| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen3Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.03.2011, 00:25
| #1 |
 |  TR/Crypt.XPACK.Gen3 Moin Moin.... Habe auch ein Problem mit "TR/Crypt.XPACK.Gen3" mein Avira zeigt mir an das auch ich mir was eingefangen habe. Kenn mich nicht so aus, aber habe mir mal die Zeit genommen und bisschen im Forum gelesen und gemerkt, hier bist du richtig  Ich habe schon das Malwarebytes Prog. und OLT Sys. Scan durchgeführt... man ich habe Kopfschmerzen  Hier die Meldung von Avira: Die Datei 'C:\Users\Kay\AppData\Local\Temp\jkkheb.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48a8011d.qua' verschoben! Hier die OLT Files: OTL Extras logfile created on: 11.03.2011 23:45:51 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kay\Videos Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 109,19 Gb Total Space | 39,69 Gb Free Space | 36,35% Space Free | Partition Type: NTFS Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1283713252-3167488077-3547314567-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr "C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption "C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr "C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0997051B-6242-4D29-8087-5DE5D075D267}" = rport=138 | protocol=17 | dir=out | app=system | "{1F7B12D1-2CEB-4DC2-931D-A3E7F969BF48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{281568E5-2B01-4292-9E90-6ABE1DA3008A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2936B9F2-6421-45C4-A2CC-423CA8420590}" = lport=137 | protocol=17 | dir=in | app=system | "{33772836-517D-4C04-A1D9-81C6D773F48F}" = rport=445 | protocol=6 | dir=out | app=system | "{579C7702-C5DD-4454-A537-1487F4A4AD75}" = rport=139 | protocol=6 | dir=out | app=system | "{674606E0-CF3B-4DFD-A5AC-FA49588B3A37}" = lport=138 | protocol=17 | dir=in | app=system | "{6E27FB57-4D8E-4B6A-BEB8-BAAFA428F0C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7497BCA1-589A-438C-AD93-1726D6CFC71D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7CD0DB40-B06A-427F-9E77-CD0E5A052D3A}" = lport=2869 | protocol=6 | dir=in | app=system | "{7FAA178D-98F8-4910-8B86-8B92368C78DD}" = rport=10243 | protocol=6 | dir=out | app=system | "{80943857-A802-4F43-9A43-CFCF35C9621E}" = lport=139 | protocol=6 | dir=in | app=system | "{828057CE-05FE-42DE-99B1-A96A879BC26A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8E23D99D-25F3-4C45-8D82-F1B60B95CC73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{962676DB-4B5D-4BAF-844F-90C254A79203}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9D75D204-0005-41E5-B9E1-DA18EBC382D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B5601ACB-7977-4DFE-8695-DE1911492995}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C32ECFAE-0DD2-4A0C-A69D-A27DE246CC42}" = lport=10243 | protocol=6 | dir=in | app=system | "{C91111C3-92BD-4F84-B5E6-0544C8692E18}" = lport=2869 | protocol=6 | dir=in | app=system | "{CF8B5008-0900-4406-905B-B5C8BB9F82E6}" = lport=445 | protocol=6 | dir=in | app=system | "{F718E3FC-4D29-438E-B26E-2322440440E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F7E598CD-6538-4EA2-85F9-45D48F7562F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FEDAE504-4D07-42E6-88FB-CE7581B42F99}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04EE51B8-A735-4E6E-9F4D-B139B342B798}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{072723F4-9127-4452-8360-4BFEFF2DFF33}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{116A830A-D020-4D63-B666-D1E564510058}" = protocol=6 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe | "{128D4230-8DC2-4758-8D6C-E85215EC84B6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{20098CB2-6EC4-4B2E-B1D6-296FE7D83060}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{2AAB555C-9A68-4E69-AEC2-A96E2BB60D0F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{3014177A-3449-47A0-BCCF-0D0592514ECF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{34DF5A76-F01E-4F0A-B29D-894DFF8A1A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{37D1BFB5-86B2-4CBB-9919-BFC568051CF8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{3DC450DA-B9FA-4764-B2EA-F55A95223A0E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{3E14BB6E-3682-417F-84BF-E806DB3E1A44}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{3FA88C91-F072-4FBC-B5EC-3B2DBD1FA7AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{3FCB5AE7-09D0-4A8F-9E10-538F1E57BBAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4146681E-11E0-4177-8212-2D73E4A60A1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4491238A-3850-4FE0-8AB5-A098B19D43F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{48837EC7-9128-417D-8130-D15FF6B97C40}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{56AB5851-47F2-4EAD-9B8B-F92A975109D7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{5708650B-93B2-4EBB-A746-A511646E7818}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5A1B7D1F-95AD-46CD-AF7F-62399525E4CF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{5B9F157B-FE41-420C-ACC4-80D0CA7EDAA8}" = dir=in | app=c:\program files\itunes\itunes.exe | "{5DD128C5-72CB-4214-BDAC-4A7569D0CBC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5EAAF6FC-E1A4-4CBD-82F6-E2BEE7ED9B64}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5F0D5E1E-CD2C-4FFF-AFFA-9A6E4AE20260}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6F1D632C-C842-4BCC-98DC-7B3BB698DFA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{82DAD9D6-4EBA-473E-8A68-BE7E19E0ED09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8AC253EF-2477-4127-B1E0-E91FB3B29919}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8B63EF71-4AC9-4DC5-87DC-0FE02FC11B43}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | "{8BDD2911-7D6C-4B6E-A0B3-605AA6A12CCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9C506EF2-2387-43E4-B91C-4D614776CF9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9CBAF7FB-23BD-40E4-BF66-D4A94726DEA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9FCC3E62-7102-4CCA-A40B-A8A6FAC5C9E6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{A19FFC8F-3498-4565-BB75-7848280F52E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | "{A8A13160-70AE-446D-ACC9-500865B17514}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | "{AA018E60-B4E0-4056-A4CA-C0A2A7D7A8D0}" = protocol=17 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe | "{B2129303-F439-43B7-A898-1DB92BFE13B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | "{C1537E89-F7BA-48BB-99AD-86A97C178555}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{C308FE1E-F736-4D68-828C-47ADF5D2EC10}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{C542A1B6-70ED-4EF4-8FC2-8EC1083083C6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{CC01D276-ABE9-4B32-A963-F2A809A4EBCB}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{CF8DFE59-ED84-4915-B625-A303B7DAFF8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D2F57522-ABB8-4CCD-92B4-9991D47ED470}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D634A6D0-087F-4BD0-A3C4-151AF8C01FCD}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | "{DBA9BC6D-4637-4393-8DE1-BD9CDA217E72}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{E0DCBF8A-8EE2-4454-949E-B9B8F5A955D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E2319906-F246-4CEE-966E-B00F6046F30C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | "{E2C30BB0-AF80-4AF1-A36F-717AB2FAE6E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E2D217DF-0F16-4ABC-935D-38611FDF23BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E3217537-631B-4280-80C0-678DBE62A61F}" = protocol=6 | dir=out | app=system | "{FB7D267C-705E-4419-AC69-CAFCA109CFAF}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | "{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{4CCBEF83-A1BE-4B0E-AF1D-A77F065F3140}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{ED032D03-25AD-452A-A4FE-CC62129AEA71}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{235E349C-74FB-488D-933A-35311ACEAC81}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{BD7EDC30-EFBA-4D8B-8988-EB8E3E8E07C3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3 "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9509674F-3972-11DE-806D-005056806466}" = Google Earth "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "DivX Setup.divx.com" = DivX-Setup "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McDonald's Fairies " = McDonald's Fairies "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "NVIDIA Drivers" = NVIDIA Drivers "PokerStars" = PokerStars "PunkBusterSvc" = PunkBuster Services "ratDVD" = ratDVD 0.78.1444 "RealPlayer 6.0" = RealPlayer "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TVUPlayer" = TVUPlayer 2.4.7.2 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.1 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:54:54 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:57:32 | Computer Name = Kay-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 11.03.2011 16:57:33 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 57908 Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 57908 Error - 11.03.2011 18:36:57 | Computer Name = Kay-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 11.03.2011 09:33:54 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 09:33:59 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 09:34:18 | Computer Name = Kay-PC | Source = bowser | ID = 8003 Description = Error - 11.03.2011 16:33:12 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 16:33:22 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 16:33:39 | Computer Name = Kay-PC | Source = bowser | ID = 8003 Description = Error - 11.03.2011 16:57:36 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 16:57:37 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 18:37:01 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > __________ OTL logfile created on: 11.03.2011 23:45:50 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kay\Videos Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 109,19 Gb Total Space | 39,69 Gb Free Space | 36,35% Space Free | Partition Type: NTFS Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kay\Videos\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()OTL Extras logfile created on: 11.03.2011 23:45:51 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kay\Videos Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 109,19 Gb Total Space | 39,69 Gb Free Space | 36,35% Space Free | Partition Type: NTFS Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1283713252-3167488077-3547314567-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr "C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption "C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr "C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0997051B-6242-4D29-8087-5DE5D075D267}" = rport=138 | protocol=17 | dir=out | app=system | "{1F7B12D1-2CEB-4DC2-931D-A3E7F969BF48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{281568E5-2B01-4292-9E90-6ABE1DA3008A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2936B9F2-6421-45C4-A2CC-423CA8420590}" = lport=137 | protocol=17 | dir=in | app=system | "{33772836-517D-4C04-A1D9-81C6D773F48F}" = rport=445 | protocol=6 | dir=out | app=system | "{579C7702-C5DD-4454-A537-1487F4A4AD75}" = rport=139 | protocol=6 | dir=out | app=system | "{674606E0-CF3B-4DFD-A5AC-FA49588B3A37}" = lport=138 | protocol=17 | dir=in | app=system | "{6E27FB57-4D8E-4B6A-BEB8-BAAFA428F0C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7497BCA1-589A-438C-AD93-1726D6CFC71D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7CD0DB40-B06A-427F-9E77-CD0E5A052D3A}" = lport=2869 | protocol=6 | dir=in | app=system | "{7FAA178D-98F8-4910-8B86-8B92368C78DD}" = rport=10243 | protocol=6 | dir=out | app=system | "{80943857-A802-4F43-9A43-CFCF35C9621E}" = lport=139 | protocol=6 | dir=in | app=system | "{828057CE-05FE-42DE-99B1-A96A879BC26A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8E23D99D-25F3-4C45-8D82-F1B60B95CC73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{962676DB-4B5D-4BAF-844F-90C254A79203}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9D75D204-0005-41E5-B9E1-DA18EBC382D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B5601ACB-7977-4DFE-8695-DE1911492995}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C32ECFAE-0DD2-4A0C-A69D-A27DE246CC42}" = lport=10243 | protocol=6 | dir=in | app=system | "{C91111C3-92BD-4F84-B5E6-0544C8692E18}" = lport=2869 | protocol=6 | dir=in | app=system | "{CF8B5008-0900-4406-905B-B5C8BB9F82E6}" = lport=445 | protocol=6 | dir=in | app=system | "{F718E3FC-4D29-438E-B26E-2322440440E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F7E598CD-6538-4EA2-85F9-45D48F7562F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FEDAE504-4D07-42E6-88FB-CE7581B42F99}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04EE51B8-A735-4E6E-9F4D-B139B342B798}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{072723F4-9127-4452-8360-4BFEFF2DFF33}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{116A830A-D020-4D63-B666-D1E564510058}" = protocol=6 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe | "{128D4230-8DC2-4758-8D6C-E85215EC84B6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{20098CB2-6EC4-4B2E-B1D6-296FE7D83060}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{2AAB555C-9A68-4E69-AEC2-A96E2BB60D0F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{3014177A-3449-47A0-BCCF-0D0592514ECF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{34DF5A76-F01E-4F0A-B29D-894DFF8A1A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{37D1BFB5-86B2-4CBB-9919-BFC568051CF8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{3DC450DA-B9FA-4764-B2EA-F55A95223A0E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{3E14BB6E-3682-417F-84BF-E806DB3E1A44}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{3FA88C91-F072-4FBC-B5EC-3B2DBD1FA7AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{3FCB5AE7-09D0-4A8F-9E10-538F1E57BBAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4146681E-11E0-4177-8212-2D73E4A60A1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4491238A-3850-4FE0-8AB5-A098B19D43F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{48837EC7-9128-417D-8130-D15FF6B97C40}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{56AB5851-47F2-4EAD-9B8B-F92A975109D7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{5708650B-93B2-4EBB-A746-A511646E7818}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5A1B7D1F-95AD-46CD-AF7F-62399525E4CF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{5B9F157B-FE41-420C-ACC4-80D0CA7EDAA8}" = dir=in | app=c:\program files\itunes\itunes.exe | "{5DD128C5-72CB-4214-BDAC-4A7569D0CBC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5EAAF6FC-E1A4-4CBD-82F6-E2BEE7ED9B64}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5F0D5E1E-CD2C-4FFF-AFFA-9A6E4AE20260}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6F1D632C-C842-4BCC-98DC-7B3BB698DFA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{82DAD9D6-4EBA-473E-8A68-BE7E19E0ED09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8AC253EF-2477-4127-B1E0-E91FB3B29919}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8B63EF71-4AC9-4DC5-87DC-0FE02FC11B43}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | "{8BDD2911-7D6C-4B6E-A0B3-605AA6A12CCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9C506EF2-2387-43E4-B91C-4D614776CF9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9CBAF7FB-23BD-40E4-BF66-D4A94726DEA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9FCC3E62-7102-4CCA-A40B-A8A6FAC5C9E6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{A19FFC8F-3498-4565-BB75-7848280F52E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | "{A8A13160-70AE-446D-ACC9-500865B17514}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | "{AA018E60-B4E0-4056-A4CA-C0A2A7D7A8D0}" = protocol=17 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe | "{B2129303-F439-43B7-A898-1DB92BFE13B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | "{C1537E89-F7BA-48BB-99AD-86A97C178555}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{C308FE1E-F736-4D68-828C-47ADF5D2EC10}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{C542A1B6-70ED-4EF4-8FC2-8EC1083083C6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{CC01D276-ABE9-4B32-A963-F2A809A4EBCB}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{CF8DFE59-ED84-4915-B625-A303B7DAFF8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D2F57522-ABB8-4CCD-92B4-9991D47ED470}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D634A6D0-087F-4BD0-A3C4-151AF8C01FCD}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | "{DBA9BC6D-4637-4393-8DE1-BD9CDA217E72}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{E0DCBF8A-8EE2-4454-949E-B9B8F5A955D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E2319906-F246-4CEE-966E-B00F6046F30C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | "{E2C30BB0-AF80-4AF1-A36F-717AB2FAE6E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E2D217DF-0F16-4ABC-935D-38611FDF23BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E3217537-631B-4280-80C0-678DBE62A61F}" = protocol=6 | dir=out | app=system | "{FB7D267C-705E-4419-AC69-CAFCA109CFAF}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | "{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{4CCBEF83-A1BE-4B0E-AF1D-A77F065F3140}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{ED032D03-25AD-452A-A4FE-CC62129AEA71}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{235E349C-74FB-488D-933A-35311ACEAC81}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{BD7EDC30-EFBA-4D8B-8988-EB8E3E8E07C3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3 "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9509674F-3972-11DE-806D-005056806466}" = Google Earth "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "DivX Setup.divx.com" = DivX-Setup "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McDonald's Fairies " = McDonald's Fairies "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "NVIDIA Drivers" = NVIDIA Drivers "PokerStars" = PokerStars "PunkBusterSvc" = PunkBuster Services "ratDVD" = ratDVD 0.78.1444 "RealPlayer 6.0" = RealPlayer "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TVUPlayer" = TVUPlayer 2.4.7.2 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.1 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:54:54 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:57:32 | Computer Name = Kay-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 11.03.2011 16:57:33 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 57908 Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 57908 Error - 11.03.2011 18:36:57 | Computer Name = Kay-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 11.03.2011 09:33:54 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 09:33:59 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 09:34:18 | Computer Name = Kay-PC | Source = bowser | ID = 8003 Description = Error - 11.03.2011 16:33:12 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 16:33:22 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 16:33:39 | Computer Name = Kay-PC | Source = bowser | ID = 8003 Description = Error - 11.03.2011 16:57:36 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 16:57:37 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 18:37:01 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Users\Kay\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Users\Kay\Videos\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.31 19:14:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.03 22:47:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.03 22:47:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 20:37:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 20:37:42 | 000,000,000 | ---D | M] [2009.04.17 13:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Extensions [2011.03.11 22:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions [2010.04.27 15:03:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.09 13:51:05 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions\firefox@tvunetworks.com [2011.03.11 14:51:06 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-1.xml [2009.08.23 11:07:50 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-2.xml [2009.09.14 16:50:20 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-3.xml [2009.10.29 21:22:50 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-4.xml [2010.02.04 09:42:20 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-5.xml [2009.08.02 19:04:29 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin.xml [2011.03.05 22:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.06.27 23:45:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.14 15:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.31 21:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.29 05:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 12:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.05 22:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.03 22:47:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>  -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO[2011.02.03 22:47:51 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2009.10.20 14:13:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.12.14 08:59:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.05 00:39:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.06.14 15:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.31 21:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.29 05:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 12:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.05 22:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll [2010.10.09 12:30:50 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.09 12:30:50 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.06 19:15:49 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src [2010.10.09 12:30:50 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.09 12:30:50 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.09 12:30:50 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell - "" = AutoRun O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell - "" = AutoRun O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell - "" = AutoRun O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell - "" = AutoRun O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell - "" = AutoRun O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell - "" = AutoRun O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.11 23:11:54 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Malwarebytes [2011.03.11 23:11:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.11 23:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.11 23:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.11 23:11:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.11 23:11:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.10 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\vlc [2011.03.10 21:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.03.09 14:51:47 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 14:51:47 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 14:51:47 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 14:51:47 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.05 22:05:34 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.03.05 22:04:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.03.05 22:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.03.05 22:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.03.05 21:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.03.05 21:33:17 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.03.05 21:33:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.03.05 21:28:44 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.02.27 13:13:08 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Musik neu [2011.02.24 06:32:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.24 06:29:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.24 06:29:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.24 