| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivirusprogramm ist in wirklichkeit ein VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.10.2010, 16:52
| #1 |
| |  Antivirusprogramm ist in wirklichkeit ein Virus Ich hab irgentwo rumgesurft und gleichzeitig ein Programm installiert( World of warcraft) und dabei öfter die Windows Vista abfrage bestätigt und nicht drauf geschaft was gefragt wurde. Jetzt hat sich bei mir ein Programm installiert das sich als Antivirus Programm ausgibt. Ich habe eine Anleitung von hier befolgt und rkill runtergeladen und ausgeführt. Danach Malwarebytes installiert. Dieses Programm funktioniert auch super bis zu dem Zeitpunkt wo der Scan durchgeführt war und das Fenster kommt "Scan durchgeführt blabla bla" Danach schließt sich das Programm automatisch. Kann mir jemand helfen und sagen wie ich das Programm weiter ausführe? |
|
13.10.2010, 16:53
| #2 |
| /// Malware-holic   | Antivirusprogramm ist in wirklichkeit ein Virus ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten bitte |
|
13.10.2010, 20:38
| #3 |
| | Antivirusprogramm ist in wirklichkeit ein Virus OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 13.10.2010 21:12:23 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Sören\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,29 Gb Total Space | 20,97 Gb Free Space | 14,64% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 59,98 Gb Free Space | 20,12% Space Free | Partition Type: NTFS Drive E: | 143,08 Gb Total Space | 68,93 Gb Free Space | 48,17% Space Free | Partition Type: NTFS Computer Name: LAPTOP-SOEREN | User Name: Sören | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sören\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\SREN~1\AppData\Local\Temp\dfrgsnapnt.exe () PRC - C:\Users\Sören\wuaucldt.exe () PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Trillian\trillian.exe (Cerulean Studios) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Users\SREN~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Sören\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (dump_wmimmc) -- D:\Program Files\GpotatoEu\Flyff\GameGuard\dump_wmimmc.sys File not found DRV - (wqnou) -- C:\Windows\System32\drivers\okuewma.sys () DRV - (ilgymknv) -- C:\Windows\System32\drivers\xlihm.sys () DRV - (cmpxl) -- C:\Windows\System32\drivers\wihsi.sys () DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt () DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-592690472-1934408645-2059159008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-592690472-1934408645-2059159008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-592690472-1934408645-2059159008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com/ IE - HKU\S-1-5-21-592690472-1934408645-2059159008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-592690472-1934408645-2059159008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-592690472-1934408645-2059159008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.studivz.de/" FF - prefs.js..extensions.enabledItems: {F58A62EB-38DC-43C4-A539-DC52E135208D}:2.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {6BC20F5F-7ED4-4BAE-9E4B-81CAA94E4C84}:1.9.1 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.10.01 18:24:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.23 20:26:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.23 21:06:21 | 000,000,000 | ---D | M] [2008.08.05 14:54:14 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\mozilla\Extensions [2010.10.13 14:42:09 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\mozilla\Firefox\Profiles\xos3ns37.default\extensions [2009.09.03 15:39:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sören\AppData\Roaming\mozilla\Firefox\Profiles\xos3ns37.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.06.14 14:46:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sören\AppData\Roaming\mozilla\Firefox\Profiles\xos3ns37.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.18 23:34:52 | 000,002,059 | ---- | M] () -- C:\Users\Sören\AppData\Roaming\Mozilla\FireFox\Profiles\xos3ns37.default\searchplugins\daemon-search.xml [2010.03.13 21:28:00 | 000,002,057 | ---- | M] () -- C:\Users\Sören\AppData\Roaming\Mozilla\FireFox\Profiles\xos3ns37.default\searchplugins\youtube-videosuche.xml [2010.04.29 14:28:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.29 14:28:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.03.16 11:46:35 | 000,000,000 | ---D | M] (foxydeal) -- C:\Programme\Mozilla Firefox\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.28 10:31:25 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.10.21 12:12:56 | 000,002,216 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\askcom.xml [2010.01.28 10:31:25 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.28 10:31:25 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.28 10:31:25 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.28 10:31:25 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST) O2 - BHO: (foxy) - {DAEB27B6-FFA6-417F-B060-C5413E6269AA} - C:\Users\Sören\AppData\Roaming\foxydeal\IE\foxyDeal.dll (foxyDeal.com) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [dfrgsnapnt.exe] C:\Users\SREN~1\AppData\Local\Temp\dfrgsnapnt.exe () O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [Icecovunikanujuq] C:\Users\Sören\AppData\Local\mschipo.DLL () O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [Regedit32] C:\Windows\System32\regedit.exe File not found O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [Syilibidukemug] C:\Users\Sören\AppData\Local\arehedilawetida.DLL (MPC-HC Team) O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [wuaucldt] c:\users\sören\wuaucldt.exe () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB (DyynoX Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Sören\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sören\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1abf49f6-3b8c-11df-b81f-865fa15552d9}\Shell - "" = AutoRun O33 - MountPoints2\{1abf49f6-3b8c-11df-b81f-865fa15552d9}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found O33 - MountPoints2\{985d96c7-eebb-11dd-8a02-edcc72c17f68}\Shell\AutoRun\command - "" = jcrngu.exe O33 - MountPoints2\{985d96c7-eebb-11dd-8a02-edcc72c17f68}\Shell\explore\Command - "" = jcrngu.exe O33 - MountPoints2\{985d96c7-eebb-11dd-8a02-edcc72c17f68}\Shell\open\Command - "" = jcrngu.exe O33 - MountPoints2\{9a01372e-be0a-11dd-969b-bb218208cd7e}\Shell - "" = AutoRun O33 - MountPoints2\{9a01372e-be0a-11dd-969b-bb218208cd7e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{ab1e95c6-ca81-11df-8348-9d332afc0bfe}\Shell - "" = AutoRun O33 - MountPoints2\{ab1e95c6-ca81-11df-8348-9d332afc0bfe}\Shell\AutoRun\command - "" = H:\RunGame.exe -- File not found O33 - MountPoints2\{d09ebb20-220b-11df-9a67-d7f7472f4778}\Shell\AutoRun\command - "" = H:\xcrene.exe -- File not found O33 - MountPoints2\{d09ebb20-220b-11df-9a67-d7f7472f4778}\Shell\open\Command - "" = H:\xcrene.exe -- File not found O33 - MountPoints2\{fe640113-2132-11df-81f0-bf35f678e8b5}\Shell - "" = AutoRun O33 - MountPoints2\{fe640113-2132-11df-81f0-bf35f678e8b5}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found O33 - MountPoints2\{fe640113-2132-11df-81f0-bf35f678e8b5}\Shell\configure\command - "" = G:\SETUP.EXE -- File not found O33 - MountPoints2\{fe640113-2132-11df-81f0-bf35f678e8b5}\Shell\install\command - "" = G:\SETUP.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^Users^Sören^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\Programme\OpenOffice.org 2.4\program\quickstart.exe - () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AirPort Base Station Agent - hkey= - key= - C:\Program Files\AirPort\APAgent.exe (Apple Inc.) MsConfig - StartUpReg: ALaunch - hkey= - key= - C:\Acer\ALaunch\AlaunchClient.exe File not found MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) MsConfig - StartUpReg: BisonInst0402 - hkey= - key= - C:\Windows\BR040286.exe (Bison Inc.