| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor und Security SuiteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.09.2010, 21:50
| #61 |
  |  Antimalware Doctor und Security Suite Ja. Packe den Ordner c:\qoobox mit ZIP oder RAR. Lade das Archiv bei einem Filehoster hoch (z.B. www.file-upload.net) und schicke mir den Link als Private Nachricht. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer.  Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
01.09.2010, 23:43
| #62 |
 | Antimalware Doctor und Security Suite OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 02.09.2010 00:38:15 - Run 5 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Eva-Maria\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 291,33 Gb Free Space | 63,89% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: EVA-MARIAS-PC Current User Name: Eva-Maria Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Users\Eva-Maria\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Secunia\PSI\psi.exe (Secunia) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Eva-Maria\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MpfService) -- File not found SRV - (McSysmon) -- File not found SRV - (McShield) -- File not found SRV - (McNASvc) -- File not found SRV - (McAfee SiteAdvisor Service) -- File not found SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.01.24 22:22:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.29 12:16:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.29 12:32:35 | 000,000,000 | ---D | M] [2010.08.30 14:31:03 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Extensions [2010.08.30 14:31:07 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\u9xsvhkb.default\extensions [2010.08.30 14:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\u9xsvhkb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.30 14:31:07 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\u9xsvhkb.default\extensions\staged-xpis [2010.08.30 14:31:10 | 000,000,687 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\u9xsvhkb.default\searchplugins\icq-search.xml [2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\u9xsvhkb.default\searchplugins\icqplugin.gif [2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\u9xsvhkb.default\searchplugins\icqplugin.src [2010.08.29 12:19:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.19 21:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.03.23 18:14:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.29 12:19:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.04.11 00:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2010.08.29 12:18:50 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.31 02:11:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - Startup: C:\Users\Eva-Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Eva-Maria\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Eva-Maria\Pictures\2010\Sonnenrot\37544_139724646055413_111409868886891_321838_7061603_n.jpg O24 - Desktop BackupWallPaper: C:\Users\Eva-Maria\Pictures\2010\Sonnenrot\37544_139724646055413_111409868886891_321838_7061603_n.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.02 00:32:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.09.02 00:32:49 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Local\temp [2010.09.02 00:32:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.09.02 00:20:16 | 000,000,000 | ---D | C] -- C:\cofi3059c [2010.09.02 00:19:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.08.31 20:10:14 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.08.29 23:04:21 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.08.29 12:29:43 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2010.08.29 12:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.08.29 12:20:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.08.29 12:19:32 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.08.29 12:19:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.29 12:19:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.29 12:19:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.08.29 12:18:21 | 000,000,000 | ---D | C] -- C:\Programme\Secunia [2010.08.29 11:49:34 | 000,000,000 | ---D | C] -- C:\cofi15611c [2010.08.28 03:35:26 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.08.28 03:35:26 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.08.28 00:42:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.28 00:42:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.28 00:42:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.28 00:42:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.28 00:42:13 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.28 00:42:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.28 00:42:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.28 00:42:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.28 00:42:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.28 00:42:09 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.28 00:42:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.28 00:42:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.28 00:42:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.28 00:42:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.28 00:42:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.28 00:33:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2010.08.28 00:33:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2010.08.28 00:33:52 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2010.08.28 00:33:52 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2010.08.28 00:33:52 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2010.08.28 00:33:52 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2010.08.28 00:33:52 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2010.08.28 00:33:51 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.08.28 00:33:51 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2010.08.28 00:33:51 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2010.08.28 00:33:51 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.08.28 00:33:50 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2010.08.28 00:33:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2010.08.28 