06:29:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.24 06:29:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.24 06:28:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.24 06:28:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.24 06:28:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.24 06:28:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.24 06:28:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.24 06:28:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.24 06:28:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.24 06:28:41 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.02.24 06:28:41 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.24 06:28:41 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.02.24 06:28:40 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.24 06:28:40 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll [2011.02.16 20:50:14 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Musik [2011.02.15 06:34:37 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\party [2009.07.02 09:33:10 | 401,192,504 | ---- | C] (Nero AG) -- C:\Users\Kay\AppData\Roaming\Nero-9.4.13.2b_trial.exe [2009.04.17 12:57:06 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2009.04.17 12:54:52 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.04.17 12:54:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2008.03.25 21:59:55 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [1 C:\Users\Kay\Desktop\*.tmp files -> C:\Users\Kay\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.11 23:37:22 | 000,084,091 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\nvModes.001 [2011.03.11 23:36:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.11 23:36:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.11 23:36:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.11 23:36:34 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2011.03.11 23:34:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.11 23:33:41 | 000,002,631 | ---- | M] () -- C:\Users\Kay\Desktop\Microsoft Office Word 2007.lnk [2011.03.11 23:11:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.11 22:55:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000UA.job [2011.03.11 06:56:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.11 06:56:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.11 06:56:45 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.11 06:56:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.10 21:01:59 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.03.06 17:12:53 | 000,028,672 | ---- | M] () -- C:\Windows\System32\msxml6rd.dll [2011.03.05 21:34:14 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.03.04 18:55:02 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000Core.job [2011.02.22 00:41:08 | 000,007,592 | ---- | M] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat [2011.02.20 18:20:42 | 000,137,216 | ---- | M] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll [2011.02.10 07:20:32 | 000,313,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\Kay\Desktop\*.tmp files -> C:\Users\Kay\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.11 23:11:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.10 21:01:59 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.03.06 17:12:53 | 000,028,672 | ---- | C] () -- C:\Windows\System32\msxml6rd.dll [2011.03.05 21:34:14 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.02.24 06:28:44 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.24 06:28:44 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.02.24 06:28:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.09.03 18:55:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.07.12 07:18:42 | 000,185,496 | ---- | C] () -- C:\Windows\hpoins29.dat.temp [2010.07.12 07:18:42 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp [2010.07.11 12:15:03 | 000,185,117 | ---- | C] () -- C:\Windows\hpoins29.dat [2010.07.11 12:15:03 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat [2009.08.23 10:56:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.23 10:56:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 00:19:19 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.08.03 00:19:19 | 000,022,328 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\PnkBstrK.sys [2009.08.03 00:19:05 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.08.03 00:19:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.08.03 00:19:03 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2009.06.27 23:28:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.06.08 15:07:58 | 000,007,592 | ---- | C] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat [2009.06.01 12:13:31 | 000,000,334 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\wklnhst.dat [2009.05.22 22:12:12 | 000,031,007 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\UserTile.png [2009.04.23 07:22:20 | 000,000,376 | ---- | C] () -- C:\Windows\mozregistry.dat [2009.04.18 09:26:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.04.17 14:20:57 | 000,137,216 | ---- | C] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.17 14:16:28 | 000,084,091 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\nvModes.001 [2009.04.17 14:16:26 | 000,084,091 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\nvModes.dat [2009.04.17 13:43:55 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2009.04.17 12:57:06 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2009.04.15 19:56:39 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2009.04.15 19:56:10 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2009.04.15 11:01:25 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2009.04.15 11:01:25 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2008.03.26 00:32:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.25 22:00:11 | 000,000,144 | ---- | C] () -- C:\Windows\Alaunch.ini [2008.03.25 21:59:55 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.03.25 21:59:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.03.25 15:21:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.25 15:20:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,313,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.06.18 20:42:03 | 000,000,000 | -HSD | M] -- C:\Users\Kay\AppData\Roaming\.# [2009.04.17 14:27:34 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Acer [2008.03.25 14:54:34 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Acer GameZone Console [2010.08.31 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Bytemobile [2009.04.21 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\FloodLightGames [2009.05.12 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Gaijin Ent [2011.01.29 14:36:36 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Gutscheinmieze [2011.03.10 23:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\ICQ [2009.04.20 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\iWin [2011.01.29 10:58:16 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Local [2009.10.20 14:17:01 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\OpenOffice.org [2009.06.01 12:14:08 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Template [2009.08.27 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Vodafone [2010.08.31 21:16:38 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Vodafone Mobile Connect [2011.03.11 23:34:56 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:131C0EE9 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7 < End of report > Ich hoffe mir kann jemand helfen ich habe überhaupt kein Plan was das alles zu bedeuten hat  können wohl nur Cracks..Gruß Kay danke im voraus... |
|
12.03.2011, 12:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.XPACK.Gen3 Hi,
__________________1. Bitte alle Logs von Malwarebytes posten 2. Das andere Log von OTL nachreichen, du hast nur die Extras gepostet.
__________________ |
|
13.03.2011, 14:17
| #3 |
| | TR/Crypt.XPACK.Gen3 Moin cosinus... Ich finde das ja richtig klasse das ich so schnell eine Antwort bekomme...