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.10.13 14:07:03 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Malwarebytes [2010.10.13 14:06:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.13 14:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.13 14:06:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.13 14:05:57 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.13 13:40:09 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\Avira [2010.10.13 13:38:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.10.13 13:38:36 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.10.13 13:38:36 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.10.13 13:38:36 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.10.13 13:38:36 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.10.13 13:38:35 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.10.13 13:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.10.13 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\{6BC20F5F-7ED4-4BAE-9E4B-81CAA94E4C84} [2010.10.13 13:23:58 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\AnVi [2010.10.13 13:23:26 | 000,000,000 | ---D | C] -- C:\Windows\PRAGMAbrgncsrrgp [2010.09.30 23:38:55 | 000,000,000 | ---D | C] -- C:\Users\Sören\Desktop\Xpadder_5-3 [2010.09.29 06:20:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.29 06:16:35 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.09.28 18:21:53 | 000,000,000 | ---D | C] -- C:\Users\Sören\Documents\HdR Die Rückkehr des Königs tm-Daten [2010.09.28 18:18:53 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES [2010.09.28 17:13:17 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite [2010.09.28 16:47:12 | 000,000,000 | ---D | C] -- C:\Users\Sören\Desktop\Neuer Ordner (5) [2010.09.28 15:20:39 | 029,353,312 | ---- | C] (AppWork UG (haftungsbeschränkt)) -- C:\Users\Sören\Desktop\JDownloader_WIN_Setup.exe [2010.09.23 21:43:45 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\vlc [2010.09.23 21:30:43 | 000,000,000 | ---D | C] -- C:\Users\Sören\Desktop\defaults [2010.09.23 21:30:43 | 000,000,000 | ---D | C] -- C:\Users\Sören\Desktop\chrome [2010.09.21 15:41:48 | 000,000,000 | ---D | C] -- C:\Users\Sören\PTR Installer 4.0.0.12824 deDE [2010.09.21 10:13:56 | 000,000,000 | ---D | C] -- C:\Users\Sören\Desktop\HDBI.01 [2010.09.17 17:03:33 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.09.16 18:30:59 | 000,000,000 | ---D | C] -- C:\Users\Sören\Desktop\Neuer Ordner (4) [2010.09.15 13:12:39 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.06.14 17:56:03 | 814,143,398 | ---- | C] (GOA ) -- C:\Programme\loleusetup.exe [2008.01.21 04:24:21 | 000,206,848 | ---- | C] (MPC-HC Team) -- C:\Users\Sören\AppData\Local\arehedilawetida.dll [1 C:\Users\Sören\*.tmp files -> C:\Users\Sören\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.13 20:45:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.13 20:44:59 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.13 20:25:36 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.13 20:25:36 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.13 20:25:36 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.13 20:25:36 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.13 20:21:03 | 000,000,120 | ---- | M] () -- C:\Users\Sören\AppData\Local\Cxedamanewohis.dat [2010.10.13 20:21:00 | 000,084,653 | ---- | M] () -- C:\Users\Sören\AppData\Roaming\nvModes.001 [2010.10.13 20:19:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.13 20:19:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.13 20:19:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.13 20:19:33 | 3219,111,936 | -HS- | M] () -- C:\hiberfil.sys [2010.10.13 20:17:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.10.13 17:15:19 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\okuewma.sys [2010.10.13 17:05:27 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\xlihm.sys [2010.10.13 16:53:26 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\wihsi.sys [2010.10.13 14:42:19 | 000,001,505 | ---- | M] () -- C:\Users\Sören\Desktop\pornotube.com.lnk [2010.10.13 14:42:19 | 000,001,501 | ---- | M] () -- C:\Users\Sören\Desktop\nudetube.com.lnk [2010.10.13 14:42:19 | 000,001,497 | ---- | M] () -- C:\Users\Sören\Desktop\youporn.com.lnk [2010.10.13 14:42:19 | 000,000,001 | ---- | M] () -- C:\Users\Sören\Desktop\troj000.exe [2010.10.13 14:42:19 | 000,000,001 | ---- | M] () -- C:\Users\Sören\Desktop\spam003.exe [2010.10.13 14:42:19 | 000,000,001 | ---- | M] () -- C:\Users\Sören\Desktop\spam001.exe [2010.10.13 14:41:19 | 000,001,681 | ---- | M] () -- C:\Users\Sören\Desktop\Antivirus Support.lnk [2010.10.13 14:41:19 | 000,000,769 | ---- | M] () -- C:\Users\Sören\Desktop\Antivirus.lnk [2010.10.13 14:27:13 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.10.13 14:27:13 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2010.10.13 14:06:33 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.13 13:38:46 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.13 13:24:13 | 000,000,000 | ---- | M] () -- C:\Users\Sören\AppData\Local\Fziful.bin [2010.10.13 13:22:13 | 000,033,280 | ---- | M] () -- C:\Users\Sören\wuaucldt.exe [2010.10.13 13:22:12 | 000,000,016 | ---- | M] () -- C:\Users\Sören\AppData\Roaming\ldcpfk.dat [2010.10.13 13:22:08 | 000,000,004 | ---- | M] () -- C:\Users\Sören\AppData\Roaming\avdrn.dat [2010.10.03 20:43:56 | 000,084,653 | ---- | M] () -- C:\Users\Sören\AppData\Roaming\nvModes.dat [2010.10.02 14:19:48 | 019,657,194 | ---- | M] () -- C:\Users\Sören\Documents\vlc-1.1.4-win32.exe [2010.09.28 18:55:45 | 000,435,979 | ---- | M] () -- C:\Users\Sören\Desktop\Xpadder_5-3.zip [2010.09.28 18:21:49 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\HdR Die Rückkehr des Königs tm.lnk [2010.09.26 17:17:19 | 000,207,075 | ---- | M] () -- C:\Users\Sören\Documents\ts3_clientui-win32-12268-2010-09-26 17_17_18.318000.dmp [2010.09.24 06:45:49 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.09.23 21:43:30 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.09.23 21:06:27 | 000,001,441 | ---- | M] () -- C:\Users\Sören\Desktop\DivX Movies.lnk [2010.09.23 21:06:02 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.09.23 21:05:48 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.09.23 21:01:44 | 000,000,021 | ---- | M] () -- C:\Windows\À*4 [2010.09.23 14:53:12 | 029,353,312 | ---- | M] (AppWork UG (haftungsbeschränkt)) -- C:\Users\Sören\Desktop\JDownloader_WIN_Setup.exe [2010.09.21 10:17:39 | 000,208,384 | ---- | M] () -- C:\Users\Sören\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.16 16:45:48 | 183,511,558 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Users\Sören\*.tmp files -> C:\Users\Sören\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.13 17:15:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\okuewma.sys [2010.10.13 17:05:27 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\xlihm.sys [2010.10.13 16:53:26 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\wihsi.sys [2010.10.13 14:06:33 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.13 13:38:46 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.13 13:35:46 | 000,001,505 | ---- | C] () -- C:\Users\Sören\Desktop\pornotube.com.lnk [2010.10.13 13:35:46 | 000,001,501 | ---- | C] () -- C:\Users\Sören\Desktop\nudetube.com.lnk [2010.10.13 13:35:46 | 000,001,497 | ---- | C] () -- C:\Users\Sören\Desktop\youporn.com.lnk [2010.10.13 13:35:46 | 000,000,001 | ---- | C] () -- C:\Users\Sören\Desktop\troj000.exe [2010.10.13 13:35:46 | 000,000,001 | ---- | C] () -- C:\Users\Sören\Desktop\spam003.exe [2010.10.13 13:35:46 | 000,000,001 | ---- | C] () -- C:\Users\Sören\Desktop\spam001.exe [2010.10.13 13:25:05 | 000,001,681 | ---- | C] () -- C:\Users\Sören\Desktop\Antivirus Support.lnk [2010.10.13 13:25:05 | 000,000,769 | ---- | C] () -- C:\Users\Sören\Desktop\Antivirus.lnk [2010.10.13 13:24:13 | 000,000,120 | ---- | C] () -- C:\Users\Sören\AppData\Local\Cxedamanewohis.dat [2010.10.13 13:24:13 | 000,000,000 | ---- | C] () -- C:\Users\Sören\AppData\Local\Fziful.bin [2010.10.13 13:22:13 | 000,033,280 | ---- | C] () -- C:\Users\Sören\wuaucldt.exe [2010.10.13 13:22:12 | 000,000,016 | ---- | C] () -- C:\Users\Sören\AppData\Roaming\ldcpfk.dat [2010.10.13 13:22:08 | 000,000,004 | ---- | C] () -- C:\Users\Sören\AppData\Roaming\avdrn.dat [2010.10.03 02:31:40 | 012,582,912 | ---- | C] () -- C:\Users\Sören\Desktop\Diddy Kong Racing.z64 [2010.10.02 14:18:27 | 019,657,194 | ---- | C] () -- C:\Users\Sören\Documents\vlc-1.1.4-win32.exe [2010.09.28 18:55:44 | 000,435,979 | ---- | C] () -- C:\Users\Sören\Desktop\Xpadder_5-3.zip [2010.09.28 18:21:49 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\HdR Die Rückkehr des Königs tm.lnk [2010.09.28 02:58:45 | 033,554,432 | ---- | C] () -- C:\Users\Sören\Desktop\Zelda - Ocarina of Time (EUR).n64 [2010.09.28 02:27:00 | 033,554,432 | ---- | C] () -- C:\Users\Sören\Desktop\Pokemon Stadium.z64 [2010.09.26 17:17:18 | 000,207,075 | ---- | C] () -- C:\Users\Sören\Documents\ts3_clientui-win32-12268-2010-09-26 17_17_18.318000.dmp [2010.09.23 21:43:30 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.09.23 21:30:43 | 000,001,149 | ---- | C] () -- C:\Users\Sören\Desktop\f.rdf [2010.09.23 21:06:02 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.09.23 21:05:48 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.09.23 21:02:12 | 000,001,441 | ---- | C] () -- C:\Users\Sören\Desktop\DivX Movies.lnk [2010.09.23 21:01:44 | 000,000,021 | ---- | C] () -- C:\Windows\À*4 [2010.08.28 17:47:00 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.06.28 10:09:11 | 000,000,600 | ---- | C] () -- C:\Users\Sören\AppData\Roaming\winscp.rnd [2010.03.12 11:50:28 | 000,413,696 | ---- | C] () -- C:\Windows\System32\jsound.dll [2010.03.12 11:50:28 | 000,380,928 | ---- | C] () -- C:\Windows\System32\jmmpa.dll [2010.03.12 11:50:28 | 000,282,624 | ---- | C] () -- C:\Windows\System32\jmh261.dll [2010.03.12 11:50:28 | 000,184,320 | ---- | C] () -- C:\Windows\System32\jmvh263.dll [2010.03.12 11:50:28 | 000,143,360 | ---- | C] () -- C:\Windows\System32\jmjpeg.dll [2010.03.12 11:50:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\jmh263enc.dll [2010.03.12 11:50:28 | 000,098,304 | ---- | C] () -- C:\Windows\System32\jmg723.dll [2010.03.12 11:50:28 | 000,077,824 | ---- | C] () -- C:\Windows\System32\jmmpegv.dll [2010.03.12 11:50:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\jmutil.dll [2010.03.12 11:50:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\jmgsm.dll [2010.03.12 11:50:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jmvfw.dll [2010.03.12 11:50:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmvcm.dll [2010.03.12 11:50:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmgdi.dll [2010.03.12 11:50:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmmci.dll [2010.03.12 11:50:27 | 000,053,248 | ---- | C] () -- C:\Windows\System32\jmam.dll [2010.03.12 11:50:27 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmcvid.dll [2010.03.12 11:50:27 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmacm.dll [2010.03.12 11:50:27 | 000,040,960 | ---- | C] () -- C:\Windows\System32\jmdaud.dll [2010.03.12 11:50:27 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmfjawt.dll [2010.03.12 11:50:27 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmddraw.dll [2010.03.12 11:50:27 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmdaudc.dll [2010.03.02 12:50:29 | 000,000,600 | ---- | C] () -- C:\Users\Sören\AppData\Local\PUTTY.RND [2010.02.24 15:40:41 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.24 12:51:44 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.02.09 06:59:13 | 000,000,760 | ---- | C] () -- C:\Users\Sören\AppData\Roaming\setup_ldm.iss [2009.10.01 18:10:34 | 000,001,820 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.12.16 12:12:39 | 000,007,592 | ---- | C] () -- C:\Users\Sören\AppData\Local\d3d9caps.dat [2008.11.11 09:58:17 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2008.11.11 09:58:17 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2008.07.26 15:20:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.06.25 23:08:09 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.06.25 23:08:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.06.14 16:05:46 | 000,208,384 | ---- | C] () -- C:\Users\Sören\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.13 23:38:11 | 000,084,653 | ---- | C] () -- C:\Users\Sören\AppData\Roaming\nvModes.001 [2008.06.13 23:02:25 | 000,084,653 | ---- | C] () -- C:\Users\Sören\AppData\Roaming\nvModes.dat [2008.05.21 11:59:21 | 000,000,031 | ---- | C] () -- C:\Windows\SETPANEL.INI [2008.05.21 11:59:17 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.03.25 23:41:09 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.25 20:18:51 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008.03.25 13:18:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2008.03.25 13:12:07 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.25 12:50:03 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.01.21 04:24:21 | 000,077,312 | ---- | C] () -- C:\Users\Sören\AppData\Local\mschipo.dll [2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2008.10.14 18:41:17 | 000,000,000 | -HSD | M] -- C:\Users\Sören\AppData\Roaming\.# [2008.03.25 13:42:22 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Acer GameZone Console [2010.10.13 20:16:14 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\AnVi [2009.05.05 00:28:42 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Audacity [2010.08.28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Canneverbe Limited [2010.09.28 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\DAEMON Tools Lite [2009.06.26 12:57:52 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Dropbox [2009.04.07 18:29:17 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\dyyno-vlc [2010.10.13 20:16:58 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\foobar2000 [2010.03.16 11:46:35 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\foxydeal [2010.02.09 06:59:16 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Leadertech [2010.06.14 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\LolClient [2010.03.09 23:20:15 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2009.05.16 13:55:40 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\PLT Scheme [2010.03.19 00:00:21 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Red Alert 3 [2009.09.20 18:43:44 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\ScummVM [2010.03.02 12:12:57 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Subversion [2008.11.06 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\TapiRex [2010.09.10 16:52:04 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Trillian [2010.03.18 21:27:37 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\TrueCrypt [2010.05.13 19:58:22 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\TS3Client [2010.10.13 20:17:31 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.10.14 18:41:17 | 000,000,000 | -HSD | M] -- C:\Users\Sören\AppData\Roaming\.