00:33:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2010.08.28 00:33:50 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2010.08.28 00:33:49 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.08.28 00:33:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2010.08.28 00:33:48 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2010.08.28 00:33:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.08.28 00:33:46 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2010.08.28 00:33:46 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2010.08.28 00:33:46 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2010.08.28 00:33:46 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2010.08.28 00:33:46 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2010.08.28 00:33:46 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe [2010.08.28 00:31:48 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2010.08.27 23:34:23 | 000,000,000 | ---D | C] -- C:\cofi [2010.08.27 23:24:19 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.27 23:23:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.08.27 23:23:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.08.27 23:23:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.08.27 23:22:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.27 23:20:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.08.27 20:06:12 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Eva-Maria\Desktop\OTL.exe [2010.08.27 09:33:24 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Local\Windows [2010.08.26 10:37:56 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\temp [2010.08.25 16:26:51 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\Microsoft [2010.08.14 14:39:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.14 14:39:22 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.14 14:39:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.14 14:38:56 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.14 14:38:54 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2009.07.21 10:28:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.02 00:40:38 | 004,980,736 | -HS- | M] () -- C:\Users\Eva-Maria\ntuser.dat [2010.09.02 00:37:45 | 000,006,836 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat [2010.09.02 00:37:08 | 000,524,288 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.02 00:37:08 | 000,065,536 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.02 00:36:57 | 003,151,654 | -H-- | M] () -- C:\Users\Eva-Maria\AppData\Local\IconCache.db [2010.09.02 00:30:20 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.09.02 00:30:15 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{67F42434-13A1-4949-BC57-7301C908FC3C}.job [2010.09.02 00:04:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.02 00:04:21 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.01 22:04:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.01 22:04:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.31 20:10:14 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.08.31 02:11:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.08.31 01:59:30 | 003,831,151 | R--- | M] () -- C:\Users\Eva-Maria\Desktop\cofi.exe [2010.08.31 01:54:15 | 000,000,808 | ---- | M] () -- C:\Users\Eva-Maria\Desktop\CCleaner.lnk [2010.08.29 23:20:21 | 336,965,288 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.08.29 19:07:11 | 000,000,566 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Eva-Maria.job [2010.08.29 15:18:45 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.08.29 12:44:51 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010.08.29 12:32:36 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.29 12:18:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.29 12:18:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.29 12:18:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.08.29 12:18:45 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.08.29 12:16:36 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.28 12:22:32 | 000,044,032 | -H-- | M] () -- C:\Users\Eva-Maria\Documents\photothumb.db [2010.08.28 12:03:38 | 000,033,792 | -H-- | M] () -- C:\Users\Eva-Maria\photothumb.db [2010.08.28 00:05:46 | 000,114,688 | ---- | M] (Abstract Software) -- C:\Users\Public\Desktop\Internet-Erlebniswelt.exe [2010.08.27 23:32:44 | 000,059,414 | ---- | M] () -- C:\Users\Eva-Maria\Documents\cc_20100827_233155.reg [2010.08.27 21:51:49 | 000,409,387 | ---- | M] () -- C:\Users\Eva-Maria\Documents\IMG_27082010_214730.png [2010.08.27 16:13:04 | 000,139,264 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.27 10:03:12 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.25 16:42:53 | 000,071,337 | ---- | M] () -- C:\Users\Eva-Maria\Documents\rockamsee.odt [2010.08.25 16:32:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Eva-Maria\Desktop\OTL.exe [2010.08.25 16:32:12 | 000,321,536 | ---- | M] (Freakhouse Multimedia GmbH) -- C:\Users\Eva-Maria\Desktop\Klick.exe [2010.08.21 16:01:40 | 000,002,109 | ---- | M] () -- C:\Users\Eva-Maria\Desktop\Google Chrome.lnk [2010.08.19 21:05:43 | 000,185,311 | ---- | M] () -- C:\Users\Eva-Maria\trinkspiel.jpg [2010.08.17 18:25:07 | 000,002,784 | ---- | M] () -- C:\Users\Eva-Maria\.recently-used.xbel [2010.08.17 15:08:59 | 000,001,036 | ---- | M] () -- C:\Users\Eva-Maria\Desktop\DVDVideoSoft Free Studio.lnk [2010.08.15 16:23:56 | 000,327,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.31 20:10:14 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.08.29 23:20:21 | 336,965,288 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.08.29 12:44:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.08.29 12:32:35 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.29 12:16:36 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.29 12:13:09 | 000,064,092 | ---- | C] () -- C:\Users\Eva-Maria\combofix.txt [2010.08.29 11:48:31 | 000,002,055 | ---- | C] () -- C:\Users\Eva-Maria\cfscript.txt [2010.08.28 10:20:26 | 000,000,434 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{67F42434-13A1-4949-BC57-7301C908FC3C}.job [2010.08.28 00:38:36 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.08.27 23:31:57 | 000,059,414 | ---- | C] () -- C:\Users\Eva-Maria\Documents\cc_20100827_233155.reg [2010.08.27 23:24:21 | 