|
Plagegeister aller Art und deren Bekämpfung: Problem mit ein Trojaner TR/Crypt.XPACK.Gen3Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.02.2011, 10:41 | #1 |
| Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 Mein Antivir zeigt ständig an, dass ein Trojaner namens TR/Crypt.XPACK.Gen3 gefunden wurde. Er wird dann jedes Mal von mir in Quaratäne geschoben , nachdem ich einige Antvir,Spybot, CC ausgeführt habe erscheint kein virus meldung mehr sondern da kommt jedesmal beim systemstart ein meldung "das profil konnte nicht geöffnet werden" Ich bin mir 100% sicher das da hier noch an mein laptop noch was böses drinn steckt den das Systemstart hat sich auch verschlechtert nach welche vorgang kann ich die probleme lösen ?
__________________ [Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz |
25.02.2011, 11:34 | #2 |
/// Malware-holic | Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 bitte immer komplette fund meldungen posten.
__________________also avira öffnen ereignisse, fundmeldungen posten. falls es scan berichte mit funden gibt, unter avira reports, scan logs posten. danach: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
25.02.2011, 11:34 | #3 |
| Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 Diese Meldung kommt nachdem ich das systemneustarte ImageShack® - Online Photo and Video Hosting
__________________das System ist definitiv beschädigt aber wie es beschädigt ist weiß ich es nicht leider
__________________ |
25.02.2011, 11:37 | #4 |
/// Malware-holic | Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 nein ich will die meldungen als text. und lies dann genau welche meldungen ich noch wollte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
25.02.2011, 23:51 | #5 |
| Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 Hier das OTL EditorOTL Logfile: Code:
ATTFilter OTL logfile created on: 25.02.2011 23:45:40 - Run 1 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\eren\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 390,66 Gb Free Space | 86,30% Space Free | Partition Type: NTFS Computer Name: EREN-PC | User Name: eren | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe PRC - [2010.12.10 18:28:22 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010.12.09 09:06:36 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.13 12:56:32 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2010.06.28 15:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.06.28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.06.22 07:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.22 07:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.04.24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.04.24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.04.13 17:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2008.06.24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe ========== Modules (SafeList) ========== MOD - [2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe MOD - [2011.01.04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.01.11 10:53:39 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.09 09:06:36 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.24 11:07:58 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.07.13 12:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.06.28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 03:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.04.24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2007.12.17 14:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007.01.11 14:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.12.09 11:17:47 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.12.08 11:53:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2010.12.05 09:23:24 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.08.02 16:09:46 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.07.09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.06.21 20:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.03 20:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.04.24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.04.24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.04.24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.04.24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.04.20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.13 11:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612109925l0454z145v47j22903 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612109925l0454z145v47j22903 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1 FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.3 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8 FF - prefs.js..extensions.enabledItems: stop-reload@design-noir.de:1.2 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?ie=UTF-8&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.02.10 11:27:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.20 19:13:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.12 23:10:56 | 000,000,000 | ---D | M] [2010.10.12 15:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Extensions [2011.02.25 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions [2010.12.07 22:19:02 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2011.02.23 22:02:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2010.10.12 15:12:51 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2011.02.10 20:19:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.10.12 15:12:51 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8} [2011.01.08 11:33:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.12.24 01:09:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.12 15:12:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.10.12 15:12:52 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2011.01.26 06:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.10.12 15:12:58 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2010.11.12 18:05:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.12.07 22:19:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.11.09 21:19:54 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\elemhidehelper@adblockplus.org [2011.01.03 22:10:15 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\firegestures@xuldev.org [2010.10.12 15:12:46 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\jyboy.yy@gmail.com [2010.11.09 21:19:55 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\smarterwiki@wikiatic.com [2010.10.12 15:12:50 | 000,000,000 | ---D | M] (Smart Stop/Reload) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\stop-reload@design-noir.de [2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\translator@zoli.bod [2011.02.22 01:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.12.06 23:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.19 00:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.10 11:27:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.02.22 00:14:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.25 02:53:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.25 23:44:16 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe [2011.02.25 23:14:55 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Lexware [2011.02.25 23:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware [2011.02.25 23:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware [2011.02.25 23:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware [2011.02.25 23:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haufe [2011.02.25 22:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe [2011.02.25 22:58:23 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll [2011.02.25 22:58:23 | 000,181,760 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011.02.25 22:57:58 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.02.25 22:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2011.02.25 22:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware [2011.02.25 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Lexware [2011.02.25 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Adobe [2011.02.25 22:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster [2011.02.25 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects [2011.02.25 21:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2011.02.25 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{EDE2EBB6-0BFC-491D-9E6E-D43627E994CD} [2011.02.25 12:21:50 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\SoftGrid Client [2011.02.25 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\eren\Documents\Nero Home [2011.02.25 11:00:25 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Nero [2011.02.25 10:25:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.02.25 10:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.02.25 10:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.02.25 10:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.02.25 10:16:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.02.25 10:14:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.02.25 10:14:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.02.25 02:53:37 | 000,000,000 | ---D | C] -- C:\_OTL [2011.02.25 01:34:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Nero [2011.02.25 01:17:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{26A6F3DA-946C-435F-B80B-371EACEA3A92} [2011.02.25 01:00:24 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Ahead [2011.02.25 00:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8 [2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2011.02.25 00:52:22 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Nero_8_neu [2011.02.24 23:51:49 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Windows Live Writer [2011.02.24 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Diagnostics [2011.02.24 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\EgisTec IPS [2011.02.24 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Google [2011.02.24 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\eren\Impostazioni locali [2011.02.24 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.02.24 16:40:33 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Bewerbung als Einzelhandelskaufmann in ikea [2011.02.23 10:57:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.02.23 10:57:36 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.02.23 10:57:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.02.23 10:57:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.02.22 00:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader [2011.02.22 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011.02.21 02:07:17 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\elsterformular [2011.02.21 02:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2011.02.21 02:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular [2011.02.15 06:23:43 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\GameRanger [2011.02.13 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011.02.09 11:43:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.02.09 11:43:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.02.09 11:43:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.02.09 11:43:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.02.09 11:43:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.02.09 11:43:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.02.09 11:43:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.02.09 11:43:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.02.09 11:43:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.02.09 11:43:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.02.09 11:43:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.02.09 11:43:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.02.09 11:43:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011.02.09 11:43:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011.02.09 11:43:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011.02.09 11:43:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2011.02.09 11:43:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011.02.09 11:43:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011.02.09 11:43:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011.02.09 11:43:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011.02.09 11:43:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.02.09 11:43:00 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.02.09 11:42:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.02.09 11:42:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.02.09 11:42:58 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.02.09 11:42:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.02.09 11:42:54 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.02.09 11:42:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.02.09 11:42:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.02.09 11:42:53 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.02.09 11:42:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.02.09 11:42:52 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.02.09 11:42:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.02.09 11:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.02.07 22:44:36 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2011.02.07 22:44:31 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys [2011.02.05 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Generic UG_Acer_1.0_A_A [2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2011.01.30 19:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2011.01.30 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared ========== Files - Modified Within 30 Days ========== [2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe [2011.02.25 23:40:15 | 000,076,834 | ---- | M] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip [2011.02.25 23:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job [2011.02.25 23:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.25 23:14:18 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk [2011.02.25 22:58:20 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll [2011.02.25 22:58:20 | 000,181,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011.02.25 22:40:00 | 000,399,525 | ---- | M] () -- C:\Users\eren\Desktop\Brennen.png [2011.02.25 22:10:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.25 22:10:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.25 22:02:57 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.25 22:02:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.25 22:02:28 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys [2011.02.25 21:21:07 | 381,786,452 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.02.25 13:55:07 | 002,612,534 | ---- | M] () -- C:\Users\eren\Desktop\waikru.mp3 [2011.02.25 11:28:50 | 000,210,305 | ---- | M] () -- C:\Users\eren\Desktop\Profil kan nicht gefunden werden.PNG [2011.02.25 11:00:25 | 000,001,024 | ---- | M] () -- C:\Users\eren\.rnd [2011.02.25 11:00:22 | 000,007,867 | ---- | M] () -- C:\Windows\Irremote.ini [2011.02.25 10:09:43 | 004,274,659 | R--- | M] () -- C:\Users\eren\Desktop\Cofi.exe..exe [2011.02.25 02:53:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2011.02.25 00:59:51 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2011.02.25 00:59:51 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk [2011.02.25 00:51:39 | 200,371,185 | ---- | M] () -- C:\Users\eren\Desktop\Nero_8_neu.rar [2011.02.25 00:46:33 | 000,000,385 | ---- | M] () -- C:\Windows\wininit.ini [2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\C_20285Z.dll [2011.02.24 23:09:11 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll [2011.02.24 23:05:02 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll [2011.02.24 22:43:15 | 000,043,232 | ---- | M] () -- C:\Users\eren\Desktop\Unbenannt4.PNG [2011.02.24 15:55:28 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.24 15:55:28 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.24 15:55:28 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.24 15:55:28 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.24 15:55:28 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.02.23 14:36:31 | 000,002,490 | ---- | M] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk [2011.02.22 00:14:43 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.02.15 06:23:46 | 000,001,072 | ---- | M] () -- C:\Users\eren\Desktop\GameRanger.lnk [2011.02.14 09:33:08 | 000,276,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.02.02 23:38:52 | 000,451,939 | ---- | M] () -- C:\Users\eren\Desktop\4444.PNG ========== Files Created - No Company Name ========== [2011.02.25 23:40:08 | 000,076,834 | ---- | C] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip [2011.02.25 23:14:18 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk [2011.02.25 22:31:30 | 000,399,525 | ---- | C] () -- C:\Users\eren\Desktop\Brennen.png [2011.02.25 21:21:07 | 381,786,452 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.02.25 13:54:58 | 002,612,534 | ---- | C] () -- C:\Users\eren\Desktop\waikru.mp3 [2011.02.25 11:28:50 | 000,210,305 | ---- | C] () -- C:\Users\eren\Desktop\Profil kan nicht gefunden werden.PNG [2011.02.25 10:16:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.02.25 10:16:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.02.25 10:16:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.02.25 10:16:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.02.25 10:16:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.02.25 10:09:52 | 004,274,659 | R--- | C] () -- C:\Users\eren\Desktop\Cofi.exe..exe [2011.02.25 00:59:51 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2011.02.25 00:59:51 | 000,002,647 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk [2011.02.25 00:58:36 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini [2011.02.25 00:58:28 | 000,001,024 | ---- | C] () -- C:\Users\eren\.rnd [2011.02.25 00:25:48 | 200,371,185 | ---- | C] () -- C:\Users\eren\Desktop\Nero_8_neu.rar [2011.02.24 23:26:56 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\C_20285Z.dll [2011.02.24 22:43:15 | 000,043,232 | ---- | C] () -- C:\Users\eren\Desktop\Unbenannt4.PNG [2011.02.23 14:36:31 | 000,002,490 | ---- | C] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk [2011.02.22 00:14:43 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.02.15 06:23:46 | 000,001,072 | ---- | C] () -- C:\Users\eren\Desktop\GameRanger.lnk [2011.02.15 06:23:46 | 000,001,058 | ---- | C] () -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk [2011.02.02 23:38:52 | 000,451,939 | ---- | C] () -- C:\Users\eren\Desktop\4444.PNG [2010.12.07 17:24:26 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.06 19:30:51 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini [2010.07.13 12:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll [1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro [2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite [2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular [2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON [2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger [2011.02.25 23:14:55 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware [2011.02.25 16:41:18 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client [2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak [2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer [2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall [2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP [2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client [2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer [2011.02.25 23:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job [2011.02.25 12:50:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7311BB85 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.02.2011 23:45:40 - Run 1 