# [2008.03.25 13:42:22 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Acer GameZone Console [2010.03.09 23:13:55 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Adobe [2010.10.13 20:16:14 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\AnVi [2009.05.05 00:28:42 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Audacity [2010.10.13 13:40:09 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Avira [2010.08.28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Canneverbe Limited [2009.05.04 19:02:28 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\CyberLink [2010.09.28 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\DAEMON Tools Lite [2010.05.23 02:33:56 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\DivX [2009.06.26 12:57:52 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Dropbox [2010.09.23 18:20:26 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\dvdcss [2009.04.07 18:29:17 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\dyyno-vlc [2010.10.13 20:16:58 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\foobar2000 [2010.03.16 11:46:35 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\foxydeal [2009.10.06 08:05:06 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\HP [2008.06.13 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Identities [2010.02.09 06:55:27 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\InstallShield [2010.02.09 06:59:16 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Leadertech [2010.02.09 06:59:24 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Logitech [2010.06.14 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\LolClient [2010.03.09 23:20:15 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1 [2008.06.13 16:28:04 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Macromedia [2010.10.13 14:07:03 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Media Center Programs [2010.06.27 22:53:52 | 000,000,000 | --SD | M] -- C:\Users\Sören\AppData\Roaming\Microsoft [2010.02.26 13:21:26 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\MiKTeX [2008.08.05 14:54:14 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Mozilla [2010.09.17 03:10:13 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\OpenOffice.org2 [2009.05.16 13:55:40 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\PLT Scheme [2010.03.19 00:00:21 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Red Alert 3 [2009.09.20 18:43:44 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\ScummVM [2010.03.18 23:48:03 | 000,000,000 | RH-D | M] -- C:\Users\Sören\AppData\Roaming\SecuROM [2010.10.13 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Skype [2010.10.13 20:22:40 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\skypePM [2010.03.02 12:12:57 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Subversion [2008.11.06 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\TapiRex [2010.01.18 17:04:24 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\teamspeak2 [2010.03.10 18:07:46 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\TortoiseSVN [2010.09.10 16:52:04 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Trillian [2010.03.18 21:27:37 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\TrueCrypt [2010.05.13 19:58:22 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\TS3Client [2008.07.15 17:20:38 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Ventrilo [2010.10.12 14:23:57 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\vlc [2008.07.01 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\WinRAR [2009.12.10 14:39:18 | 000,000,000 | ---D | M] -- C:\Users\Sören\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2010.01.19 14:21:04 | 000,075,776 | ---- | M] () -- C:\Users\Sören\AppData\Roaming\foxydeal\IE\Updater.exe [2010.03.09 23:13:16 | 000,038,784 | ---- | M] () -- C:\Users\Sören\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.07.03 12:19:38 | 000,010,134 | R--- | M] () -- C:\Users\Sören\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe [2010.07.03 12:19:38 | 000,000,766 | R--- | M] () -- C:\Users\Sören\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe [2010.02.09 06:59:16 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Sören\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2010.07.27 11:54:05 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Sören\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe [2010.07.27 11:54:06 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Sören\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe [2010.07.27 11:54:06 | 000,008,854 | R--- | M] () -- C:\Users\Sören\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe < %SYSTEMDRIVE%\*.exe > [2005.08.16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys [2007.07.12 16:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.02.24 12:51:44 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2008.08.12 05:39:08 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > |
|
13.10.2010, 20:40
| #4 |
| | Antivirusprogramm ist in wirklichkeit ein Virus OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.10.2010 21:12:24 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Sören\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,29 Gb Total Space | 20,97 Gb Free Space | 14,64% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 59,98 Gb Free Space | 20,12% Space Free | Partition Type: NTFS
Drive E: | 143,08 Gb Total Space | 68,93 Gb Free Space | 48,17% Space Free | Partition Type: NTFS
Computer Name: LAPTOP-SOEREN | User Name: Sören | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-592690472-1934408645-2059159008-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1FC714-FA23-4843-9795-02D70B26FEDE}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher |
"{13C36C46-EED8-49A8-8397-8D42BC1F23BA}" = lport=137 | protocol=17 | dir=in | app=system |
"{198195DB-526D-4F45-8B27-85A038016153}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{212C1324-A4BE-4613-AC1B-A17396B0C504}" = lport=445 | protocol=6 | dir=in | app=system |
"{29C53692-7313-4FF1-B828-D558C0339BA3}" = rport=445 | protocol=6 | dir=out | app=system |
"{305F04A1-6DD9-4A7F-948D-E01F7C9FD5ED}" = lport=139 | protocol=6 | dir=in | app=system |
"{394085A8-C09F-4A9B-B5FC-D7969802702E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3961E475-82B7-45B7-9942-BDDA1B5E0506}" = lport=138 | protocol=17 | dir=in | app=system |
"{410EE3B3-8CA4-4B94-A26F-1CE3F868FA7B}" = lport=8375 | protocol=6 | dir=in | name=league of legends launcher |
"{4134F5FB-8E7B-4BE0-B15F-36E47329C9DE}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{43FC0FBD-AB5B-4EAB-AE21-DFFE0F1BB783}" = rport=137 | protocol=17 | dir=out | app=system |
"{4E184041-0DF0-4F22-A6FB-31FE9D685F77}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{51FB8B30-7C10-4EAB-8065-FFC4004D7774}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher |
"{6ECD13BA-0DC9-4D4C-B6CB-FB945D7E5553}" = rport=139 | protocol=6 | dir=out | app=system |
"{736E1093-5638-42BE-A2A5-AF46CF89FAE9}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher |
"{773F2633-EE06-4801-8D95-FF1D6BAF7923}" = lport=6943 | protocol=17 | dir=in | name=league of legends launcher |
"{7AD2F35D-025C-41BA-8331-6C0D934E454A}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher |
"{7B037790-EDEB-43A7-B7A1-CD4DC0238929}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{7FFAD5D8-EB21-4AF1-937D-A0C24CEF264B}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{9AC7D7D5-1896-496F-A3D1-9D5638DB5799}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{A0004E02-DFA2-42FA-A6EC-C974B14FF717}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
"{AB775A68-958A-45C6-903D-25BE7F4E3925}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{B549AAFB-FB50-4150-9BA3-5646A0347706}" = lport=6917 | protocol=17 | dir=in | name=league of legends launcher |
"{B874BD76-7DC0-4A68-9B73-44D47796F787}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C29FAC41-66E6-49D0-A9F9-FC7D781CB543}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher |
"{D4E627E0-8807-4FC7-9501-BDF7D51A1966}" = lport=8375 | protocol=17 | dir=in | name=league of legends launcher |
"{D5962F78-F2BB-4B81-8571-3072620494BC}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{DD461B87-5359-4971-B26D-745C0AE6A007}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E3EB7339-FE7D-461F-90C1-BA502472FD0C}" = lport=6943 | protocol=6 | dir=in | name=league of legends launcher |
"{EB8A1514-865D-47E0-A333-562D28ABC15B}" = rport=138 | protocol=17 | dir=out | app=system |
"{F00948F6-5236-457C-9052-265EA28AF9D5}" = lport=6917 | protocol=6 | dir=in | name=league of legends launcher |