000,000,808 | ---- | C] () -- C:\Users\Eva-Maria\Desktop\CCleaner.lnk [2010.08.27 23:23:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.08.27 23:23:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.08.27 23:23:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.08.27 23:23:01 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.08.27 23:23:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.08.27 23:20:55 | 003,831,151 | R--- | C] () -- C:\Users\Eva-Maria\Desktop\cofi.exe [2010.08.27 21:51:46 | 000,409,387 | ---- | C] () -- C:\Users\Eva-Maria\Documents\IMG_27082010_214730.png [2010.08.25 16:42:50 | 000,071,337 | ---- | C] () -- C:\Users\Eva-Maria\Documents\rockamsee.odt [2010.08.19 21:05:43 | 000,185,311 | ---- | C] () -- C:\Users\Eva-Maria\trinkspiel.jpg [2010.08.17 18:25:07 | 000,002,784 | ---- | C] () -- C:\Users\Eva-Maria\.recently-used.xbel [2010.07.19 21:07:50 | 000,000,024 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Roaming\vdnxlf.dat [2010.04.26 20:49:01 | 000,000,032 | ---- | C] () -- C:\Windows\wininit.ini [2010.04.20 18:40:12 | 000,000,100 | --S- | C] () -- C:\Users\Eva-Maria\AppData\Local\1711337819.dat [2010.04.14 12:55:09 | 000,000,552 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d8caps.dat [2010.01.07 12:13:38 | 000,151,008 | ---- | C] () -- C:\Users\Eva-Maria\Orial Bold.ttf [2010.01.05 22:54:27 | 000,000,088 | ---- | C] () -- C:\Users\Eva-Maria\VISIT DIRT2.COM FOR USAGE.txt [2010.01.05 22:54:20 | 000,008,128 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.otf [2010.01.05 22:52:41 | 000,008,280 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.otf [2010.01.05 22:25:26 | 000,011,496 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.ttf [2010.01.05 11:53:00 | 000,050,566 | ---- | C] () -- C:\Users\Eva-Maria\littlebliss.jpg [2010.01.05 11:33:10 | 000,011,528 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.ttf [2009.12.24 23:46:26 | 000,001,089 | ---- | C] () -- C:\Users\Eva-Maria\ScriptSERIF - READ ME.txt [2009.12.23 15:46:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2009.12.23 15:46:43 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.12.23 15:36:08 | 000,113,152 | ---- | C] () -- C:\Users\Eva-Maria\1031.MST [2009.12.23 15:36:08 | 000,015,832 | ---- | C] () -- C:\Users\Eva-Maria\0x0407.ini [2009.12.23 15:35:58 | 097,979,392 | ---- | C] () -- C:\Users\Eva-Maria\Samsung New PC Studio.msi [2009.12.22 20:40:18 | 000,298,828 | ---- | C] () -- C:\Users\Eva-Maria\script_serif.ttf [2009.12.22 20:30:56 | 000,280,209 | ---- | C] () -- C:\Users\Eva-Maria\scriptSERIF_sample.jpg [2009.12.22 20:04:42 | 000,242,864 | ---- | C] () -- C:\Users\Eva-Maria\script_serif_riptrash.ttf [2009.11.15 12:45:44 | 000,537,011 | ---- | C] () -- C:\Users\Eva-Maria\ billy argel beyaond sky font.jpg [2009.11.15 12:37:34 | 000,516,096 | ---- | C] () -- C:\Users\Eva-Maria\BEYONDSKTRIAL.ttf [2009.11.15 11:19:36 | 000,000,134 | ---- | C] () -- C:\Users\Eva-Maria\READ ME.txt [2009.09.24 15:39:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.20 11:21:32 | 000,033,792 | -H-- | C] () -- C:\Users\Eva-Maria\photothumb.db [2009.09.17 13:25:41 | 000,087,349 | ---- | C] () -- C:\Users\Eva-Maria\0405_09780_happy_birthday.jpg [2009.09.13 01:03:19 | 000,242,200 | ---- | C] () -- C:\Users\Eva-Maria\acer-code.jpg [2009.09.03 15:46:08 | 000,002,712 | ---- | C] () -- C:\Users\Eva-Maria\JOEBOB graphics free trial font users license.txt [2009.08.26 08:27:16 | 000,006,836 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat [2009.08.25 23:47:23 | 000,001,072 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Roaming\wklnhst.dat [2009.08.22 01:11:33 | 000,139,264 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.12 17:41:40 | 004,980,736 | -HS- | C] () -- C:\Users\Eva-Maria\ntuser.dat [2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.08.12 17:41:40 | 000,262,144 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG1 [2009.08.12 17:41:40 | 000,065,536 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.08.12 17:41:40 | 000,000,020 | -HS- | C] () -- C:\Users\Eva-Maria\ntuser.ini [2009.08.12 17:41:40 | 000,000,000 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG2 [2009.07.21 10:16:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.07.21 10:16:20 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2009.07.21 01:52:22 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.07.21 01:44:57 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.07.21 01:44:56 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.04.26 15:05:36 | 000,521,608 | ---- | C] () -- C:\Users\Eva-Maria\vtks Deja Vu.ttf [2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.03.12 05:26:46 | 000,004,516 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2008.10.26 15:03:52 | 000,147,604 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.ttf [2008.10.26 15:03:52 | 000,104,352 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.otf [2008.01.21 04:23:43 | 000,009,232 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\acleditu.dat [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.12.10 07:56:24 | 000,047,272 | ---- | C] () -- C:\Users\Eva-Maria\FairyDustB.ttf [2005.10.23 22:46:42 | 000,057,560 | ---- | C] () -- C:\Users\Eva-Maria\Anywhere.ttf [2005.08.04 09:28:04 | 000,000,286 | ---- | C] () -- C:\Users\Eva-Maria\readme.txt [2005.08.04 09:23:30 | 000,193,572 | ---- | C] () -- C:\Users\Eva-Maria\kiralynn__.ttf [2005.05.11 03:39:36 | 000,085,808 | ---- | C] () -- C:\Users\Eva-Maria\MINUS___.TTF [2005.03.04 19:40:38 | 000,039,648 | ---- | C] () -- C:\Users\Eva-Maria\konanur.ttf [2004.10.27 20:24:44 | 000,034,788 | ---- | C] () -- C:\Users\Eva-Maria\Flat Earth Scribe.ttf [2000.07.13 11:12:46 | 000,000,430 | ---- | C] () -- C:\Users\Eva-Maria\font info.txt [1998.10.01 23:13:48 | 000,084,704 | ---- | C] () -- C:\Users\Eva-Maria\Kelt Caps Freehand.ttf ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report > iwie krieg ich combofix nicht deinstalliert wenn ich das bei ausführen eingebe...dann macht es nur einen durchlauf |
|
02.09.2010, 10:17
| #63 |
| | Antimalware Doctor und Security Suite wie entpacke ich den ganzen ordner? geht das? oder muss ich alle dateien die dort angezeigt werden einzeln nehmen? oder muss ich den ordner "archivieren und versenden" ??