__________________ Zu 1. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6027 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 11.03.2011 23:33:01 mbam-log-2011-03-11 (23-33-01).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 173068 Laufzeit: 7 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmllllaudio (Trojan.Agent) -> Value: pmllllaudio -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssromnsys (Trojan.Agent) -> Value: ssromnsys -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Kay\AppData\Local\Temp\jkkheb.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. Zu 2.OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.03.2011 14:11:32 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kay\Videos Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 109,19 Gb Total Space | 39,59 Gb Free Space | 36,26% Space Free | Partition Type: NTFS Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.13 14:10:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kay\Videos\OTL(2).exe PRC - [2011.03.05 20:37:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.01.17 12:34:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.01.17 12:34:39 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.17 12:34:39 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Programme\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.09.11 12:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.04.17 12:33:50 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Kay\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.12 16:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe PRC - [2008.03.24 18:37:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.02.25 17:53:24 | 000,518,656 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.02.25 17:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.01.24 03:29:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.24 03:28:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2008.01.22 10:14:24 | 000,200,704 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.09 18:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe PRC - [2007.12.20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.11.27 18:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2007.11.22 09:01:00 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.11.22 09:01:00 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.10.10 06:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007.10.01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.09.28 18:18:24 | 000,233,472 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.09.20 13:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.09.06 11:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007.05.16 08:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.05.16 08:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe ========== Modules (SafeList) ========== MOD - [2011.03.13 14:10:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kay\Videos\OTL(2).exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.01.17 12:34:39 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.01.17 12:34:39 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008.02.25 17:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.11.27 18:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.11.22 09:01:00 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.10.01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.09.28 18:18:24 | 000,233,472 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.09.20 13:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.12.14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) ========== Driver Services (SafeList) ========== DRV - [2011.01.17 12:34:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.01.17 12:34:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.29 16:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 16:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.09 12:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2008.03.11 03:11:00 | 008,240,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.02.15 16:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.01.24 03:29:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2008.01.24 03:29:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2008.01.04 16:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2007.12.28 01:21:30 | 000,026,752 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerA310USB.sys -- (A310) DRV - [2007.12.28 01:21:24 | 000,042,752 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerA310Cap.sys -- (BDASwCap) DRV - [2007.10.31 03:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.03 09:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2007.06.12 09:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.31 19:14:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.03 22:47:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.03 22:47:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 20:37:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 20:37:42 | 000,000,000 | ---D | M] [2009.04.17 13:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Extensions [2011.03.11 22:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions [2010.04.27 15:03:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.09 13:51:05 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions\firefox@tvunetworks.com [2011.03.11 14:51:06 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-1.xml [2009.08.23 11:07:50 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-2.xml [2009.09.14 16:50:20 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-3.xml [2009.10.29 21:22:50 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-4.xml [2010.02.04 09:42:20 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-5.xml [2009.08.02 19:04:29 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin.xml [2011.03.05 22:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.06.27 23:45:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.14 15:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.31 21:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.29 05:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 12:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.05 22:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.03 22:47:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.02.03 22:47:51 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2009.10.20 14:13:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.12.14 08:59:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.05 00:39:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.06.14 15:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.31 21:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.29 05:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 12:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.05 22:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll [2010.10.09 12:30:50 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.09 12:30:50 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.06 19:15:49 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src [2010.10.09 12:30:50 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.09 12:30:50 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.09 12:30:50 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell - "" = AutoRun O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell - "" = AutoRun O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell - "" = AutoRun O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell - "" = AutoRun O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell - "" = AutoRun O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell - "" = AutoRun O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.11 23:11:54 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Malwarebytes [2011.03.11 23:11:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.11 23:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.11 23:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.11 23:11:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.11 23:11:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.10 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\vlc [2011.03.10 21:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.03.09 14:51:47 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 14:51:47 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 14:51:47 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 14:51:47 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.05 22:05:34 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.03.05 22:04:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.03.05 22:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.03.05 22:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.03.05 21:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.03.05 21:33:17 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.03.05 21:33:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.03.05 21:28:44 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.02.27 13:13:08 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Musik neu [2011.02.24 06:32:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.24 06:29:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.24 06:29:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.24 06:29:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.24 06:29:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.24 06:28:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.24 06:28:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.24 06:28:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.24 06:28:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.24 