"{F761FF5A-89A1-43AE-96DC-616E25BCDB4E}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02247DBA-17EF-41E5-9A57-2ACDE92B31E1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{042CBFCD-D2D4-42B7-9353-57519AF2298C}" = protocol=6 | dir=in | app=d:\wow\launcher.exe |
"{0AEAAC40-0C56-4159-AD84-405D20E4363C}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{0D97EBFA-E960-401F-B927-DDAB55F2FB5D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{0FB0AEBD-028B-4454-8B1B-0F99C27CBFAF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0FB1AF80-16E5-40D1-8BE6-DC4C39AAC48E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{1E84745A-119E-4B35-8F4D-25C9FFACB075}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{1F8A9031-A985-4090-9624-DE6C6C5A9C5F}" = protocol=17 | dir=in | app=d:\wow\blizzard downloader.exe |
"{2359B77B-EEB9-4CA2-9067-A7BA9BF13D07}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2EFE0752-BD64-4EB7-AE0F-6E701182A99D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{2F2CBC97-442A-4293-A97A-498A74C6452B}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{315CDDD2-79EE-463C-B1CB-8112B0C67B0F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3881B65C-1FD0-4DD2-9BD4-D30B3E84B28D}" = protocol=6 | dir=in | app=d:\wow\launcher.patch.exe |
"{3C17D11A-327C-46F2-AE8A-5E1E251EE6C2}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{3EA08B2B-80BB-4484-BF88-45597C314596}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{52C042BC-34B8-491E-89B8-3F97C9A3608F}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{5B42D3D1-C5DA-4864-B137-D347EDA9CFD5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5C300C79-10AD-465A-B49E-A976D31A772E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{608ADCC6-BB09-497F-A6CF-2F418E43BC30}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{6610AF80-4FFE-4C0C-93D8-21394919D37E}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{6A7403E7-A313-465A-89CD-A17189994591}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6DDE3C99-32AB-4285-92D2-EC4298716F34}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{6DEDD284-9AC6-4961-9B72-3B543846776B}" = protocol=6 | dir=in | app=f:\alicesetup.exe |
"{75617A45-C3B1-4470-A673-BD96E03533D4}" = protocol=17 | dir=in | app=f:\alicesetup.exe |
"{7974B2B8-C8C0-4A4B-859E-2B1C648B3533}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{798BA955-94C3-4F1C-BFCF-AC8DAF9CA7F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{81EFF921-5D42-4257-9365-6B727566B50F}" = dir=in | app=f:\setup\hpznui01.exe |
"{84CC27D6-0918-4725-B34B-335E7F5DE86C}" = protocol=17 | dir=in | app=c:\users\sören\appdata\locallow\dyyno receiver\dppm.exe |
"{85EC9319-C56E-4218-98F6-737F80DD8A81}" = protocol=17 | dir=in | app=d:\wow\launcher.patch.exe |
"{8984267D-EF95-4D08-A70F-A999F441A2D3}" = protocol=6 | dir=in | app=c:\users\sören\appdata\locallow\dyyno receiver\dppm.exe |
"{90424E11-B5E1-472E-938B-48AABDC28922}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{93FE0FF7-E4FA-4364-B258-D23B6EB90600}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{96FB3669-089F-4424-A704-8065087E959B}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{9FC9F54F-6907-49E2-9F96-BDA4AA0004B4}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{9FF7B8C4-9505-447D-AE1B-14A0A0BF9B41}" = protocol=17 | dir=in | app=c:\program files\airport\apagent.exe |
"{A131CA7F-AFA4-4FA0-9482-E8ADD3BBB5D7}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B53C1362-1CC0-429F-841E-08C67E2068EC}" = protocol=6 | dir=in | app=c:\program files\airport\apagent.exe |
"{BA49F66D-827F-4B15-BE86-713B6E977062}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{BC885575-229E-447A-9643-45EE326910BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C59E83B6-9178-4754-B1FA-649C6B524B31}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{CF1D9B8E-D4E6-4D0F-AAD9-6F5BA4A2BFA8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{D43C0553-0E66-42AE-A919-B10102BE4972}" = protocol=6 | dir=in | app=d:\wow\blizzard downloader.exe |
"{DB72B48F-D19A-4F15-8600-17FD0C91B8DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DC625AD0-D3E0-48DD-8D0D-5DE75A56A808}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{E62BF15A-E43E-4FBE-812E-C515FAE05E46}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{EAA6352D-691D-4482-8480-AD81750A2F9B}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{F0D7697B-3420-4996-8EFF-55D5E49DD8D8}" = protocol=17 | dir=in | app=d:\wow\launcher.exe |
"{F0F2855D-EC6A-4C73-8EEB-2F93C7F489D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE0248AC-FD82-4A2A-BFF9-1EE3AA8A17BB}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{FEEC3EAD-0BFB-4C33-A540-3A4803E9A15D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{281EE3FA-BBDB-4C49-877A-A26F9D95C680}D:\wow\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=d:\wow\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{901663E0-1ECF-4871-9D0D-B0B4E2F0A673}D:\wow\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\wow\backgrounddownloader.exe |
"TCP Query User{CF352A57-C7BA-4AA5-B1D8-17CE58DAF54D}D:\wow\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\wow\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe |
"UDP Query User{1EC066C1-EB28-4D7B-8BB8-316B25C3CAD8}D:\wow\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\wow\temp\wow-4.0.0.1807-to-4.0.0.1979-enus-tools-downloader.exe |
"UDP Query User{1F7598D3-B652-4A99-A10D-144FDC92DACB}D:\wow\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=d:\wow\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{EF961F46-6A9A-446C-8747-269CD1E78767}D:\wow\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\wow\backgrounddownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1F2A4BBB-1D52-4183-BD4D-780C6EBFBBD3}}_is1" = TapiRex 1.7.2
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java(TM) SE Development Kit 6 Update 11
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{394DC0BC-5476-4260-B52C-BDE1BDEFA958}" = Unreal Tournament 2004
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5DC6B387-DCD5-4B66-B866-434020FF2ECC}" = TortoiseSVN 1.6.7.18415 (32 bit)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6E298B0A-558C-4138-0096-740677B382CD}" = HdR Die Rückkehr des Königs tm
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye webcam
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.8
"{E9E7F626-3766-4854-88F5-D45EE64455E8}" = AirPort
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bargain Buddy" = Bargain Buddy
"BlueJ_is1" = BlueJ 2.5.0
"Bouml_is1" = Bouml 4.18.2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Command & Conquer 95" = Command & Conquer Windows 95
"DivX Content Uploader" = DivX Content Uploader
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"foobar2000" = foobar2000 v0.9.6
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HD Tune_is1" = HD Tune 2.55
"Hogs Of War" = Frontschweine
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e
"JOE (Java oriented editing) 2.3.25_is1" = JOE (Java oriented editing) 2.3.25
"League of Legends_is1" = League of Legends
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"nbi-glassfish-mod-sun-3.0.0.74.2" = Sun GlassFish Enterprise Server v3
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"NVIDIA Drivers" = NVIDIA Drivers
"PLT-4.1.2" = PLT Scheme v4.1.2
"PuTTY_is1" = PuTTY version 0.60
"ScummVM_is1" = ScummVM 1.0.0rc1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.0.3
"VP Suite 4.1" = VP Suite 4.1
"Warcraft III" = Warcraft III
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"WinCorder" = WinCorder
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.7
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-592690472-1934408645-2059159008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.07.2009 03:37:34 | Computer Name = Laptop-Soeren | Source = WinMgmt | ID = 10
Description =
Error - 17.07.2009 06:56:06 | Computer Name = Laptop-Soeren | Source = WinMgmt | ID = 10
Description =
Error - 17.07.2009 11:55:41 | Computer Name = Laptop-Soeren | Source = WinMgmt | ID = 10
Description =