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\eren\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 390,66 Gb Free Space | 86,30% Space Free | Partition Type: NTFS Computer Name: EREN-PC | User Name: eren | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit) "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL "EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "EPSON Scanner" = EPSON Scan "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "IsoBuster_is1" = IsoBuster 2.8.5 "JDownloader" = JDownloader "LManager" = Launch Manager "Messenger Plus! Live" = Messenger Plus! Live "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Revo Uninstaller" = Revo Uninstaller 1.91 "SprayR" = SprayR 1.0 RC7b "SystemRequirementsLab" = System Requirements Lab "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GameRanger" = GameRanger ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.02.2011 06:17:15 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: SSCORE.DLL, Version: 6.1.7600.16385, Zeitstempel: 0x4a5be092 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000170d ID des fehlerhaften Prozesses: 0x1e4 Startzeit der fehlerhaften Anwendung: 0x01cbc9d4b74b7460 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SSCORE.DLL Berichtskennung: 18838011-35c8-11e0-bf1d-00ff01000001 Error - 13.02.2011 15:59:15 | Computer Name = eren-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1670 Startzeit: 01cbcba6b3f6ed9c Endzeit: 75 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: b7e88a74-37ab-11e0-9c43-88ae1d9948ab Error - 13.02.2011 16:02:24 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722, Zeitstempel: 0x4d0c2f29 Name des fehlerhaften Moduls: npdivx32.dll, Version: 1.5.0.52, Zeitstempel: 0x4a04abb0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00067105 ID des fehlerhaften Prozesses: 0x145c Startzeit der fehlerhaften Anwendung: 0x01cbcbb8ce3ec06a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll Berichtskennung: 2c1ddc94-37ac-11e0-9c43-88ae1d9948ab Error - 14.02.2011 07:17:07 | Computer Name = eren-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 17.02.2011 11:06:52 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Empires2.Exe, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Name des fehlerhaften Moduls: Empires2.Exe, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Ausnahmecode: 0xc0000005 Fehleroffset: 0x0013257e ID des fehlerhaften Prozesses: 0x13c8 Startzeit der fehlerhaften Anwendung: 0x01cbceae396fe9d7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichtskennung: 8cee0385-3aa7-11e0-ac96-88ae1d9948ab Error - 18.02.2011 02:21:01 | Computer Name = eren-PC | Source = Application Hang | ID = 1002 Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7f0 Startzeit: 01cbcf322c244817 Endzeit: 72 Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichts-ID: Error - 18.02.2011 07:52:30 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989, Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b727 ID des fehlerhaften Prozesses: 0x13f4 Startzeit der fehlerhaften Anwendung: 0x01cbcf5fcaa6b6fd Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 90121b49-3b55-11e0-b17c-88ae1d9948ab Error - 18.02.2011 18:40:05 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: EMPIRES2.EXE, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Name des fehlerhaften Moduls: EMPIRES2.EXE, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Ausnahmecode: 0xc0000005 Fehleroffset: 0x00168bb0 ID des fehlerhaften Prozesses: 0xb70 Startzeit der fehlerhaften Anwendung: 0x01cbcfab8af1cfa0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE Berichtskennung: 076b91cd-3bb0-11e0-80cd-88ae1d9948ab Error - 19.02.2011 20:08:52 | Computer Name = eren-PC | Source = Application Hang | ID = 1002 Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cf0 Startzeit: 01cbd0923d204fc4 Endzeit: 38 Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichts-ID: Error - 20.02.2011 14:40:39 | Computer Name = eren-PC | Source = Application Hang | ID = 1002 Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1494 Startzeit: 01cbd12b2e8e8a5c Endzeit: 68 Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichts-ID: [ System Events ] Error - 08.01.2011 15:29:17 | Computer Name = eren-PC | Source = BugCheck | ID = 1001 Description = Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.01.2011 04:48:09 | Computer Name = eren-PC | Source = DCOM | ID = 10010 Description = Error - 13.01.2011 08:16:26 | Computer Name = eren-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?13.?01.?2011 um 13:14:53 unerwartet heruntergefahren. Error - 13.01.2011 08:16:35 | Computer Name = eren-PC | Source = BugCheck | ID = 1001 Description = Error - 18.01.2011 07:12:16 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 18.01.2011 07:12:18 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. < End of report > Hier ist die 2. Log
__________________ [Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz |
26.02.2011, 00:07 | #6 |
| Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 Die Founds kan man leider nicht alle aufeinmal kopieren und einfügen kostet viel zeit gibt es kein befehl dafür oder ein stelle wo ich drücken muss damit sie alles kopieren tut ? aber 5 davon werde ich hier reinposten 1.In der Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 2. In der Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 3.In der Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben 4.Die Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49d17a84.qua' verschoben! 5.In der Datei 'C:\Users\eren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRDRITIO\jd9ifkqw9jf_ddttt29j[1].htm' wurde ein Virus oder unerwünschtes Programm 'HTML/Revir.Gen' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern So wen du sagst hier poste mir alle das kan ich das auch machen hab sie schonmal so reingefügt vielleicht kan man damit was anfangen. Danke schonmal
__________________ --> Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 |
26.02.2011, 00:53 | #7 |
| Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 Avira AntiVir Personal Erstellungsdatum der Reportdatei: Samstag, 26. Februar 2011 00:00 Es wird nach 2433480 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : eren Computername : EREN-PC Versionsinformationen: BUILD.DAT : 10.0.0.611 Bytes 14.01.2011 13:28:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 09.12.2010 08:06:36 AVSCAN.DLL : 10.0.3.0 56168 Bytes 02.08.2010 15:09:45 LUKE.DLL : 10.0.3.2 104296 Bytes 09.12.2010 08:06:36 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:03:51 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 16:03:53 VBASE003.VDF : 7.11.3.1 2048 Bytes 09.02.2011 16:03:53 VBASE004.VDF : 7.11.3.2 2048 Bytes 09.02.2011 16:03:53 VBASE005.VDF : 7.11.3.3 2048 Bytes 09.02.2011 16:03:53 VBASE006.VDF : 7.11.3.4 2048 Bytes 09.02.2011 16:03:54 VBASE007.VDF : 7.11.3.5 2048 Bytes 09.02.2011 16:03:54 VBASE008.VDF : 7.11.3.6 2048 Bytes 09.02.2011 16:03:54 VBASE009.VDF : 7.11.3.7 2048 Bytes 09.02.2011 16:03:54 VBASE010.VDF : 7.11.3.8 2048 Bytes 09.02.2011 16:03:54 VBASE011.VDF : 7.11.3.9 2048 Bytes 09.02.2011 16:03:54 VBASE012.VDF : 7.11.3.10 2048 Bytes 09.02.2011 16:03:54 VBASE013.VDF : 7.11.3.59 157184 Bytes 14.02.2011 17:14:01 VBASE014.VDF : 7.11.3.97 120320 Bytes 16.02.2011 17:14:01 VBASE015.VDF : 7.11.3.148 128000 Bytes 19.02.2011 20:50:15 VBASE016.VDF : 7.11.3.183 140288 Bytes 22.02.2011 21:09:50 VBASE017.VDF : 7.11.3.216 124416 Bytes 24.02.2011 22:57:52 VBASE018.VDF : 7.11.3.217 2048 Bytes 24.02.2011 22:57:52 VBASE019.VDF : 7.11.3.218 2048 Bytes 24.02.2011 22:57:52 VBASE020.VDF : 7.11.3.219 2048 Bytes 24.02.2011 22:57:52 VBASE021.VDF : 7.11.3.220 2048 Bytes 24.02.2011 22:57:52 VBASE022.VDF : 7.11.3.221 2048 Bytes 24.02.2011 22:57:52 VBASE023.VDF : 7.11.3.222 2048 Bytes 24.02.2011 22:57:52 VBASE024.VDF : 7.11.3.223 2048 Bytes 24.02.2011 22:57:52 VBASE025.VDF : 7.11.3.224 2048 Bytes 24.02.2011 22:57:52 VBASE026.VDF : 7.11.3.225 2048 Bytes 24.02.2011 22:57:52 VBASE027.VDF : 7.11.3.226 2048 Bytes 24.02.2011 22:57:52 VBASE028.VDF : 7.11.3.227 2048 Bytes 24.02.2011 22:57:52 VBASE029.VDF : 7.11.3.228 2048 Bytes 24.02.2011 22:57:52 VBASE030.VDF : 7.11.3.229 2048 Bytes 24.02.2011 22:57:52 VBASE031.VDF : 7.11.3.230 2048 Bytes 24.02.2011 22:57:52 Engineversion : 8.2.4.176 AEVDF.DLL : 8.1.2.1 106868 Bytes 02.08.2010 15:09:30 AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 24.02.2011 22:57:55 AESCN.DLL : 8.1.7.2 127349 Bytes 05.12.2010 08:23:23 AESBX.DLL : 8.1.3.2 254324 Bytes 05.12.2010 08:23:24 AERDL.DLL : 8.1.9.2 635252 Bytes 05.12.2010 08:23:23 AEPACK.DLL : 8.2.4.10 520567 Bytes 24.02.2011 22:57:55 AEOFFICE.DLL : 8.1.1.16 205179 Bytes 01.02.2011 10:41:33 AEHEUR.DLL : 8.1.2.81 3314038 Bytes 24.02.2011 22:57:54 AEHELP.DLL : 8.1.16.1 246134 Bytes 04.02.2011 11:30:11 AEGEN.DLL : 8.1.5.2 397683 Bytes 21.01.2011 15:48:50 AEEMU.DLL : 8.1.3.0 393589 Bytes 05.12.2010 08:23:21 AECORE.DLL : 8.1.19.2 196983 Bytes 21.01.2011 15:48:50 AEBB.DLL : 8.1.1.0 53618 Bytes 02.08.2010 15:09:25 AVWINLL.DLL : 10.0.0.0 19304 Bytes 02.08.2010 15:09:33 AVPREF.DLL : 10.0.0.0 44904 Bytes 02.08.2010 15:09:33 AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 14:26:53 AVREG.DLL : 10.0.3.2 53096 Bytes 02.08.2010 15:09:33 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 09.12.2010 08:06:36 AVARKT.DLL : 10.0.22.6 231784 Bytes 09.12.2010 08:06:36 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02.08.2010 15:09:32 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 14:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 02.08.2010 15:09:33 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 14:27:01 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 02.08.2010 15:09:45 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Manuelle Auswahl Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Q:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Beginn des Suchlaufs: Samstag, 26. Februar 2011 00:00 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'OfficeVirt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'cvh.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'EgisUpdate.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'BackupManagerTray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PmmUpdate.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMIndexStoreSvr.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Bootsektor 'Q:\' [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '136' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <Acer> C:\Users\eren\Downloads\Steuer.Spar.Erklaerung.2011.German-RESTORE.7z.001.part [WARNUNG] Die Datei konnte nicht gelesen werden! Beginne mit der Suche in 'D:\' Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'Q:\' Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden! Systemfehler [5]: Zugriff verweigert Ende des Suchlaufs: Samstag, 26. Februar 2011 00:53 Benötigte Zeit: 52:30 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 20415 Verzeichnisse wurden überprüft 384259 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 384259 Dateien ohne Befall 5295 Archive wurden durchsucht 1 Warnungen 0 Hinweise