06:28:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.24 06:28:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.24 06:28:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.24 06:28:41 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.02.24 06:28:41 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.24 06:28:41 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.02.24 06:28:40 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.24 06:28:40 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll [2011.02.16 20:50:14 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Musik [2011.02.15 06:34:37 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\party [2009.07.02 09:33:10 | 401,192,504 | ---- | C] (Nero AG) -- C:\Users\Kay\AppData\Roaming\Nero-9.4.13.2b_trial.exe [2009.04.17 12:57:06 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2009.04.17 12:54:52 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.04.17 12:54:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2008.03.25 21:59:55 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [1 C:\Users\Kay\Desktop\*.tmp files -> C:\Users\Kay\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.13 13:55:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000UA.job [2011.03.13 13:18:25 | 000,084,091 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\nvModes.001 [2011.03.13 13:18:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.13 13:18:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.13 13:18:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.13 13:17:57 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2011.03.12 22:30:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.12 18:55:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000Core.job [2011.03.11 23:33:41 | 000,002,631 | ---- | M] () -- C:\Users\Kay\Desktop\Microsoft Office Word 2007.lnk [2011.03.11 23:11:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.11 06:56:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.11 06:56:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.11 06:56:45 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.11 06:56:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.10 21:01:59 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.03.06 17:12:53 | 000,028,672 | ---- | M] () -- C:\Windows\System32\msxml6rd.dll [2011.03.05 21:34:14 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.02.22 00:41:08 | 000,007,592 | ---- | M] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat [2011.02.20 18:20:42 | 000,137,216 | ---- | M] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll [1 C:\Users\Kay\Desktop\*.tmp files -> C:\Users\Kay\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.11 23:11:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.10 21:01:59 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.03.06 17:12:53 | 000,028,672 | ---- | C] () -- C:\Windows\System32\msxml6rd.dll [2011.03.05 21:34:14 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.02.24 06:28:44 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.24 06:28:44 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.02.24 06:28:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.09.03 18:55:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.07.12 07:18:42 | 000,185,496 | ---- | C] () -- C:\Windows\hpoins29.dat.temp [2010.07.12 07:18:42 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp [2010.07.11 12:15:03 | 000,185,117 | ---- | C] () -- C:\Windows\hpoins29.dat [2010.07.11 12:15:03 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat [2009.08.23 10:56:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.23 10:56:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 00:19:19 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.08.03 00:19:19 | 000,022,328 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\PnkBstrK.sys [2009.08.03 00:19:05 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.08.03 00:19:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.08.03 00:19:03 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2009.06.27 23:28:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.06.08 15:07:58 | 000,007,592 | ---- | C] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat [2009.06.01 12:13:31 | 000,000,334 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\wklnhst.dat [2009.05.22 22:12:12 | 000,031,007 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\UserTile.png [2009.04.23 07:22:20 | 000,000,376 | ---- | C] () -- C:\Windows\mozregistry.dat [2009.04.18 09:26:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.04.17 14:20:57 | 000,137,216 | ---- | C] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.17 14:16:28 | 000,084,091 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\nvModes.001 [2009.04.17 14:16:26 | 000,084,091 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\nvModes.dat [2009.04.17 13:43:55 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2009.04.17 12:57:06 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2009.04.15 19:56:39 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2009.04.15 19:56:10 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2009.04.15 11:01:25 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2009.04.15 11:01:25 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2008.03.26 00:32:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.25 22:00:11 | 000,000,144 | ---- | C] () -- C:\Windows\Alaunch.ini [2008.03.25 21:59:55 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.03.25 21:59:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.03.25 15:21:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.25 15:20:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,313,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.06.18 20:42:03 | 000,000,000 | -HSD | M] -- C:\Users\Kay\AppData\Roaming\.# [2009.04.17 14:27:34 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Acer [2008.03.25 14:54:34 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Acer GameZone Console [2010.08.31 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Bytemobile [2009.04.21 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\FloodLightGames [2009.05.12 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Gaijin Ent [2011.01.29 14:36:36 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Gutscheinmieze [2011.03.10 23:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\ICQ [2009.04.20 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\iWin [2011.01.29 10:58:16 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Local [2009.10.20 14:17:01 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\OpenOffice.org [2009.06.01 12:14:08 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Template [2009.08.27 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Vodafone [2010.08.31 21:16:38 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Vodafone Mobile Connect [2011.03.12 22:30:16 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:131C0EE9 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.03.2011 14:11:32 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kay\Videos
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,19 Gb Total Space | 39,59 Gb Free Space | 36,26% Space Free | Partition Type: NTFS
Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS
Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1283713252-3167488077-3547314567-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0997051B-6242-4D29-8087-5DE5D075D267}" = rport=138 | protocol=17 | dir=out | app=system |
"{1F7B12D1-2CEB-4DC2-931D-A3E7F969BF48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{281568E5-2B01-4292-9E90-6ABE1DA3008A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2936B9F2-6421-45C4-A2CC-423CA8420590}" = lport=137 | protocol=17 | dir=in | app=system |
"{33772836-517D-4C04-A1D9-81C6D773F48F}" = rport=445 | protocol=6 | dir=out | app=system |
"{579C7702-C5DD-4454-A537-1487F4A4AD75}" = rport=139 | protocol=6 | dir=out | app=system |
"{674606E0-CF3B-4DFD-A5AC-FA49588B3A37}" = lport=138 | protocol=17 | dir=in | app=system |
"{6E27FB57-4D8E-4B6A-BEB8-BAAFA428F0C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7497BCA1-589A-438C-AD93-1726D6CFC71D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7CD0DB40-B06A-427F-9E77-CD0E5A052D3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FAA178D-98F8-4910-8B86-8B92368C78DD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{80943857-A802-4F43-9A43-CFCF35C9621E}" = lport=139 | protocol=6 | dir=in | app=system |
"{828057CE-05FE-42DE-99B1-A96A879BC26A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E23D99D-25F3-4C45-8D82-F1B60B95CC73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{962676DB-4B5D-4BAF-844F-90C254A79203}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D75D204-0005-41E5-B9E1-DA18EBC382D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B5601ACB-7977-4DFE-8695-DE1911492995}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C32ECFAE-0DD2-4A0C-A69D-A27DE246CC42}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C91111C3-92BD-4F84-B5E6-0544C8692E18}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CF8B5008-0900-4406-905B-B5C8BB9F82E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{F718E3FC-4D29-438E-B26E-2322440440E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F7E598CD-6538-4EA2-85F9-45D48F7562F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEDAE504-4D07-42E6-88FB-CE7581B42F99}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EE51B8-A735-4E6E-9F4D-B139B342B798}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{072723F4-9127-4452-8360-4BFEFF2DFF33}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{116A830A-D020-4D63-B666-D1E564510058}" = protocol=6 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe |
"{128D4230-8DC2-4758-8D6C-E85215EC84B6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{20098CB2-6EC4-4B2E-B1D6-296FE7D83060}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2AAB555C-9A68-4E69-AEC2-A96E2BB60D0F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3014177A-3449-47A0-BCCF-0D0592514ECF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{34DF5A76-F01E-4F0A-B29D-894DFF8A1A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37D1BFB5-86B2-4CBB-9919-BFC568051CF8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3DC450DA-B9FA-4764-B2EA-F55A95223A0E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3E14BB6E-3682-417F-84BF-E806DB3E1A44}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3FA88C91-F072-4FBC-B5EC-3B2DBD1FA7AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3FCB5AE7-09D0-4A8F-9E10-538F1E57BBAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4146681E-11E0-4177-8212-2D73E4A60A1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4491238A-3850-4FE0-8AB5-A098B19D43F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48837EC7-9128-417D-8130-D15FF6B97C40}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{56AB5851-47F2-4EAD-9B8B-F92A975109D7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5708650B-93B2-4EBB-A746-A511646E7818}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5A1B7D1F-95AD-46CD-AF7F-62399525E4CF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5B9F157B-FE41-420C-ACC4-80D0CA7EDAA8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5DD128C5-72CB-4214-BDAC-4A7569D0CBC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5EAAF6FC-E1A4-4CBD-82F6-E2BEE7ED9B64}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5F0D5E1E-CD2C-4FFF-AFFA-9A6E4AE20260}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6F1D632C-C842-4BCC-98DC-7B3BB698DFA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{82DAD9D6-4EBA-473E-8A68-BE7E19E0ED09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8AC253EF-2477-4127-B1E0-E91FB3B29919}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B63EF71-4AC9-4DC5-87DC-0FE02FC11B43}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{8BDD2911-7D6C-4B6E-A0B3-605AA6A12CCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C506EF2-2387-43E4-B91C-4D614776CF9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CBAF7FB-23BD-40E4-BF66-D4A94726DEA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9FCC3E62-7102-4CCA-A40B-A8A6FAC5C9E6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{A19FFC8F-3498-4565-BB75-7848280F52E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{A8A13160-70AE-446D-ACC9-500865B17514}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{AA018E60-B4E0-4056-A4CA-C0A2A7D7A8D0}" = protocol=17 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe |
"{B2129303-F439-43B7-A898-1DB92BFE13B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{C1537E89-F7BA-48BB-99AD-86A97C178555}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C308FE1E-F736-4D68-828C-47ADF5D2EC10}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C542A1B6-70ED-4EF4-8FC2-8EC1083083C6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{CC01D276-ABE9-4B32-A963-F2A809A4EBCB}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{CF8DFE59-ED84-4915-B625-A303B7DAFF8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D2F57522-ABB8-4CCD-92B4-9991D47ED470}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D634A6D0-087F-4BD0-A3C4-151AF8C01FCD}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{DBA9BC6D-4637-4393-8DE1-BD9CDA217E72}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{E0DCBF8A-8EE2-4454-949E-B9B8F5A955D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E2319906-F246-4CEE-966E-B00F6046F30C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{E2C30BB0-AF80-4AF1-A36F-717AB2FAE6E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2D217DF-0F16-4ABC-935D-38611FDF23BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3217537-631B-4280-80C0-678DBE62A61F}" = protocol=6 | dir=out | app=system |
"{FB7D267C-705E-4419-AC69-CAFCA109CFAF}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{4CCBEF83-A1BE-4B0E-AF1D-A77F065F3140}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{ED032D03-25AD-452A-A4FE-CC62129AEA71}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{235E349C-74FB-488D-933A-35311ACEAC81}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{BD7EDC30-EFBA-4D8B-8988-EB8E3E8E07C3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McDonald's Fairies " = McDonald's Fairies
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 6.0" = RealPlayer
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.4.7.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.03.2011 11:42:32 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 501059
Error - 12.03.2011 13:47:42 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.03.2011 13:47:43 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.03.2011 15:37:32 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.03.2011 15:37:33 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.03.2011 16:08:57 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 12.03.2011 16:40:46 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.03.2011 16:40:47 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.03.2011 08:18:54 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.03.2011 08:19:03 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 12.03.2011 13:47:45 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12.03.2011 15:37:33 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.03.2011 15:37:34 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12.03.2011 15:37:42 | Computer Name = Kay-PC | Source = bowser | ID = 8003
Description =
Error - 12.03.2011 16:40:47 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.03.2011 16:40:47 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12.03.2011 16:40:48 | Computer Name = Kay-PC | Source = bowser | ID = 8003
Description =
Error - 13.03.2011 08:18:54 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.03.2011 08:19:04 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 13.03.2011 08:23:15 | Computer Name = Kay-PC | Source = bowser | ID = 8003
Description =
< End of report >
Ich hoffe du kannst mir da weiter helfen....... Gruß Kay |
|
13.03.2011, 14:28
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2011, 19:20
| #5 |
| | TR/Crypt.XPACK.Gen3 Hey Arne... hier der Vollscan Bericht... Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6042 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 13.03.2011 17:53:05 mbam-log-2011-03-13 (17-53-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 327169 Laufzeit: 1 Stunde(n), 14 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Frage: Heißt das ich habe keine Infizierten Objekte und alles ist gut bei mir? Gruß Kay |
|
13.03.2011, 19:25
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________ --> TR/Crypt.XPACK.Gen3 |
|
13.03.2011, 19:50
| #7 |
| | TR/Crypt.XPACK.Gen3 Hey Arne... hier der Vollscan Bericht... Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6042 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 13.03.2011 17:53:05 mbam-log-2011-03-13 (17-53-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 327169 Laufzeit: 1 Stunde(n), 14 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Frage: Heißt das ich habe keine Infizierten Objekte und alles ist gut bei mir? Gruß Kay |
|
14.03.2011, 09:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell - "" = AutoRun
O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun
O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun
O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell - "" = AutoRun
O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell - "" = AutoRun
O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
[2011.03.06 17:12:53 | 000,028,672 | ---- | C] () -- C:\Windows\System32\msxml6rd.dll
[2009.06.18 20:42:03 | 000,000,000 | -HSD | M] -- C:\Users\Kay\AppData\Roaming\.#
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2011, 14:10
| #9 |
| | TR/Crypt.XPACK.Gen3 Moin Arne... alles wie beschrieben geklappt... Hier das File... All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878e8805-4af7-11de-a086-001b24d1914f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878e8805-4af7-11de-a086-001b24d1914f}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53db-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53db-b535-11df-b337-be93d59fd303}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e6-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e6-b535-11df-b337-be93d59fd303}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e7-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e7-b535-11df-b337-be93d59fd303}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bdd18867-f71a-11df-ae4d-001e101f8924}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bdd18867-f71a-11df-ae4d-001e101f8924}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9755bac-cfbd-11df-941b-001e101f2500}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9755bac-cfbd-11df-941b-001e101f2500}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf529b9f-4150-11de-8649-ff49163a8588}\ not found. File .\recycled\info.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf529b9f-4150-11de-8649-ff49163a8588}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\setup_vmc_lite.exe /checkApplicationPresence not found. C:\Windows\System32\msxml6rd.dll moved successfully. C:\Users\Kay\AppData\Roaming\.# folder moved successfully. ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully. ADS C:\ProgramData\TEMP:8173A019 deleted successfully. ADS C:\ProgramData\TEMP:9F683177 deleted successfully. ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully. ADS C:\ProgramData\TEMP:131C0EE9 deleted successfully. ADS C:\ProgramData\TEMP:FC420CE6 deleted successfully. ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully. ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully. ADS C:\ProgramData\TEMP:793F316E deleted successfully. ADS C:\ProgramData\TEMP:4F636E25 deleted successfully. ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes User: Journal User: Kay ->Temp folder emptied: 5693458152 bytes ->Java cache emptied: 58219663 bytes ->FireFox cache emptied: 70657779 bytes ->Google Chrome cache emptied: 8331582 bytes ->Apple Safari cache emptied: 3681280 bytes ->Flash cache emptied: 189538 bytes User: Public User: RegBack User: systemprofile User: TxR %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 36184601 bytes RecycleBin emptied: 230069 bytes Total Files Cleaned = 5.599,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03142011_140320 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ich hoffe das ist was du meinst... Gruß Kay |