__________________ |
|
02.09.2010, 20:43
| #64 |
| | Antimalware Doctor und Security Suite 1.) Starte den Windowsexplorer => Mausklick rechts auf den Ordner c:\qoobox => Senden an => ZIP komprimierten Ordner 2.) Lade dir anschließend (nur wenn der erste Schritt funktioniert hat) den Anhang auf deinen Desktop und starte ihn mit Doppelklick. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
03.09.2010, 02:02
| #65 |
| | Antimalware Doctor und Security Suite ok, also den zip-ordner hab ich jetztm, aber wenn ich schritt 2 machen will nachdem ich die datei runtergeladen habe, kommt dies hier: Windows hat die folgenden Informationen zu diesem Dateityp. Diese Seite unterstützt Sie bei der Suche nach Software zum Öffnen dieser Datei. Dateityp: Unknown Beschreibung: Dieser Dateityp wird von Windows nicht erkannt. |
|
03.09.2010, 02:02
| #66 |
| | Antimalware Doctor und Security Suite hxxp://www.file-upload.net/download-2794609/Qoobox.zip.html |
|
03.09.2010, 17:28
| #67 |
| | Antimalware Doctor und Security Suite Dein Link macht mich mehr als nur ein bisschen nervös. Mal abgesehen davon, dass du ihn eigentlich als Private Nachricht schicken solltest. enthält die Datei nichts als Müll. Keine der (verdächtigen) Dateien, die von CF als gelöscht gemeldet worden ist, lässt dich dort finden. Ist dein Antivirenprogramm angeprungen und hat haufenweise Dateien gelöscht, dich ich dringend benötige, um dich zu bereinigen? ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
03.09.2010, 23:48
| #68 |
| | Antimalware Doctor und Security Suite uups stimmt :/ hm ja, kann sein...dh? was soll ich nun machen? |
|
06.09.2010, 19:29
| #69 |
| | Antimalware Doctor und Security Suite 1.) Mit Online-Scans kann man den kompletten Rechner auf Schädlinge prüfen lassen. Nimm am besten gleich den Internet Explorer. Vorbereitung
ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
2.) Kaspersky - Onlinescanner Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware. ---> hier herunterladen => Kaspersky Online Scanner => Hinweise zu älteren Versionen beachten! => Voraussetzung: Internet Explorer 6.0 oder höher => die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter => Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken => Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als => Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten => Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen 3.) Überprüfe den Rechner mit PrevXCSI. Poste ein Screenshot falls etwas gefunden werden sollte oder poste Namen und Pfade. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
08.09.2010, 08:08
| #70 |
| | Antimalware Doctor und Security Suite hm irgendwie is der log kein wirklicher log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK uund: Kaspersky Online Scanner Tut uns leid! Der Kaspersky Online Scanner wird gerade überarbeitet und ist deshalb nicht verfügbar. In Kürze wird er mit vielen Detail-Verbesserungen wieder online gehen. :/ |
|
08.09.2010, 19:17
| #71 |
| | Antimalware Doctor und Security Suite Das waren nur noch Kontrollscans und sind nicht unbedingt notwendig. Poste die beiden Logs von OTL. Wie geht es dem Rechner? Gibt es noch irgendwelche Auffälligkeiten oder Meldungen? ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
08.09.2010, 23:45
| #72 |
| | Antimalware Doctor und Security Suite OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.09.2010 00:23:30 - Run 6 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Eva-Maria\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 279,01 Gb Free Space | 61,19% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 491,73 Mb Total Space | 487,91 Mb Free Space | 99,22% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: EVA-MARIAS-PC Current User Name: Eva-Maria Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.09.02 00:37:31 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\EVA-MA~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010.08.27 23:59:00 | 000,282,624 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Programme\AmIcoSingLun\AmIcoSinglun.exe PRC - [2010.08.25 16:32:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Eva-Maria\Desktop\OTL.exe PRC - [2010.08.18 03:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Eva-Maria\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2010.06.01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\msseces.exe PRC - [2010.04.28 15:06:24 | 010,358,568 | ---- | M] (Apple Inc.) -- C:\Programme\iTunes\iTunes.exe PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Essentials\MsMpEng.exe PRC - [2009.09.10 16:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.06.23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009.03.19 17:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\LastFM.exe PRC - [2009.03.11 02:48:30 | 006,957,600 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.02.24 02:16:02 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008.09.23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe ========== Modules (SafeList) ========== MOD - [2010.08.25 16:32:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Eva-Maria\Desktop\OTL.exe MOD - [2009.06.23 17:19:38 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (MpfService) SRV - File not found [On_Demand | Stopped] -- -- (McSysmon) SRV - File not found [Unknown | Stopped] -- -- (McShield) SRV - File not found [Auto | Stopped] -- -- (McNASvc) SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service) SRV - [2010.08.28 00:01:38 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.09.23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008.09.23 15:11:32 