Error - 18.07.2009 17:01:25 | Computer Name = Laptop-Soeren | Source = WinMgmt | ID = 10
Description =
Error - 19.07.2009 08:08:46 | Computer Name = Laptop-Soeren | Source = WinMgmt | ID = 10
Description =
Error - 19.07.2009 09:59:25 | Computer Name = Laptop-Soeren | Source = WinMgmt | ID = 10
Description =
Error - 19.07.2009 23:19:01 | Computer Name = Laptop-Soeren | Source = WinMgmt | ID = 10
Description =
Error - 20.07.2009 05:57:26 | Computer Name = Laptop-Soeren | Source = WinMgmt | ID = 10
Description =
Error - 21.07.2009 08:09:33 | Computer Name = Laptop-Soeren | Source = WinMgmt | ID = 10
Description =
Error - 21.07.2009 09:39:33 | Computer Name = Laptop-Soeren | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.12.2008 07:53:58 | Computer Name = Laptop-Soeren | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
Error - 11.12.2008 07:54:12 | Computer Name = Laptop-Soeren | Source = HTTP | ID = 15016
Description =
Error - 11.12.2008 13:08:19 | Computer Name = Laptop-Soeren | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
Error - 11.12.2008 13:08:19 | Computer Name = Laptop-Soeren | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
Error - 11.12.2008 13:08:36 | Computer Name = Laptop-Soeren | Source = HTTP | ID = 15016
Description =
Error - 11.12.2008 13:24:28 | Computer Name = Laptop-Soeren | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
Error - 11.12.2008 13:24:28 | Computer Name = Laptop-Soeren | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
Error - 11.12.2008 13:24:41 | Computer Name = Laptop-Soeren | Source = HTTP | ID = 15016
Description =
Error - 11.12.2008 15:28:59 | Computer Name = Laptop-Soeren | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
Error - 11.12.2008 15:28:59 | Computer Name = Laptop-Soeren | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 2
Description =
< End of report >
|
|
14.10.2010, 11:43
| #5 |
| /// Malware-holic | Antivirusprogramm ist in wirklichkeit ein Virus • Starte bitte die OTL.exe. • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\SREN~1\AppData\Local\Temp\dfrgsnapnt.exe () PRC - C:\Users\Sören\wuaucldt.exe () DRV - (wqnou) -- C:\Windows\System32\drivers\okuewma.sys () DRV - (cmpxl) -- C:\Windows\System32\drivers\wihsi.sys () DRV - (ilgymknv) -- C:\Windows\System32\drivers\xlihm.sys () O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found O4 - HKLM..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe File not found O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [dfrgsnapnt.exe] C:\Users\SREN~1\AppData\Local\Temp\dfrgsnapnt.exe () O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [Icecovunikanujuq] C:\Users\Sören\AppData\Local\mschipo.DLL () O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [Regedit32] C:\Windows\System32\regedit.exe File not found O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [Syilibidukemug] C:\Users\Sören\AppData\Local\arehedilawetida.DLL (MPC-HC Team) O4 - HKU\S-1-5-21-592690472-1934408645-2059159008-1000..\Run: [wuaucldt] c:\users\sören\wuaucldt.exe () [2010.10.13 13:24:11 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Local\{6BC20F5F-7ED4-4BAE-9E4B-81CAA94E4C84} [2010.10.13 13:23:58 | 000,000,000 | ---D | C] -- C:\Users\Sören\AppData\Roaming\AnVi [2010.10.13 13:24:13 | 000,000,000 | ---- | M] () -- C:\Users\Sören\AppData\Local\Fziful.bin [2010.10.13 13:22:12 | 000,000,016 | ---- | M] () -- C:\Users\Sören\AppData\Roaming\ldcpfk.dat [2010.10.13 13:22:08 | 000,000,004 | ---- | M] () -- C:\Users\Sören\AppData\Roaming\avdrn.dat [2010.10.13 17:05:27 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\xlihm.sys [2010.10.13 16:53:26 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\wihsi.sys :FILES C:\Windows\System32\drivers\okuewma.sys :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten öffne mein computer, c:\_OTL rechtsklick auf moved files und zu moved files.rar oder zip hinzufügen. archiv zu uns hochladen. http://www.trojaner-board.de/54791-a...ner-board.html |
|
14.10.2010, 14:24
| #6 |
| | Antivirusprogramm ist in wirklichkeit ein Virus All processes killed ========== OTL ========== No active process named dfrgsnapnt.exe was found! No active process named wuaucldt.exe was found! Service wqnou stopped successfully! Service wqnou deleted successfully! C:\Windows\System32\drivers\okuewma.sys moved successfully. Service cmpxl stopped successfully! Service cmpxl deleted successfully! C:\Windows\System32\drivers\wihsi.sys moved successfully. Service ilgymknv stopped successfully! Service ilgymknv deleted successfully! C:\Windows\System32\drivers\xlihm.sys moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bargains deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully. Registry value HKEY_USERS\S-1-5-21-592690472-1934408645-2059159008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\dfrgsnapnt.exe not found. File C:\Users\SREN~1\AppData\Local\Temp\dfrgsnapnt.exe not found. Registry value HKEY_USERS\S-1-5-21-592690472-1934408645-2059159008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 deleted successfully. Registry value HKEY_USERS\S-1-5-21-592690472-1934408645-2059159008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Icecovunikanujuq deleted successfully. File C:\Users\Sören\AppData\Local\mschipo.DLL not found. Registry value HKEY_USERS\S-1-5-21-592690472-1934408645-2059159008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully. Registry value HKEY_USERS\S-1-5-21-592690472-1934408645-2059159008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Syilibidukemug deleted successfully. File C:\Users\Sören\AppData\Local\arehedilawetida.DLL not found. Registry value HKEY_USERS\S-1-5-21-592690472-1934408645-2059159008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wuaucldt not found. File c:\users\sören\wuaucldt.exe not found. C:\Users\Sören\AppData\Local\{6BC20F5F-7ED4-4BAE-9E4B-81CAA94E4C84}\chrome\content folder moved successfully. C:\Users\Sören\AppData\Local\{6BC20F5F-7ED4-4BAE-9E4B-81CAA94E4C84}\chrome folder moved successfully. C:\Users\Sören\AppData\Local\{6BC20F5F-7ED4-4BAE-9E4B-81CAA94E4C84} folder moved successfully. C:\Users\Sören\AppData\Roaming\AnVi folder moved successfully. C:\Users\Sören\AppData\Local\Fziful.bin moved successfully. C:\Users\Sören\AppData\Roaming\ldcpfk.dat moved successfully. File C:\Users\Sören\AppData\Roaming\avdrn.dat not found. File C:\Windows\System32\drivers\xlihm.sys not found. File C:\Windows\System32\drivers\wihsi.sys not found. ========== FILES ========== File\Folder C:\Windows\System32\drivers\okuewma.sys not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Sören ->Flash cache emptied: 175833 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Sören ->Temp folder emptied: 2686124305 bytes ->Temporary Internet Files folder emptied: 309979370 bytes ->Java cache emptied: 53399407 bytes ->FireFox cache emptied: 92659116 bytes ->Google Chrome cache emptied: 10254767 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 125245985 bytes RecycleBin emptied: 598147 bytes Total Files Cleaned = 3.126,00 mb OTL by OldTimer - Version 3.2.15.2 log created on 10142010_150350 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
14.10.2010, 14:45
| #7 |
| /// Malware-holic | Antivirusprogramm ist in wirklichkeit ein Virus bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
14.10.2010, 15:16
| #8 |
| | Antivirusprogramm ist in wirklichkeit ein Virus Leider konnte, ich den Leitfade nicht beachten. Direkt nachdem ich die Exe gestart hatte ist ein Fenster aufgegangen in dem Fehler stand. Danach ist mein Pc neu gestartet und hat Combofix ausgeführt. Dies ist die Log: Combofix Logfile: Code:
ATTFilter ComboFix 10-10-12.03 - Sören 14.10.2010 15:53:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.2195 [GMT 2:00]
ausgeführt von:: c:\users\Sören\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Sören\AppData\Roaming\.#
c:\windows\system\BisonC07.dll
E:\WinRAR.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-14 bis 2010-10-14 ))))))))))))))))))))))))))))))
.