__________________ [Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz |
26.02.2011, 10:53 | #8 |
/// Malware-holic | Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 so da das mit dem lesen anscheinend wohl immernoch nicht klappt, üben wir das gleich noch mal. führe otl aus wie beschrieben. steht ja eindeutig da was zu tun ist.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
26.02.2011, 14:21 | #9 |
| Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 Ops sorry ich habe das mit Texbox vergessen aber bin grad dabei. poste sofort wen es abgeschlossen ist.
__________________ [Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz |
26.02.2011, 14:37 | #10 |
| Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 Hallo ich bins nochmal,OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.02.2011 14:20:38 - Run 2 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\eren\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS Computer Name: EREN-PC | User Name: eren | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit) "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL "EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "EPSON Scanner" = EPSON Scan "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "IsoBuster_is1" = IsoBuster 2.8.5 "JDownloader" = JDownloader "LManager" = Launch Manager "Messenger Plus! Live" = Messenger Plus! Live "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Revo Uninstaller" = Revo Uninstaller 1.91 "SprayR" = SprayR 1.0 RC7b "SystemRequirementsLab" = System Requirements Lab "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GameRanger" = GameRanger ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.02.2011 16:02:24 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722, Zeitstempel: 0x4d0c2f29 Name des fehlerhaften Moduls: npdivx32.dll, Version: 1.5.0.52, Zeitstempel: 0x4a04abb0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00067105 ID des fehlerhaften Prozesses: 0x145c Startzeit der fehlerhaften Anwendung: 0x01cbcbb8ce3ec06a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll Berichtskennung: 2c1ddc94-37ac-11e0-9c43-88ae1d9948ab Error - 14.02.2011 07:17:07 | Computer Name = eren-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 17.02.2011 11:06:52 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Empires2.Exe, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Name des fehlerhaften Moduls: Empires2.Exe, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Ausnahmecode: 0xc0000005 Fehleroffset: 0x0013257e ID des fehlerhaften Prozesses: 0x13c8 Startzeit der fehlerhaften Anwendung: 0x01cbceae396fe9d7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichtskennung: 8cee0385-3aa7-11e0-ac96-88ae1d9948ab Error - 18.02.2011 02:21:01 | Computer Name = eren-PC | Source = Application Hang | ID = 1002 Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7f0 Startzeit: 01cbcf322c244817 Endzeit: 72 Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichts-ID: Error - 18.02.2011 07:52:30 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989, Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b727 ID des fehlerhaften Prozesses: 0x13f4 Startzeit der fehlerhaften Anwendung: 0x01cbcf5fcaa6b6fd Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 90121b49-3b55-11e0-b17c-88ae1d9948ab Error - 18.02.2011 18:40:05 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: EMPIRES2.EXE, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Name des fehlerhaften Moduls: EMPIRES2.EXE, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Ausnahmecode: 0xc0000005 Fehleroffset: 0x00168bb0 ID des fehlerhaften Prozesses: 0xb70 Startzeit der fehlerhaften Anwendung: 0x01cbcfab8af1cfa0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE Berichtskennung: 076b91cd-3bb0-11e0-80cd-88ae1d9948ab Error - 19.02.2011 20:08:52 | Computer Name = eren-PC | Source = Application Hang | ID = 1002 Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cf0 Startzeit: 01cbd0923d204fc4 Endzeit: 38 Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichts-ID: Error - 20.02.2011 14:40:39 | Computer Name = eren-PC | Source = Application Hang | ID = 1002 Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1494 Startzeit: 01cbd12b2e8e8a5c Endzeit: 68 Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichts-ID: Error - 24.02.2011 18:21:21 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0, Zeitstempel: 0x4c1b553a Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000b727 ID des fehlerhaften Prozesses: 0x1674 Startzeit der fehlerhaften Anwendung: 0x01cbd4710630fe08 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 68269c25-4064-11e0-895a-88ae1d9948ab Error - 24.02.2011 18:22:01 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0, Zeitstempel: 0x4c1b553a Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000b727 ID des fehlerhaften Prozesses: 0x638 Startzeit der fehlerhaften Anwendung: 0x01cbd47133f8ded4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 7fc42eca-4064-11e0-895a-88ae1d9948ab [ System Events ] Error - 08.01.2011 15:29:17 | Computer Name = eren-PC | Source = BugCheck | ID = 1001 Description = Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.01.2011 04:48:09 | Computer Name = eren-PC | Source = DCOM | ID = 10010 Description = Error - 13.01.2011 08:16:26 | Computer Name = eren-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?13.?01.?2011 um 13:14:53 unerwartet heruntergefahren. Error - 13.01.2011 08:16:35 | Computer Name = eren-PC | Source = BugCheck | ID = 1001 Description = Error - 18.01.2011 07:12:16 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 18.01.2011 07:12:18 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.02.2011 14:20:38 - Run 2 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\eren\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS Computer Name: EREN-PC | User Name: eren | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools) MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe (McAfee, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1 FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.3 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8 FF - prefs.js..extensions.enabledItems: stop-reload@design-noir.de:1.2 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?ie=UTF-8&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.02.10 11:27:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.20 19:13:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.12 23:10:56 | 000,000,000 | ---D | M] [2010.10.12 15:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Extensions [2011.02.25 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions [2010.12.07 22:19:02 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2011.02.23 22:02:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2010.10.12 15:12:51 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2011.02.10 20:19:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.10.12 15:12:51 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8} [2011.01.08 11:33:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.12.24 01:09:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.12 15:12:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.10.12 15:12:52 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2011.01.26 06:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.10.12 15:12:58 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2010.11.12 18:05:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.12.07 22:19:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.11.09 21:19:54 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\elemhidehelper@adblockplus.org [2011.01.03 22:10:15 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\firegestures@xuldev.org [2010.10.12 15:12:46 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\jyboy.yy@gmail.com [2010.11.09 21:19:55 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\smarterwiki@wikiatic.com [2010.10.12 15:12:50 | 000,000,000 | ---D | M] (Smart Stop/Reload) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\stop-reload@design-noir.de [2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\translator@zoli.bod [2011.02.22 01:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.12.06 23:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.19 00:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.10 11:27:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.02.22 00:14:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.25 02:53:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - File not found MsConfig:64bit - StartUpReg: EPSON BX300F Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIEJE.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {324EF666-6162-EB7C-CCD9-902E7CAFF8A8} - Internet Explorer ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A1555D05-7B30-E6D9-A36F-989C041808E7} - Internet Explorer ActiveX: {BE610BFB-BAC9-D822-8375-CEF48B492AAD} - Microsoft Windows Media Player 12.0 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.02.26 09:06:11 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{FC480404-759B-4582-8CD2-C9B0A8E1BD49} [2011.02.25 23:44:16 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe [2011.02.25 23:14:55 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Lexware [2011.02.25 23:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware [2011.02.25 23:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware [2011.02.25 23:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware [2011.02.25 23:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haufe [2011.02.25 22:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe [2011.02.25 22:58:23 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll [2011.02.25 22:58:23 | 000,181,760 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011.02.25 22:57:58 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.02.25 22:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2011.02.25 22:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware [2011.02.25 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Lexware [2011.02.25 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Adobe [2011.02.25 22:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster [2011.02.25 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects [2011.02.25 21:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2011.02.25 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{EDE2EBB6-0BFC-491D-9E6E-D43627E994CD} [2011.02.25 12:21:50 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\SoftGrid Client [2011.02.25 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\eren\Documents\Nero Home [2011.02.25 11:00:25 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Nero [2011.02.25 10:25:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.02.25 10:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.02.25 10:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.02.25 10:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.02.25 10:16:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.02.25 10:14:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.02.25 10:14:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.02.25 02:53:37 | 000,000,000 | ---D | C] -- C:\_OTL [2011.02.25 01:34:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Nero [2011.02.25 01:17:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{26A6F3DA-946C-435F-B80B-371EACEA3A92} [2011.02.25 01:00:24 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Ahead [2011.02.25 00:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8 [2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2011.02.25 00:52:22 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Nero_8_neu [2011.02.24 23:51:49 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Windows Live Writer [2011.02.24 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Diagnostics [2011.02.24 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\EgisTec IPS [2011.02.24 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Google [2011.02.24 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\eren\Impostazioni locali [2011.02.24 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.02.24 16:40:33 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Bewerbung als Einzelhandelskaufmann in ikea [2011.02.23 10:57:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.02.23 10:57:36 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.02.23 10:57:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.02.23 10:57:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.02.22 00:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader [2011.02.22 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011.02.21 02:07:17 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\elsterformular [2011.02.21 02:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2011.02.21 02:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular [2011.02.15 06:23:43 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\GameRanger [2011.02.13 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011.02.09 11:43:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.02.09 11:43:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.02.09 11:43:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.02.09 11:43:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.02.09 11:43:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.02.09 11:43:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.02.09 11:43:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.02.09 11:43:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.02.09 11:43:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.02.09 11:43:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.02.09 11:43:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.02.09 11:43:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.02.09 11:43:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011.02.09 11:43:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011.02.09 11:43:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011.02.09 11:43:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2011.02.09 11:43:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011.02.09 11:43:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011.02.09 11:43:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011.02.09 11:43:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011.02.09 11:43:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.02.09 11:43:00 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.02.09 11:42:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.02.09 11:42:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.02.09 11:42:58 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.02.09 11:42:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.02.09 11:42:54 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.02.09 11:42:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.02.09 11:42:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.02.09 11:42:53 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.02.09 11:42:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.02.09 11:42:52 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.02.09 11:42:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.02.09 11:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.02.07 22:44:36 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2011.02.07 22:44:31 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys [2011.02.05 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Generic UG_Acer_1.0_A_A [2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2011.01.30 19:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2011.01.30 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared ========== Files - Modified Within 30 Days ========== [2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.26 14:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.26 14:15:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.26 14:15:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.26 14:14:59 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys [2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job [2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe [2011.02.25 23:40:15 | 000,076,834 | ---- | M] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip [2011.02.25 23:14:18 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk [2011.02.25 22:58:20 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll [2011.02.25 22:58:20 | 000,181,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011.02.25 22:40:00 | 000,399,525 | ---- | M] () -- C:\Users\eren\Desktop\Brennen.png [2011.02.25 21:21:07 | 381,786,452 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.02.25 13:55:07 | 002,612,534 | ---- | M] () -- C:\Users\eren\Desktop\waikru.mp3 [2011.02.25 11:00:25 | 000,001,024 | ---- | M] () -- C:\Users\eren\.rnd [2011.02.25 11:00:22 | 000,007,867 | ---- | M] () -- C:\Windows\Irremote.ini [2011.02.25 10:09:43 | 004,274,659 | R--- | M] () -- C:\Users\eren\Desktop\Cofi.exe..exe [2011.02.25 02:53:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2011.02.25 00:59:51 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2011.02.25 00:59:51 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk [2011.02.25 00:51:39 | 200,371,185 | ---- | M] () -- C:\Users\eren\Desktop\Nero_8_neu.rar [2011.02.25 00:46:33 | 000,000,385 | ---- | M] () -- C:\Windows\wininit.ini [2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\C_20285Z.dll [2011.02.24 23:09:11 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll [2011.02.24 23:05:02 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll [2011.02.24 22:43:15 | 000,043,232 | ---- | M] () -- C:\Users\eren\Desktop\Unbenannt4.PNG [2011.02.24 15:55:28 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.24 15:55:28 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.24 15:55:28 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.24 15:55:28 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.24 15:55:28 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.02.23 14:36:31 | 000,002,490 | ---- | M] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk [2011.02.22 00:14:43 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.02.15 06:23:46 | 000,001,072 | ---- | M] () -- C:\Users\eren\Desktop\GameRanger.lnk [2011.02.14 09:33:08 | 000,276,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.02.02 23:38:52 | 000,451,939 | ---- | M] () -- C:\Users\eren\Desktop\4444.PNG ========== Files Created - No Company Name ========== [2011.02.25 23:40:08 | 000,076,834 | ---- | C] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip [2011.02.25 23:14:18 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk [2011.02.25 22:31:30 | 000,399,525 | ---- | C] () -- C:\Users\eren\Desktop\Brennen.png [2011.02.25 