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2010.07.07 16:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.03.25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter) DRV - [2010.03.25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.26 01:48:32 | 000,015,360 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009.03.11 02:21:12 | 002,338,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.02.21 04:10:00 | 000,153,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2009.01.28 09:51:40 | 004,303,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.12.30 00:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.12.05 08:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.12.02 23:48:18 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR) DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.31 03:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:23 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006.11.03 07:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.01.24 22:22:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.29 12:16:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.29 12:32:35 | 000,000,000 | ---D | M] [2010.08.30 14:31:03 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Extensions [2010.09.05 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\u9xsvhkb.default\extensions [2010.09.02 14:48:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\u9xsvhkb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.05 21:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\u9xsvhkb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.09.05 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\u9xsvhkb.default\extensions\staged-xpis [2010.08.30 14:31:10 | 000,000,687 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\u9xsvhkb.default\searchplugins\icq-search.xml [2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\u9xsvhkb.default\searchplugins\icqplugin.gif [2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\u9xsvhkb.default\searchplugins\icqplugin.src [2010.08.29 12:19:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.19 21:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.03.23 18:14:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.08.29 12:19:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.04.11 00:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2010.08.29 12:18:50 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.31 02:11:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - Startup: C:\Users\Eva-Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Eva-Maria\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Eva-Maria\Pictures\2010\Sonnenrot\37544_139724646055413_111409868886891_321838_7061603_n.jpg O24 - Desktop BackupWallPaper: C:\Users\Eva-Maria\Pictures\2010\Sonnenrot\37544_139724646055413_111409868886891_321838_7061603_n.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.08.27 23:57:58 | 000,008,482 | RHS- | M] () - F:\autorun.inf -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.07 21:39:03 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.09.02 11:11:28 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.09.02 00:41:22 | 000,000,000 | --SD | C] -- C:\cofi1041c [2010.09.02 00:32:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.09.02 00:32:49 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Local\temp [2010.09.02 00:32:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.09.02 00:20:16 | 000,000,000 | ---D | C] -- C:\cofi3059c [2010.09.02 00:19:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.08.31 20:10:14 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.08.29 23:04:21 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.08.29 12:29:43 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2010.08.29 12:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.08.29 12:20:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.08.29 12:19:32 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.08.29 12:19:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.29 12:19:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.29 12:19:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.08.29 12:18:21 | 000,000,000 | ---D | C] -- C:\Programme\Secunia [2010.08.29 11:49:34 | 000,000,000 | ---D | C] -- C:\cofi15611c [2010.08.28 03:35:26 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.08.28 03:35:26 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.08.28 00:42:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.28 00:42:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.28 00:42:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.28 00:42:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.28 00:42:13 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.28 00:42:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.28 00:42:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.28 00:42:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.28 00:42:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.28 00:42:09 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.28 00:42:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.28 00:42:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.28 00:42:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.28 00:42:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.28 00:42:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.28 00:33:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2010.08.28 00:33:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2010.08.28 00:33:52 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2010.08.28 00:33:52 