2010-10-14 13:03 . 2010-10-14 13:23 -------- d-----w- C:\_OTL
2010-10-13 12:07 . 2010-10-13 12:07 -------- d-----w- c:\users\Sören\AppData\Roaming\Malwarebytes
2010-10-13 12:06 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 12:06 . 2010-10-13 12:06 -------- d-----w- c:\programdata\Malwarebytes
2010-10-13 12:06 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 12:05 . 2010-10-13 12:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-13 11:40 . 2010-10-13 11:40 -------- d-----w- c:\users\Sören\AppData\Roaming\Avira
2010-10-13 11:38 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-13 11:38 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-13 11:38 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-13 11:38 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-13 11:38 . 2010-10-13 11:38 -------- d-----w- c:\programdata\Avira
2010-10-13 11:38 . 2010-10-13 11:38 -------- d-----w- c:\program files\Avira
2010-10-12 15:16 . 2010-09-16 08:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7488865E-0BAB-484D-B2D0-DD1A318B48BB}\mpengine.dll
2010-09-29 04:20 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 04:16 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 16:18 . 2010-09-28 16:18 -------- d-----w- c:\program files\EA GAMES
2010-09-28 15:13 . 2010-09-28 15:13 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-09-23 19:43 . 2010-10-12 12:23 -------- d-----w- c:\users\Sören\AppData\Roaming\vlc
2010-09-21 13:41 . 2010-09-21 13:50 -------- d-----w- c:\users\Sören\PTR Installer 4.0.0.12824 deDE
2010-09-15 11:12 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 11:12 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 11:12 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-15 11:12 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-09-23 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-15 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-15 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-15 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
" Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-9 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Sören^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Sören\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-03-08 03:38 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirPort Base Station Agent]
2008-12-23 11:03 753664 ----a-w- c:\program files\AirPort\APAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-07-21 10:18 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonInst0402]
2007-05-08 18:48 53248 ----a-w- c:\windows\BR040286.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-04 10:21 768520 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-01-22 09:14 200704 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R3 dump_wmimmc;dump_wmimmc;d:\program files\GpotatoEu\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R4 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 136176]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-24 691696]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 18:40]
2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 18:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.intl.acer.yahoo.com/
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sören\AppData\Roaming\Mozilla\Firefox\Profiles\xos3ns37.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.studivz.de/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
AddRemove-Warhammer Online - Age of Reckoning - c:\games\Electronic Arts\Warhammer Online - Age of Reckoning\uninst2.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-10-14 16:03:57
ComboFix-quarantined-files.txt 2010-10-14 14:03
Vor Suchlauf: 23 Verzeichnis(se), 24.478.842.880 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 24.413.741.056 Bytes frei
- - End Of File - - 327145E23879897654033B74B50903DF
|
|
14.10.2010, 15:22
| #9 |
| /// Malware-holic | Antivirusprogramm ist in wirklichkeit ein Virus download den CCleaner slim Piriform - Builds instaliere ihn, klicke extras, liste der instalierten programme. speichere diese als txt. dann öfne diese txt. hinter jedes, von dir benötigte programm, schreibe notwendig. hinter jedes, dir unbekannte programm, schreibe unbekannt. hinter jedes, von dir nicht benötigte, schreibe unnötig. liste posten bitte. |
|
14.10.2010, 16:27
| #10 |
| | Antivirusprogramm ist in wirklichkeit ein Virus Acer Arcade Deluxe CyberLink Corporation 20.05.2008 21,0MB 1.14.5018unbekannt Acer Crystal Eye Acer Crystal Eye 20.05.2008 5,42MB 7.32.701.12aunbekannt Acer Crystal Eye webcam Acer Crystal Eye webcam 20.05.2008 2,79MB 2.0.0.9unbekannt Acer eAudio Management CyberLink Corp. 12.06.2008 638,5MB 2.5.4303unbekannt Acer eDataSecurity Management Egis Inc. 24.03.2008 63,3MB 2.8.4354unbekannt Acer eLock Management Acer Inc. 24.03.2008 13,3MB 2.5.4302unbekannt Acer Empowering Technology Acer Inc. 24.03.2008 234,5MB 2.5.4301unbekannt Acer eNet Management Acer Inc. 24.03.2008 8,71MB 2.6.4303unbekannt Acer ePower Management Acer Inc. 24.03.2008 16,1MB 2.5.4309unbekannt Acer ePresentation Management Acer Inc. 24.03.2008 3,53MB 2.5.4300unbekannt Acer eSettings Management Acer Inc. 24.03.2008 13,2MB 2.5.4302unbekannt Acer GridVista 20.05.2008 1,50MB 2.68.622unbekannt Acer Mobility Center Plug-In Acer Inc. 24.03.2008 4,13MB 1.0.4301unbekannt Acer ScreenSaver Acer Inc. 20.05.2008 1.13.20071207unbekannt Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 20.05.2008 14,0MB unbekannt Adobe AIR Adobe Systems Inc. 08.03.2010 30,7MB 1.5.3.9130unbekannt Adobe Flash Player 10 Plugin Adobe Systems Incorporated 27.05.2009 10.0.22.87unbekannt Adobe Flash Player ActiveX Adobe Systems Incorporated 20.05.2008 9.0.115.0unbekannt Adobe Reader 8.1.0 Adobe Systems Incorporated 24.03.2008 87,9MB 8.1.0notwendig AirPort Apple Inc. 02.07.2009 11,9MB 5.4.0.32unbekannt ALPS Touch Pad Driver Alps Electric 20.05.2008 Version 7.0.1101.17unbekannt ANNO 1602 Königs-Edition 01.08.2010 108,1MB 1.00 notwendig Apple Software Update Apple Inc. 02.07.2009 2,16MB 2.1.1.116unbekannt Audacity 1.3.6 (Unicode) Audacity Team 03.01.2009 18,6MB notwendig Avira AntiVir Personal - Free Antivirus Avira GmbH 12.10.2010 115,2MB 10.0.0.567 BlueJ 2.5.0 Deakin University 14.12.2008 8,80MBnotwendig Bonjour Apple Inc. 02.07.2009 3,29MB 1.0.106unbekannt Bouml 4.18.2 Bruno Pagès 22.02.2010 45,7MB 4.18.2notwendig CCleaner Piriform 13.10.2010 2,96MB 2.36notwendig CDBurnerXP CDBurnerXP 27.08.2010 16,5MB 4.3.7.2356notwendig Command & Conquer Windows 95 11.03.2010 616,6MB notwendig Command & Conquer™ Alarmstufe Rot 3 Electronic Arts 17.03.2010 230,0MB 1.0.1.0notwendig Diner Dash Flo on the Go Oberon Media 20.05.2008 17,2MB unbekannt DivX Content Uploader DivX, Inc. 22.09.2010 96,6MB 1.2.1unbekannt DivX Plus DirectShow Filters DivX, Inc. 18.05.2010 1,22MB unbekannt DivX-Setup DivX, Inc. 22.09.2010 2,12MB 2.0.4.2unbekannt EVEREST Home Edition v2.20 Lavalys Inc 22.05.2010 6,58MB 2.20notwendig foobar2000 v0.9.6 Peter Pawlowski 31.12.2008 6,71MB 0.9.6notwendig Frontschweine Infogrames 14.02.2010 367,8MB 1.0notwendig GeoGebra GeoGebra Inc. 25.05.2009 55,9MB 3.0.0.0notwendig Google Chrome Google Inc. 12.09.2010 245,6MB 6.0.472.63unnötig HD Tune 2.55 EFD Software 02.03.2009 1,27MB unbekannt HDAUDIO Soft Data Fax Modem with SmartCP 24.03.2008 1,02MB unbekannt HdR Die Rückkehr des Königs tm 27.09.2010 1.984,2MB notwendig HP Customer Participation Program 12.0 