21:21:07 | 381,786,452 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.02.25 13:54:58 | 002,612,534 | ---- | C] () -- C:\Users\eren\Desktop\waikru.mp3 [2011.02.25 10:16:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.02.25 10:16:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.02.25 10:16:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.02.25 10:16:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.02.25 10:16:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.02.25 10:09:52 | 004,274,659 | R--- | C] () -- C:\Users\eren\Desktop\Cofi.exe..exe [2011.02.25 00:59:51 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2011.02.25 00:59:51 | 000,002,647 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk [2011.02.25 00:58:36 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini [2011.02.25 00:58:28 | 000,001,024 | ---- | C] () -- C:\Users\eren\.rnd [2011.02.25 00:25:48 | 200,371,185 | ---- | C] () -- C:\Users\eren\Desktop\Nero_8_neu.rar [2011.02.24 23:26:56 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\C_20285Z.dll [2011.02.24 22:43:15 | 000,043,232 | ---- | C] () -- C:\Users\eren\Desktop\Unbenannt4.PNG [2011.02.23 14:36:31 | 000,002,490 | ---- | C] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk [2011.02.22 00:14:43 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.02.15 06:23:46 | 000,001,072 | ---- | C] () -- C:\Users\eren\Desktop\GameRanger.lnk [2011.02.15 06:23:46 | 000,001,058 | ---- | C] () -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk [2011.02.02 23:38:52 | 000,451,939 | ---- | C] () -- C:\Users\eren\Desktop\4444.PNG [2010.12.07 17:24:26 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.06 19:30:51 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini [2010.07.13 12:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll [1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro [2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite [2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular [2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON [2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger [2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware [2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client [2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak [2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer [2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall [2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP [2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client [2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer [2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job [2011.02.25 12:50:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.06 22:12:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Adobe [2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro [2010.12.05 09:24:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Avira [2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite [2010.12.14 08:59:28 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DivX [2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular [2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON [2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger [2010.12.05 01:54:27 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Google [2010.12.05 01:34:01 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Identities [2010.12.05 01:34:42 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Intel Corporation [2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware [2010.12.05 01:34:30 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Macromedia [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Media Center Programs [2011.02.24 16:45:33 | 000,000,000 | --SD | M] -- C:\Users\eren\AppData\Roaming\Microsoft [2010.10.12 15:12:45 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Mozilla [2011.02.25 01:34:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Nero [2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client [2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak [2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer [2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall [2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP [2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client [2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer [2010.12.09 10:50:19 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.01.28 01:43:22 | 001,257,184 | ---- | M] (GameRanger Technologies) -- C:\Users\eren\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2010.12.09 10:50:27 | 000,016,384 | ---- | M] () -- C:\Users\eren\AppData\Roaming\Thinstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\SKEL\27b3fd671cb277ea9c2f48308c7d4839f58bcc5b.Console.EXE < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010.04.13 02:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys [2010.04.13 02:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_20285Z.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7311BB85 < End of report >
__________________ [Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz |
26.02.2011, 14:37 | #11 |
| Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 Hallo ich bins nochmal,OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.02.2011 14:20:38 - Run 2 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\eren\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS Computer Name: EREN-PC | User Name: eren | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit) "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL "EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "EPSON Scanner" = EPSON Scan "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "IsoBuster_is1" = IsoBuster 2.8.5 "JDownloader" = JDownloader "LManager" = Launch Manager "Messenger Plus! Live" = Messenger Plus! Live "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Revo Uninstaller" = Revo Uninstaller 1.91 "SprayR" = SprayR 1.0 RC7b "SystemRequirementsLab" = System Requirements Lab "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GameRanger" = GameRanger ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.02.2011 16:02:24 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722, Zeitstempel: 0x4d0c2f29 Name des fehlerhaften Moduls: npdivx32.dll, Version: 1.5.0.52, Zeitstempel: 0x4a04abb0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00067105 ID des fehlerhaften Prozesses: 0x145c Startzeit der fehlerhaften Anwendung: 0x01cbcbb8ce3ec06a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll Berichtskennung: 2c1ddc94-37ac-11e0-9c43-88ae1d9948ab Error - 14.02.2011 07:17:07 | Computer Name = eren-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 17.02.2011 11:06:52 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Empires2.Exe, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Name des fehlerhaften Moduls: Empires2.Exe, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Ausnahmecode: 0xc0000005 Fehleroffset: 0x0013257e ID des fehlerhaften Prozesses: 0x13c8 Startzeit der fehlerhaften Anwendung: 0x01cbceae396fe9d7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichtskennung: 8cee0385-3aa7-11e0-ac96-88ae1d9948ab Error - 18.02.2011 02:21:01 | Computer Name = eren-PC | Source = Application Hang | ID = 1002 Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7f0 Startzeit: 01cbcf322c244817 Endzeit: 72 Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichts-ID: Error - 18.02.2011 07:52:30 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989, Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b727 ID des fehlerhaften Prozesses: 0x13f4 Startzeit der fehlerhaften Anwendung: 0x01cbcf5fcaa6b6fd Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 90121b49-3b55-11e0-b17c-88ae1d9948ab Error - 18.02.2011 18:40:05 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: EMPIRES2.EXE, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Name des fehlerhaften Moduls: EMPIRES2.EXE, Version: 0.14.22.712, Zeitstempel: 0x3981d1df Ausnahmecode: 0xc0000005 Fehleroffset: 0x00168bb0 ID des fehlerhaften Prozesses: 0xb70 Startzeit der fehlerhaften Anwendung: 0x01cbcfab8af1cfa0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE Berichtskennung: 076b91cd-3bb0-11e0-80cd-88ae1d9948ab Error - 19.02.2011 20:08:52 | Computer Name = eren-PC | Source = Application Hang | ID = 1002 Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cf0 Startzeit: 01cbd0923d204fc4 Endzeit: 38 Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichts-ID: Error - 20.02.2011 14:40:39 | Computer Name = eren-PC | Source = Application Hang | ID = 1002 Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1494 Startzeit: 01cbd12b2e8e8a5c Endzeit: 68 Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe Berichts-ID: Error - 24.02.2011 18:21:21 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0, Zeitstempel: 0x4c1b553a Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000b727 ID des fehlerhaften Prozesses: 0x1674 Startzeit der fehlerhaften Anwendung: 0x01cbd4710630fe08 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 68269c25-4064-11e0-895a-88ae1d9948ab Error - 24.02.2011 18:22:01 | Computer Name = eren-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0, Zeitstempel: 0x4c1b553a Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000b727 ID des fehlerhaften Prozesses: 0x638 Startzeit der fehlerhaften Anwendung: 0x01cbd47133f8ded4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 7fc42eca-4064-11e0-895a-88ae1d9948ab [ System Events ] Error - 08.01.2011 15:29:17 | Computer Name = eren-PC | Source = BugCheck | ID = 1001 Description = Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.01.2011 04:48:09 | Computer Name = eren-PC | Source = DCOM | ID = 10010 Description = Error - 13.01.2011 08:16:26 | Computer Name = eren-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?13.?01.?2011 um 13:14:53 unerwartet heruntergefahren. Error - 13.01.2011 08:16:35 | Computer Name = eren-PC | Source = BugCheck | ID = 