|
14.03.2011, 14:13
| #10 |
| | TR/Crypt.XPACK.Gen3 ist jetzt noch was zu tun??? |
|
14.03.2011, 14:22
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2011, 07:01
| #12 |
| | TR/Crypt.XPACK.Gen3 Hallo Cosinus also das Problem ist bis jetzt nicht wieder aufgetreten... habe nochmal eine Prüfung gemacht und jetzt sagt mir Avira..."keine Funde" hmmm... ich glaube das problem hat sich beim Fixen mit Malwarebytes geklärt.... ich danke dir aber trotzdem für deine Hilfe..super das es alles so schnell ging... kann ich nur weiter empfehlen >Gruß kay |
|
18.03.2011, 12:11
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 Bitte führe CF aus!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2011, 15:06
| #14 |
| | TR/Crypt.XPACK.Gen3 hey Cosinus.. hier der Text von CF: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-17.02 - Kay 18.03.2011 14:45:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.990 [GMT 1:00]
ausgeführt von:: c:\users\Kay\Videos\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kay\AppData\Roaming\Local
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\82b659de07fb7dab5cd24ccbef0ec5a8.avi.ddr
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\e200708b58a32d8f446a58ce5ee0d17e.avi.ddr
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\82b659de07fb7dab5cd24ccbef0ec5a8.avi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\e200708b58a32d8f446a58ce5ee0d17e.avi.ddp
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\users\Kay\videos\avira_antivir_personal_de.exe
c:\users\Kay\videos\AVSVideoConverter71.exe
c:\users\Kay\videos\BitTorrent-7.0.exe
c:\users\Kay\videos\ComboFix.exe
c:\users\Kay\videos\DivXInstaller.exe
c:\users\Kay\videos\DivXInstaller812.exe
c:\users\Kay\videos\DVDShrink_3.2_Deutsch-Setup.exe
c:\users\Kay\videos\eMule0.50a-Installer.exe
c:\users\Kay\videos\FreeYouTubeToMP3Converter32.exe
c:\users\Kay\videos\install_flash_player.exe
c:\users\Kay\videos\install_icq7.exe
c:\users\Kay\videos\iTunesSetup(2).exe
c:\users\Kay\videos\iTunesSetup.exe
c:\users\Kay\videos\Kids Art Emoticons Setup.exe
c:\users\Kay\videos\l33t.exe
c:\users\Kay\videos\mbam-setup.exe
c:\users\Kay\videos\OOo_3.1.1_Win32Intel_install_wJRE_de.exe
c:\users\Kay\videos\OTL(2).exe
c:\users\Kay\videos\OTL.exe
c:\users\Kay\videos\PS_AIO_03_C4400_NonNet_Basic_Win_deu_110_175_NB.exe
c:\users\Kay\videos\ratDVDSetup-0.78.1444.exe
c:\users\Kay\videos\SUPERsetup38.exe
c:\users\Kay\videos\SweetImSetup.exe
c:\users\Kay\videos\Utorrent3.0Alpha.exe
c:\users\Kay\videos\wlsetup-web.exe
c:\users\Kay\videos\wlsetup-web_8064.exe
c:\users\Kay\videos\wrar380d.exe
c:\users\Kay\videos\youtube_music_downloader.exe
c:\users\Kay\videos\YouTubeDownloaderSetup257.exe
c:\users\Kay\videos\YouTubeDownloaderSetup265.exe
c:\windows\ST6UNST.000
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-18 bis 2011-03-18 ))))))))))))))))))))))))))))))
.
.
2011-03-18 13:23 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5ED4D6A-9799-4E18-8C12-284D3D4D4034}\mpengine.dll
2011-03-17 21:39 . 2011-03-17 21:39 -------- d-----w- c:\program files\iPod
2011-03-14 13:03 . 2011-03-14 13:03 -------- d-----w- C:\_OTL
2011-03-11 22:11 . 2011-03-11 22:11 -------- d-----w- c:\users\Kay\AppData\Roaming\Malwarebytes
2011-03-11 22:11 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 22:11 . 2011-03-11 22:11 -------- d-----w- c:\programdata\Malwarebytes
2011-03-11 22:11 . 2011-03-11 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-11 22:11 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-10 20:03 . 2011-03-10 20:03 -------- d-----w- c:\users\Kay\AppData\Roaming\vlc
2011-03-09 13:51 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 13:51 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 13:51 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 13:51 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 13:51 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 13:51 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-05 21:05 . 2011-03-05 21:05 -------- d-----w- c:\program files\Common Files\Java
2011-03-05 20:33 . 2011-03-17 21:40 -------- d-----w- c:\program files\iTunes
2011-03-05 20:28 . 2011-03-05 20:28 -------- d-----w- c:\program files\Bonjour
2011-02-24 05:29 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 05:29 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 05:29 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 05:29 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 13:44 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 20:40 . 2010-06-14 14:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-08 19:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 14:04 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 14:04 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 14:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 14:04 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 14:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 14:04 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 14:04 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 14:04 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 14:04 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 14:04 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 14:04 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 14:04 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 14:04 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 14:04 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 14:04 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 14:04 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 14:04 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 14:04 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 14:04 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 14:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 14:04 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 14:04 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 14:04 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 14:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 14:04 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 14:04 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 14:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 14:04 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-17 11:34 . 2009-06-27 19:55 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-17 11:34 . 2009-06-27 19:55 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-08 08:47 . 2011-02-09 14:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 14:01 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 14:04 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-11 18:14 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-23 19:02 . 2010-12-23 19:02 1222408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-20 16:36 . 2011-02-09 14:03 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37 . 2011-02-09 14:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:55 . 2011-02-09 14:03 389632 ----a-w- c:\windows\system32\html.iec
2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Kay\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-28 133104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-17 281768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-02 13:17 707080 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-04-18 08:32 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1283713252-3167488077-3547314567-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-17 135336]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2007-12-28 26752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2007-12-28 42752]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000Core.job
- c:\users\Kay\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-28 09:40]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000UA.job
- c:\users\Kay\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-28 09:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: bmnet.dll
FF - ProfilePath - c:\users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-18 14:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'Explorer.exe'(3788)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-18 15:04:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-03-18 14:04
.
Vor Suchlauf: 15 Verzeichnis(se), 50.738.139.136 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 50.243.518.464 Bytes frei
.
- - End Of File - - 3E1DA62550FE76C98F4EBE1BB921BDC0
kein plan was du damit machst...aber ich frage auch gar nicht mehr Gruß kay |
|
18.03.2011, 15:19
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3 Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