HP 30.09.2009 237,0MB 12.0notwendig HP Document Manager 2.0 HP 30.09.2009 2,28MB 2.0notwendig HP Imaging Device Functions 12.0 HP 30.09.2009 2,33MB 12.0notwendig HP Officejet 6500 E709 Series HP 30.09.2009 42,3MB 12.0notwendig HP Smart Web Printing HP 30.09.2009 8,62MB 4.05notwendig HP Solution Center 12.0 HP 30.09.2009 2,32MB 12.0notwendig HP Update Hewlett-Packard 30.09.2009 3,76MB 4.000.011.006notwendig Icy Tower v1.3.1 Free Lunch Design 27.03.2009 3,91MB notwendig Intel(R) Matrix Storage Manager 20.05.2008 1,79MB unbekannt Java DB 10.4.1.3 Sun Microsystems, Inc 14.12.2008 28,0MB 10.4.1.3notwendig Java Media Framework 2.1.1e 11.03.2010 3,79MB notwendig Java(TM) 6 Update 20 Sun Microsystems, Inc. 14.12.2008 96,9MB 6.0.200notwendig Java(TM) SE Development Kit 6 Update 11 Sun Microsystems, Inc. 14.12.2008 144,7MB 1.6.0.110notwendig JOE (Java oriented editing) 2.3.25 12.05.2009notwendig Launch Manager 20.05.2008 2,34MB unbekannt League of Legends 13.06.2010 1.322,5MB notwendig Logitech SetPoint Logitech 08.02.2010 15,0MB 4.24notwendig LogMeIn Hamachi LogMeIn, Inc. 05.09.2010 2,93MB 2.0.2.85notwendig Malwarebytes' Anti-Malware Malwarebytes Corporation 12.10.2010 3,90MBnotwendig Microsoft .NET Framework 3.5 Language Pack - DEU Microsoft Corporation 13.06.2010 36,5MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.08.2009 27,8MB unbekannt Microsoft Office Home and Student 2007 Microsoft Corporation 24.03.2008 298,1MB 12.0.6215.1000unbekannt Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Corporation 22.09.2009 0,13MB 12.0.4518.1014unbekannt Microsoft Silverlight Microsoft Corporation 26.06.2010 3,11MB 1.0.20926.0unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 08.02.2010 2,37MB 8.0.56336unbekannt Microsoft Visual C++ 2008 Express Edition - DEU Microsoft Corporation 26.06.2010 220,5MB unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 08.01.2010 0,58MB 9.0.30729unbekannt Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft 26.06.2010 5,62MB 3.5.21022unbekannt Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 Microsoft Corporation 26.06.2010 2,61MB 6.1.5288.17011unbekannt Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Corporation 26.06.2010 115,0MB 6.1.5288.17011unbekannt Microsoft Works Microsoft Corporation 24.03.2008 282,6MB 08.05.0822unbekannt MiKTeX 2.8 MiKTeX.org 25.02.2010 298,4MB 2.8notwendig Mozilla Firefox (3.6.10) Mozilla 22.09.2010 29,9MB 3.6.10 (de)notwendig MSXML 4.0 SP2 (KB936181) Microsoft Corporation 12.06.2008 1,27MB 4.20.9848.0unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.11.2008 1,28MB 4.20.9870.0unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,34MB 4.20.9876.0unbekannt NetBeans IDE 6.8 NetBeans.org 25.02.2010 747,3MB 6.8notwendig NTI Backup NOW! 4.7 NewTech Infosystems 24.03.2008 7,23MB 1.00.0000unbekannt NTI CD & DVD-Maker NewTech Infosystems 24.03.2008 40,1MB 7unbekannt NVIDIA Drivers 20.05.2008 unbekannt OCR Software by I.R.I.S. 12.0 HP 30.09.2009 2,28MB 12.0unbekannt OpenOffice.org 2.4 OpenOffice.org 22.08.2008 328,0MB 2.4.9310notwendig OpenProj Serena Software Inc. 10.11.2009 7,15MB 1.4.0notwendig Orion Convesoft 12.06.2008 9,49MB 1.0.215unbekannt Phase 5 HTML-Editor Systemberatung Schommer 02.07.2010 3,72MB 5.6.2.3notwendig PLT Scheme v4.1.2 PLT Scheme Inc. 29.10.2008 196,5MB 4.1.2notwendig PowerProducer CyberLink Corp. 20.05.2008 277,4MB 4.1.2431unbekannt Project64 1.6 Project64 26.07.2010 3,47MB 1.6notwendignotwendig PuTTY version 0.60 Simon Tatham 26.06.2010 3,25MB 0.60 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 24.03.2008 15,4MB 6.0.1.5477unbekannt RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 20.05.2008 1,93MB 3.52.02unbekannt ScummVM 1.0.0rc1 19.09.2009 13,7MB notwendig Skype™ 4.2 Skype Technologies S.A. 12.09.2010 19,5MB 4.2.187notwendig Sun GlassFish Enterprise Server v3 25.02.2010 99,7MB notwendig TapiRex 1.7.2 Scendix Software, Inc. 05.11.2008 9,92MB 1.7.2notwendig TeamSpeak 2 RC2 Dominating Bytes Design 14.06.2008 2.0.32.60notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 13.06.2010 37,0MBnotwendig TeXnicCenter Version 1.0 Stable RC1 TeXnicCenter.org 25.02.2010 11,8MB Version 1.0 Stable RC1notwendig TortoiseSVN 1.6.7.18415 (32 bit) TortoiseSVN 01.03.2010 18,4MB 1.6.18415notwendig Tortun 0.8 Creative Online Consulting Sweden AB 26.06.2008 22,4MB notwendig Trillian Cerulean Studios, LLC 16.07.2009 26,4MB notwendignotwendig TrueCrypt TrueCrypt Foundation 17.03.2010 7,38MB 6.3anotwendig Turbo Pizza Oberon Media 20.05.2008 175,4MB unbekannt Unreal Tournament 2004 Epic Games 30.07.2008 80,0MB 1.00.0000notwendig Ventrilo Client Flagship Industries, Inc. 14.07.2008 3,67MB 3.0.1notwendig VLC media player 1.0.3 VideoLAN Team 22.09.2010 49,5MB 1.0.3notwendig VP Suite 4.1 Visual Paradigm International Ltd. 11.11.2009 271,1MB unbekannt Warcraft III 26.10.2008 1.158,9MB notwendig Warcraft III: All Products 26.10.2008 1.158,9MBnotwendig WIDCOMM Bluetooth Software 6.0.1.4900 Broadcom Corporation 20.05.2008 40,8MB 6.0.1.4900unbekannt WinCorder 17.11.2009 notwendig WinRAR 30.06.2008 3,66MB notwendig WinSCP 4.2.7 Martin Prikryl 27.06.2010 8,60MB 4.2.7unbekannt World of Warcraft Blizzard Entertainment 12.10.2010 24.536,4MB 4.0.1.13164notwendig Xvid 1.1.3 final uninstall Xvid team (Koepi) 24.06.2008 0,77MB 1.1unbekannt |
|
14.10.2010, 16:44
| #11 |
| /// Malware-holic | Antivirusprogramm ist in wirklichkeit ein Virus ok los gehts. deinstaliere Acer Arcade Deluxe Acer Crystal Eye Acer Crystal Eye webcam Acer Empowering Technology Acer ePower Management Acer ePresentation Management Acer GridVista Acer Mobility Center Plug-In Acer ScreenSaver Adobe AIR Adobe Reader 8.1.0 deinstalieren und ersetzen durch: Adobe - Adobe Reader herunterladen - Alle Versionen bitte hake nicht an, mcafee securety scan + öffne dann den reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. bitte noch unnötige plugins verschieben: Adobe Reader schneller starten behalte aber: EScript.api Escript.deu Search.api Search.DEU deinstaliere: AirPort Apple Inc Apple Software Update Bonjour Diner Dash Flo DivX Content Uploader DivX Plus DirectShow Filters DivX-Setup Google Chrome HD Tune HDAUDIO Soft Data Fax Modem deinstaliere alle java versionen. und update: Download der kostenlosen Java-Software deinstaliere: Launch Manager Microsoft Silverlight OpenOffice.org 2.4 updaten de: OpenOffice.org: Startseite (deutsch) deinstaliere: Orion Convesoft PowerProducer PuTTY version 0.60 steht nichts hinter, wenn nicht benötigt weg Turbo Pizza VP Suite Xvid 1.1.3 wenn fertig gib bescheid. wie läuft der pc? |
|
14.10.2010, 18:50
| #12 |
| | Antivirusprogramm ist in wirklichkeit ein Virus Upps, da war ja eine 2te Seite. Ich habs jetzt alles Deinstalliert. Mein Pc ist jetzt nicht nur Virenfrei sondern läuft auch viel besser. Ich danke dir vielmals. |
|
14.10.2010, 18:57
| #13 |
| /// Malware-holic | Antivirusprogramm ist in wirklichkeit ein Virus wir haben noch zu tun. avira http://www.trojaner-board.de/54192-a...tellungen.html avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. |
|
| Themen zu Antivirusprogramm ist in wirklichkeit ein Virus |
| abfrage, anleitung, antivirus, antivirusprogramm, durchgeführt, fenster, funktionier, funktioniert, geschaft, gleichzeitig, installier, installiert, leitung, malwarebytes, programm, punkt, scan, schließt, super, vista, warcraft, windows, windows vista, world, world of warcraft, öfter |
Linear-Darstellung
