne das HijackThis -- Button "scan" -- vor den unten genannten Einträge(n) Häkchen setzen -- Button "Fix checked" -- PC neustarten
Achtung: Alle Anwendungen bis auf HJ müssen geschlossen sein, ein eventuell aktiver Teatimer von Spybot muss unbedingt deaktiviert sein!)

Code: Alles auswählenAufklappen

ATTFilter

O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} (ActiveXControl Object) - http://62.146.191.133/atlas_activex.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - E:\Program Files (x86)\Shareaza\RazaWebHook32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.7.16.dll (file missing)
         

Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

Das mit dem Virustotal.com funktioniert nicht, da ich nichts hochladen kann. In dem weißen Feld kann ich nichtmal reinschreiben. Gibt es noch eine gleichwertige Seite, auf der man das überprüfen lassen kann?
Ich habe auch das Programm Killbox runtergeladen, ist das empfehlenswert?

Ich kann leider erstmal nicht weitermachen, da ich ein paar Tage über wegfahre. Am Donnerstag Abend komme ich wieder. Bist du am Donnerstag dann auch so gegen 21 Uhr hier im Forum online um das Thema weiterzuführen?

Aber Danke schonmal für deine Hilfe bis jetzt!

Hi,

http://virusscan.jotti.org/de
Bin heute den ganzen Tag unterwegs, werde den Notebook mitnehmen (Do)...

Hast Du CureIT laufen lassen? Poste bitte das Log...
(Falls die Log Datei ist sehr groß ist, benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.)

chris

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:08:17, on 18.03.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Users\cHrIsTiNaLiCiOuS\Desktop\etwas\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1008&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EBB89B-0FD6-4B28-8211-DF67F56C1E97}: NameServer = 139.7.30.126 139.7.30.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8926 bytes
         

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.44
Database version: 3868
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

15.03.2010 22:36:19
mbam-log-2010-03-15 (22-36-19).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 338339
Time elapsed: 49 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)