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2010.08.28 00:33:52 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2010.08.28 00:33:52 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2010.08.28 00:33:52 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2010.08.28 00:33:51 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.08.28 00:33:51 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2010.08.28 00:33:51 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2010.08.28 00:33:51 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.08.28 00:33:50 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2010.08.28 00:33:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2010.08.28 00:33:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2010.08.28 00:33:50 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2010.08.28 00:33:49 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.08.28 00:33:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2010.08.28 00:33:48 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2010.08.28 00:33:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.08.28 00:33:46 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2010.08.28 00:33:46 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2010.08.28 00:33:46 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2010.08.28 00:33:46 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2010.08.28 00:33:46 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2010.08.28 00:33:46 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe [2010.08.28 00:31:48 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2010.08.27 23:34:23 | 000,000,000 | ---D | C] -- C:\cofi [2010.08.27 23:24:19 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.27 23:23:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.08.27 23:23:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.08.27 23:23:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.08.27 23:22:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.27 23:20:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.08.27 20:06:12 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Eva-Maria\Desktop\OTL.exe [2010.08.27 09:33:24 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Local\Windows [2010.08.26 10:37:56 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\temp [2010.08.25 16:26:51 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\Microsoft [2010.08.14 14:39:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.14 14:39:22 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.14 14:39:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.14 14:38:56 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.14 14:38:54 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2009.07.21 10:28:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.09 00:26:50 | 004,980,736 | -HS- | M] () -- C:\Users\Eva-Maria\ntuser.dat [2010.09.09 00:25:23 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{67F42434-13A1-4949-BC57-7301C908FC3C}.job [2010.09.08 23:50:39 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.08 23:50:39 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.08 23:50:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.08 23:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.08 19:36:41 | 000,524,288 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.08 19:36:41 | 000,065,536 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.08 17:39:46 | 000,006,836 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat [2010.09.08 09:14:27 | 003,749,455 | -H-- | M] () -- C:\Users\Eva-Maria\AppData\Local\IconCache.db [2010.09.04 15:52:22 | 000,296,559 | ---- | M] () -- C:\Users\Eva-Maria\Documents\barcelona miro, dali.odt [2010.09.04 15:49:17 | 000,023,715 | ---- | M] () -- C:\Users\Eva-Maria\Documents\stilllife with old shoe.jpg [2010.09.04 15:31:38 | 000,040,222 | ---- | M] () -- C:\Users\Eva-Maria\Documents\joan-miro-the-garden2.jpg [2010.09.04 15:27:20 | 000,143,326 | ---- | M] () -- C:\Users\Eva-Maria\Documents\the_persistence_of_memory_1931_salvador_dali.jpg [2010.09.04 15:16:18 | 000,020,784 | ---- | M] () -- C:\Users\Eva-Maria\Documents\08-salvador-dali-mustache-2.jpg [2010.09.04 15:01:57 | 000,016,072 | ---- | M] () -- C:\Users\Eva-Maria\Documents\688-1.jpg [2010.09.03 03:00:14 | 001,356,838 | ---- | M] () -- C:\Users\Eva-Maria\Desktop\Qoobox.zip [2010.09.02 00:30:20 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.08.31 20:10:14 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.08.31 02:11:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.08.31 01:59:30 | 003,831,151 | R--- | M] () -- C:\Users\Eva-Maria\Desktop\cofi.exe [2010.08.31 01:54:15 | 000,000,808 | ---- | M] () -- C:\Users\Eva-Maria\Desktop\CCleaner.lnk [2010.08.29 23:20:21 | 336,965,288 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.08.29 19:07:11 | 000,000,566 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Eva-Maria.job [2010.08.29 15:18:45 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.08.29 12:44:51 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010.08.29 12:32:36 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.29 12:18:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.08.29 12:18:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.08.29 12:18:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.08.29 12:18:45 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.08.29 12:16:36 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.28 12:22:32 | 000,044,032 | -H-- | M] () -- C:\Users\Eva-Maria\Documents\photothumb.db [2010.08.28 12:03:38 | 000,033,792 | -H-- | M] () -- C:\Users\Eva-Maria\photothumb.db [2010.08.28 00:05:46 | 000,114,688 | ---- | M] (Abstract Software) -- C:\Users\Public\Desktop\Internet-Erlebniswelt.exe [2010.08.27 23:32:44 | 000,059,414 | ---- | M] () -- C:\Users\Eva-Maria\Documents\cc_20100827_233155.reg [2010.08.27 21:51:49 | 000,409,387 | ---- | M] () -- C:\Users\Eva-Maria\Documents\IMG_27082010_214730.png [2010.08.27 16:13:04 | 000,139,264 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.27 10:03:12 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.25 16:42:53 | 000,071,337 | ---- | M] () -- C:\Users\Eva-Maria\Documents\rockamsee.odt [2010.08.25 16:32:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Eva-Maria\Desktop\OTL.exe [2010.08.25 16:32:12 | 000,321,536 | ---- | M] (Freakhouse Multimedia GmbH) -- C:\Users\Eva-Maria\Desktop\Klick.exe [2010.08.21 16:01:40 | 000,002,109 | ---- | M] () -- C:\Users\Eva-Maria\Desktop\Google Chrome.lnk [2010.08.19 21:05:43 | 000,185,311 | ---- | M] () -- C:\Users\Eva-Maria\trinkspiel.jpg [2010.08.17 18:25:07 | 000,002,784 | ---- | M] () -- C:\Users\Eva-Maria\.recently-used.xbel [2010.08.17 15:08:59 | 000,001,036 | ---- | M] () -- C:\Users\Eva-Maria\Desktop\DVDVideoSoft Free Studio.lnk [2010.08.15 16:23:56 | 000,327,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.04 15:49:17 | 000,023,715 | ---- | C] () -- C:\Users\Eva-Maria\Documents\stilllife with old shoe.jpg [2010.09.04 15:31:38 | 000,040,222 | ---- | C] () -- C:\Users\Eva-Maria\Documents\joan-miro-the-garden2.jpg [2010.09.04 15:27:20 | 000,143,326 | ---- | C] () -- C:\Users\Eva-Maria\Documents\the_persistence_of_memory_1931_salvador_dali.jpg [2010.09.04 15:16:18 | 000,020,784 | ---- | C] () -- C:\Users\Eva-Maria\Documents\08-salvador-dali-mustache-2.jpg [2010.09.04 15:01:56 | 000,016,072 | ---- | C] () -- C:\Users\Eva-Maria\Documents\688-1.jpg [2010.09.03 03:00:11 | 001,356,838 | ---- | C] () -- C:\Users\Eva-Maria\Desktop\Qoobox.zip [2010.08.31 20:10:14 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.08.29 23:20:21 | 336,965,288 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.08.29 12:44:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.08.29 12:32:35 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.29 12:16:36 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.08.29 12:13:09 | 000,064,092 | ---- | C] () -- C:\Users\Eva-Maria\combofix.txt [2010.08.29 11:48:31 | 000,002,055 | ---- | C] () -- C:\Users\Eva-Maria\cfscript.txt [2010.08.28 10:20:26 | 000,000,434 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{67F42434-13A1-4949-BC57-7301C908FC3C}.job [2010.08.28 00:38:36 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.08.27 23:31:57 | 000,059,414 | ---- | C] () -- C:\Users\Eva-Maria\Documents\cc_20100827_233155.reg [2010.08.27 23:24:21 | 000,000,808 | ---- | C] () -- C:\Users\Eva-Maria\Desktop\CCleaner.lnk [2010.08.27 23:23:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.08.27 23:23:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.08.27 23:23:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.08.27 23:23:01 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.08.27 23:23:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.08.27 23:20:55 | 003,831,151 | R--- | C] () -- C:\Users\Eva-Maria\Desktop\cofi.exe [2010.08.27 21:51:46 | 000,409,387 | ---- | C] () -- C:\Users\Eva-Maria\Documents\IMG_27082010_214730.png [2010.08.25 16:42:50 | 000,071,337 | ---- | C] () -- C:\Users\Eva-Maria\Documents\rockamsee.odt [2010.08.19 21:05:43 | 000,185,311 | ---- | C] () -- C:\Users\Eva-Maria\trinkspiel.jpg [2010.08.17 18:25:07 | 000,002,784 | ---- | C] () -- C:\Users\Eva-Maria\.recently-used.xbel [2010.07.19 21:07:50 | 000,000,024 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Roaming\vdnxlf.dat [2010.04.26 20:49:01 | 000,000,032 | ---- | C] () -- C:\Windows\wininit.ini [2010.04.20 18:40:12 | 000,000,100 | --S- | C] () -- C:\Users\Eva-Maria\AppData\Local\1711337819.dat [2010.04.14 12:55:09 | 000,000,552 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d8caps.dat [2010.01.07 12:13:38 | 000,151,008 | ---- | C] () -- C:\Users\Eva-Maria\Orial Bold.ttf [2010.01.05 22:54:27 | 000,000,088 | ---- | C] () -- C:\Users\Eva-Maria\VISIT DIRT2.COM FOR USAGE.txt [2010.01.05 22:54:20 | 000,008,128 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.otf [2010.01.05 22:52:41 | 000,008,280 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.otf [2010.01.05 22:25:26 | 000,011,496 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.ttf [2010.01.05 11:53:00 | 000,050,566 | ---- | C] () -- C:\Users\Eva-Maria\littlebliss.jpg [2010.01.05 11:33:10 | 000,011,528 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.ttf [2009.12.24 23:46:26 | 000,001,089 | ---- | C] () -- C:\Users\Eva-Maria\ScriptSERIF - READ ME.txt [2009.12.23 15:46:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2009.12.23 15:46:43 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.12.23 15:36:08 | 000,113,152 | ---- | C] () -- C:\Users\Eva-Maria\1031.MST [2009.12.23 15:36:08 | 000,015,832 | ---- | C] () -- C:\Users\Eva-Maria\0x0407.ini [2009.12.23 15:35:58 | 097,979,392 | ---- | C] () -- C:\Users\Eva-Maria\Samsung New PC Studio.msi [2009.12.22 20:40:18 | 000,298,828 | ---- | C] () -- C:\Users\Eva-Maria\script_serif.ttf [2009.12.22 20:30:56 | 000,280,209 | ---- | C] () -- C:\Users\Eva-Maria\scriptSERIF_sample.jpg [2009.12.22 20:04:42 | 000,242,864 | ---- | C] () -- C:\Users\Eva-Maria\script_serif_riptrash.ttf [2009.11.15 12:45:44 | 000,537,011 | ---- | C] () -- C:\Users\Eva-Maria\ billy argel beyaond sky font.jpg [2009.11.15 12:37:34 | 000,516,096 | ---- | C] () -- C:\Users\Eva-Maria\BEYONDSKTRIAL.ttf [2009.11.15 11:19:36 | 