1001 Description = Error - 18.01.2011 07:12:16 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 18.01.2011 07:12:18 | Computer Name = eren-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.02.2011 14:20:38 - Run 2 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\eren\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS Computer Name: EREN-PC | User Name: eren | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools) MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe (McAfee, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1 FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.3 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8 FF - prefs.js..extensions.enabledItems: stop-reload@design-noir.de:1.2 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?ie=UTF-8&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.02.10 11:27:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.20 19:13:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.12 23:10:56 | 000,000,000 | ---D | M] [2010.10.12 15:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Extensions [2011.02.25 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions [2010.12.07 22:19:02 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2011.02.23 22:02:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2010.10.12 15:12:51 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2011.02.10 20:19:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.10.12 15:12:51 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8} [2011.01.08 11:33:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.12.24 01:09:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.12 15:12:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.10.12 15:12:52 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2011.01.26 06:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.10.12 15:12:58 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2010.11.12 18:05:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.12.07 22:19:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.11.09 21:19:54 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\elemhidehelper@adblockplus.org [2011.01.03 22:10:15 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\firegestures@xuldev.org [2010.10.12 15:12:46 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\jyboy.yy@gmail.com [2010.11.09 21:19:55 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\smarterwiki@wikiatic.com [2010.10.12 15:12:50 | 000,000,000 | ---D | M] (Smart Stop/Reload) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\stop-reload@design-noir.de [2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\translator@zoli.bod [2011.02.22 01:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.12.06 23:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.19 00:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.10 11:27:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.02.22 00:14:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.25 02:53:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - File not found MsConfig:64bit - StartUpReg: EPSON BX300F Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIEJE.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {324EF666-6162-EB7C-CCD9-902E7CAFF8A8} - Internet Explorer ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A1555D05-7B30-E6D9-A36F-989C041808E7} - Internet Explorer ActiveX: {BE610BFB-BAC9-D822-8375-CEF48B492AAD} - Microsoft Windows Media Player 12.0 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.02.26 09:06:11 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{FC480404-759B-4582-8CD2-C9B0A8E1BD49} [2011.02.25 23:44:16 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe [2011.02.25 23:14:55 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Lexware [2011.02.25 23:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware [2011.02.25 23:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware [2011.02.25 23:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware [2011.02.25 23:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haufe [2011.02.25 22:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe [2011.02.25 22:58:23 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll [2011.02.25 22:58:23 | 000,181,760 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011.02.25 22:57:58 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.02.25 22:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2011.02.25 22:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware [2011.02.25 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Lexware [2011.02.25 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Adobe [2011.02.25 22:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster [2011.02.25 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects [2011.02.25 21:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2011.02.25 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{EDE2EBB6-0BFC-491D-9E6E-D43627E994CD} [2011.02.25 12:21:50 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\SoftGrid Client [2011.02.25 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\eren\Documents\Nero Home [2011.02.25 11:00:25 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Nero [2011.02.25 10:25:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.02.25 10:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.02.25 10:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.02.25 10:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.02.25 10:16:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.02.25 10:14:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.02.25 10:14:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.02.25 02:53:37 | 000,000,000 | ---D | C] -- C:\_OTL [2011.02.25 01:34:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Nero [2011.02.25 01:17:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{26A6F3DA-946C-435F-B80B-371EACEA3A92} [2011.02.25 01:00:24 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Ahead [2011.02.25 00:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8 [2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2011.02.25 00:52:22 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Nero_8_neu [2011.02.24 23:51:49 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Windows Live Writer [2011.02.24 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Diagnostics [2011.02.24 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\EgisTec IPS [2011.02.24 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Google [2011.02.24 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\eren\Impostazioni locali [2011.02.24 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.02.24 16:40:33 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Bewerbung als Einzelhandelskaufmann in ikea [2011.02.23 10:57:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.02.23 10:57:36 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.02.23 10:57:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.02.23 10:57:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.02.22 00:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader [2011.02.22 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011.02.21 02:07:17 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\elsterformular [2011.02.21 02:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2011.02.21 02:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular [2011.02.15 06:23:43 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\GameRanger [2011.02.13 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011.02.09 11:43:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.02.09 11:43:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.02.09 11:43:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.02.09 11:43:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.02.09 11:43:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.02.09 11:43:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.02.09 11:43:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.02.09 11:43:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.02.09 11:43:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.02.09 11:43:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.02.09 11:43:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.02.09 11:43:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.02.09 11:43:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011.02.09 11:43:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011.02.09 11:43:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011.02.09 11:43:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2011.02.09 11:43:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011.02.09 11:43:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011.02.09 11:43:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011.02.09 11:43:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011.02.09 11:43:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.02.09 11:43:00 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.02.09 11:42:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.02.09 11:42:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.02.09 11:42:58 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.02.09 11:42:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.02.09 11:42:54 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.02.09 11:42:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.02.09 11:42:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.02.09 11:42:53 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.02.09 11:42:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.02.09 11:42:52 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.02.09 11:42:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.02.09 11:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.02.07 22:44:36 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2011.02.07 22:44:31 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys [2011.02.05 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Generic UG_Acer_1.0_A_A [2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2011.01.30 19:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2011.01.30 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared ========== Files - Modified Within 30 Days ========== [2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.26 14:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.26 14:15:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.26 14:15:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.26 14:14:59 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys [2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job [2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe [2011.02.25 23:40:15 | 000,076,834 | ---- | M] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip [2011.02.25 23:14:18 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk [2011.02.25 22:58:20 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll [2011.02.25 22:58:20 | 000,181,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011.02.25 22:40:00 | 000,399,525 | ---- | M] () -- C:\Users\eren\Desktop\Brennen.png [2011.02.25 21:21:07 | 381,786,452 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.02.25 13:55:07 | 002,612,534 | ---- | M] () -- C:\Users\eren\Desktop\waikru.mp3 [2011.02.25 11:00:25 | 000,001,024 | ---- | M] () -- C:\Users\eren\.rnd [2011.02.25 11:00:22 | 000,007,867 | ---- | M] () -- C:\Windows\Irremote.ini [2011.02.25 10:09:43 | 004,274,659 | R--- | M] () -- C:\Users\eren\Desktop\Cofi.exe..exe [2011.02.25 02:53:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2011.02.25 00:59:51 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2011.02.25 00:59:51 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk [2011.02.25 00:51:39 | 200,371,185 | ---- | M] () -- C:\Users\eren\Desktop\Nero_8_neu.rar [2011.02.25 00:46:33 | 000,000,385 | ---- | M] () -- C:\Windows\wininit.ini [2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\C_20285Z.dll [2011.02.24 23:09:11 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll [2011.02.24 23:05:02 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll [2011.02.24 22:43:15 | 000,043,232 | ---- | M] () -- C:\Users\eren\Desktop\Unbenannt4.PNG [2011.02.24 15:55:28 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.24 15:55:28 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.24 15:55:28 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.24 15:55:28 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.24 15:55:28 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.02.23 14:36:31 | 000,002,490 | ---- | M] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk [2011.02.22 00:14:43 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.02.15 06:23:46 | 000,001,072 | ---- | M] () -- C:\Users\eren\Desktop\GameRanger.lnk [2011.02.14 09:33:08 | 000,276,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.02.02 23:38:52 | 000,451,939 | ---- | M] () -- C:\Users\eren\Desktop\4444.PNG ========== Files Created - No Company Name ========== [2011.02.25 23:40:08 | 000,076,834 | ---- | C] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip [2011.02.25 23:14:18 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk [2011.02.25 22:31:30 | 000,399,525 | ---- | C] () -- C:\Users\eren\Desktop\Brennen.png [2011.02.25 21:21:07 | 381,786,452 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.02.25 13:54:58 | 002,612,534 | ---- | C] () -- C:\Users\eren\Desktop\waikru.mp3 [2011.02.25 10:16:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.02.25 10:16:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.02.25 10:16:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.02.25 10:16:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.02.25 10:16:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.02.25 10:09:52 | 004,274,659 | R--- | C] () -- C:\Users\eren\Desktop\Cofi.exe..exe [2011.02.25 00:59:51 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2011.02.25 00:59:51 | 000,002,647 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk [2011.02.25 00:58:36 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini [2011.02.25 00:58:28 | 000,001,024 | ---- | C] () -- C:\Users\eren\.rnd [2011.02.25 00:25:48 | 200,371,185 | ---- | C] () -- C:\Users\eren\Desktop\Nero_8_neu.rar [2011.02.24 23:26:56 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\C_20285Z.dll [2011.02.24 22:43:15 | 000,043,232 | ---- | C] () -- C:\Users\eren\Desktop\Unbenannt4.PNG [2011.02.23 14:36:31 | 000,002,490 | ---- | C] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk [2011.02.22 00:14:43 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.02.15 06:23:46 | 000,001,072 | ---- | C] () -- C:\Users\eren\Desktop\GameRanger.lnk [2011.02.15 06:23:46 | 000,001,058 | ---- | C] () -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk [2011.02.02 23:38:52 | 000,451,939 | ---- | C] () -- C:\Users\eren\Desktop\4444.PNG [2010.12.07 17:24:26 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.12.06 19:30:51 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini [2010.07.13 12:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll [1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro [2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite [2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular [2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON [2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger [2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware [2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client [2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak [2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer [2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall [2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP [2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client [2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer [2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job [2011.02.25 12:50:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.06 22:12:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Adobe [2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro [2010.12.05 09:24:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Avira [2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite [2010.12.14 08:59:28 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DivX [2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular [2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON [2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger [2010.12.05 01:54:27 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Google [2010.12.05 01:34:01 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Identities [2010.12.05 01:34:42 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Intel Corporation [2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware [2010.12.05 01:34:30 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Macromedia [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Media Center Programs [2011.02.24 16:45:33 | 000,000,000 | --SD | M] -- C:\Users\eren\AppData\Roaming\Microsoft [2010.10.12 15:12:45 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Mozilla [2011.02.25 01:34:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Nero [2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client [2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak [2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer [2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall [2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP [2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client [2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer [2010.12.09 10:50:19 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.01.28 01:43:22 | 001,257,184 | ---- | M] (GameRanger Technologies) -- C:\Users\eren\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2010.12.09 10:50:27 | 000,016,384 | ---- | M] () -- C:\Users\eren\AppData\Roaming\Thinstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\SKEL\27b3fd671cb277ea9c2f48308c7d4839f58bcc5b.Console.EXE < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010.04.13 02:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys [2010.04.13 02:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_20285Z.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7311BB85 < End of report >
__________________ [Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz |
26.02.2011, 14:58 | #12 |
/// Malware-holic | Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 wunderbar. download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
26.02.2011, 15:18 | #13 |
| Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 du sagtest eben wunderbar darf vielleicht auch wissen was eigentlich passiert ist ? *alderdings mach ich das mit Malwarebytes komme gleich cucu"
__________________ [Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz |
26.02.2011, 15:35 | #14 |
/// Malware-holic | Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 ich meinte wunderbar das es mit dem log geklappt hatt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
26.02.2011, 15:56 | #15 |
| Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 5883 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26.02.2011 15:56:18 mbam-log-2011-02-26 (15-56-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Durchsuchte Objekte: 281527 Laufzeit: 35 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und entfernt.
__________________ [Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz |
Themen zu Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 |
100%, antivir, antvir, ausgeführt, böses, erschein, gefunde, html/revir.gen, jedesmal, konnte, laptop, meldung, problem, spybot, systems, systemstart, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen3, tr/pirminay.clx, trojan.fakealert, trojaner, trojaner tr/crypt.xpack.gen, virus, virus meldung, vorgang |