000,000,134 | ---- | C] () -- C:\Users\Eva-Maria\READ ME.txt [2009.09.24 15:39:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.20 11:21:32 | 000,033,792 | -H-- | C] () -- C:\Users\Eva-Maria\photothumb.db [2009.09.17 13:25:41 | 000,087,349 | ---- | C] () -- C:\Users\Eva-Maria\0405_09780_happy_birthday.jpg [2009.09.13 01:03:19 | 000,242,200 | ---- | C] () -- C:\Users\Eva-Maria\acer-code.jpg [2009.09.03 15:46:08 | 000,002,712 | ---- | C] () -- C:\Users\Eva-Maria\JOEBOB graphics free trial font users license.txt [2009.08.26 08:27:16 | 000,006,836 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat [2009.08.25 23:47:23 | 000,001,072 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Roaming\wklnhst.dat [2009.08.22 01:11:33 | 000,139,264 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.12 17:41:40 | 004,980,736 | -HS- | C] () -- C:\Users\Eva-Maria\ntuser.dat [2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.08.12 17:41:40 | 000,262,144 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG1 [2009.08.12 17:41:40 | 000,065,536 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.08.12 17:41:40 | 000,000,020 | -HS- | C] () -- C:\Users\Eva-Maria\ntuser.ini [2009.08.12 17:41:40 | 000,000,000 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG2 [2009.07.21 10:16:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.07.21 10:16:20 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2009.07.21 01:52:22 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.07.21 01:44:57 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.07.21 01:44:56 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.04.26 15:05:36 | 000,521,608 | ---- | C] () -- C:\Users\Eva-Maria\vtks Deja Vu.ttf [2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.03.12 05:26:46 | 000,004,516 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2008.10.26 15:03:52 | 000,147,604 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.ttf [2008.10.26 15:03:52 | 000,104,352 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.otf [2008.01.21 04:23:43 | 000,009,232 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\acleditu.dat [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.12.10 07:56:24 | 000,047,272 | ---- | C] () -- C:\Users\Eva-Maria\FairyDustB.ttf [2005.10.23 22:46:42 | 000,057,560 | ---- | C] () -- C:\Users\Eva-Maria\Anywhere.ttf [2005.08.04 09:28:04 | 000,000,286 | ---- | C] () -- C:\Users\Eva-Maria\readme.txt [2005.08.04 09:23:30 | 000,193,572 | ---- | C] () -- C:\Users\Eva-Maria\kiralynn__.ttf [2005.05.11 03:39:36 | 000,085,808 | ---- | C] () -- C:\Users\Eva-Maria\MINUS___.TTF [2005.03.04 19:40:38 | 000,039,648 | ---- | C] () -- C:\Users\Eva-Maria\konanur.ttf [2004.10.27 20:24:44 | 000,034,788 | ---- | C] () -- C:\Users\Eva-Maria\Flat Earth Scribe.ttf [2000.07.13 11:12:46 | 000,000,430 | ---- | C] () -- C:\Users\Eva-Maria\font info.txt [1998.10.01 23:13:48 | 000,084,704 | ---- | C] () -- C:\Users\Eva-Maria\Kelt Caps Freehand.ttf ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report > |
|
09.09.2010, 10:33
| #73 |
| | Antimalware Doctor und Security Suite dem rechner gehts gut, ich bekomme keine Meldungen oder andere Auffälligkeiten mehr. |
|
09.09.2010, 16:32
| #74 | |
| | Antimalware Doctor und Security Suite Trotz Schwierigkeiten kommen wir voran. Aber leider sind wir noch nicht wirklich durch.  1.) Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Eva-Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Eva-Maria\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.08.27 23:57:58 | 000,008,482 | RHS- | M] () - F:\autorun.inf -- [ FAT ]
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
:Commands
[purity]
[resethosts]
[emptyflash]
[emptytemp]
2.) Dein FireFox scheint mir ziemlich vermurkst (und vielleicht befallen). Exportiere deine Lesezeichen (falls vorhanden), deinstalliere Firefox, lösche die Ordner Zitat:
4.) Importiere deine Lesezeichen (falls vorhanden, Opera kann das auch). 5.) Erstelle und poste neue Logs mit OTL. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
09.09.2010, 19:53
| #75 |
| | Antimalware Doctor und Security Suite OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.09.2010 20:51:09 - Run 7 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Eva-Maria\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 277,87 Gb Free Space | 60,94% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 491,73 Mb Total Space | 487,91 Mb Free Space | 99,22% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: EVA-MARIAS-PC Current User Name: Eva-Maria Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Users\Eva-Maria\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Eva-Maria\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe (DVDVideoSoft Limited.) PRC - C:\Programme\Secunia\PSI\psi.exe (Secunia) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\iTunes\iTunes.exe (Apple Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Last.fm\LastFM.exe (Last.fm) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Eva-Maria\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MpfService) -- File not found SRV - (McSysmon) -- File not found SRV - (McShield) -- File not found SRV - (McNASvc) -- File not found SRV - (McAfee SiteAdvisor Service) -- File not found SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) < End of report > |
|
| Themen zu Antimalware Doctor und Security Suite |
| antimalware, antimalware doctor, doctor, ebenfalls, eingefangen, ergebnisse, fenster, gefangen, kopieren, local\temp, neue, nicht gefunden, scan, schließ, schließt, security, security suite, suite, viren, virus |
drücken.
Button.
.
Linear-Darstellung
