|
Log-Analyse und Auswertung: TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :(Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.04.2011, 22:35 | #1 |
| TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :( Hallo liebe Community , auch ich bin auf der Suche nach Hilfe bei dem oben genannten Virus auf dieses Board gestoßen. Es handelt sich hierbei um den Laptop einer Bekannten (die 400 km entfernt sitzt), wie bei vielen anderen ist der Desktop schwarz und sämtliche Dateien wurden versteckt. Ich habe mich hier im Forum erst mal informiert und ihr dann mit den Informationen aus anderen Themen zum selben Virus eine Anleitung geschickt. Das System bootet nach etwa 10-15 Minuten selbstständig neu, also wurde das Laptop im abgesicherten Modus gestartet und das System mit OTL gescannt. Die OTL files lade ich hier mit hoch. Die unhide.exe wurde ebenfalls (nach dem Scan) ausgeführt. Ich hoffe dass bisher alles korrekt gehandhabt wurde. Falls Informationen fehlen, oder sich Fehler eingeschlichen haben werden wir das natürlich schnellstens nachbessern. Ich hoffe ihr könnt hier helfen. In diesem Sinne vielen vielen Dank im Vorraus und allen ein frohes Osterfest. Gruß, Daddalus OTL Extras Code:
ATTFilter OTL Extras logfile created on: 23.04.2011 22:04:52 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = E:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 3,49 Gb Free Space | 2,42% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 140,41 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive E: | 3,74 Gb Total Space | 3,74 Gb Free Space | 99,97% Space Free | Partition Type: FAT32 Computer Name: Name-PC | User Name: Name | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bertelsmann Fotowelt] -- "C:\Program Files\Bertelsmann Fotowelt\Bertelsmann Fotowelt\Bertelsmann Fotowelt.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.) "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.) "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1AF4D769-7889-40BC-8843-CF79BE313E56}" = lport=137 | protocol=17 | dir=in | app=system | "{40B8CD66-E236-4493-8728-7DF43794BD41}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{41E5CBB9-21DB-43C6-8F3F-D1FA23AFC8B6}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{4AE8E70D-DDAC-4AE2-BD93-3355CD470478}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6BB428FF-CF99-418F-ADC9-9D631E5EFC04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{751EC3E6-B001-498F-9D93-216AE6CA2C77}" = lport=445 | protocol=6 | dir=in | app=system | "{75DAABD5-A0C0-4F62-9254-7C3FFF57CB47}" = lport=2869 | protocol=6 | dir=in | app=system | "{8303FC89-EB76-4C15-9B1D-B8CC9457D638}" = rport=138 | protocol=17 | dir=out | app=system | "{8597083C-B6CA-45A3-ACDA-AB4BB3756BB9}" = rport=445 | protocol=6 | dir=out | app=system | "{950AD0FA-E1D2-4D3D-BE94-F8E0180735C0}" = rport=137 | protocol=17 | dir=out | app=system | "{B303F299-1F2D-4D04-968D-16544B3F824B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D9E70A1F-5BB9-4428-BC2D-5FA8735BDA36}" = lport=138 | protocol=17 | dir=in | app=system | "{F28FF124-618E-4F07-A0A6-A31D877D5B7C}" = lport=139 | protocol=6 | dir=in | app=system | "{FC0048DD-C3BF-400B-B5BF-A300BFE3E5D4}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B1A7314-FB74-417A-B99A-03A17D9BEB29}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{0D978D3B-0E0C-478A-A611-056B63635A96}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{11628402-3DE9-414B-987E-C6FE8B532482}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{11C3D353-3B4A-4BF6-A090-077D01B7E6F9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{124CF5BE-0663-4CC4-990D-9D0BBFCE5E72}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{148B3A7E-57B5-4EA4-8308-039A1058130F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{193FA91D-707D-4263-BEB1-F6D17D5EDAF9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{1D7BC3E8-D6D3-4DD0-8D3C-33C6DCC677CB}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{2609B54C-8A57-4A98-9BE1-5DAC69D403DD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{2D0817C8-294C-4FA6-BF65-4C76C50F1FBD}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{2ECB4E8B-F80C-49FC-A3F9-11103CAD2E28}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{33E8EDFC-0272-435A-844F-FE09CC683A79}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{3BE5473D-7C67-474F-9BC8-627E6687B9A6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{44769A0C-4C6F-4FB8-90F3-138B4E512B6F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{463440D0-C136-4363-BB4B-6BAE6AAD4B2C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{526F995D-A6C6-433D-8846-CE61A09453A1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{53C63E13-45FB-4BA6-AF94-0A79F2EBACC4}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe | "{5EBE0C63-7FE0-4C42-9DDE-C05D8754A42C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{6801680D-B05D-48A8-8E42-D032F0BE0146}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{7BF31766-9CAA-4717-AF5B-C0FE96F4B675}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{848ED36D-7B17-41A0-A1A4-47EE23E22C8D}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe | "{85B0C7A3-8076-4A44-AFE6-6950DB1EA1E9}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{86D24BD9-3A52-4A6D-808A-611CF7EA8472}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{93CCD154-E739-453B-B51C-F1A2878564D6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{97A58753-95EA-4A33-B4F1-9FF33A4D972B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{ACA30BBF-3F37-49AA-9A73-BFDB9A43FD5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B1AD6FEC-C20F-4132-9799-112FD78285D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{BD635577-64CE-436D-85B8-B636DA662F83}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{C1CF9554-9D54-44C7-9F76-FCE849912332}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{C5E12CCB-2BB4-408E-9079-A01C7D13FB18}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{C63E80DD-7105-47F9-92C6-24A103D85A33}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{C6624F61-9854-4ABB-929A-72B92B592B70}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C7FFD312-67A0-43D7-9A42-A19AA54002CC}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{CB37A38C-0038-44AC-9E68-03DAF156858D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{CB8DD8F5-3CDC-4A08-967F-23ABBD768A2E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{DEE74847-5773-4312-92DE-83BA9B56FFE9}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{DF94AB67-1C9B-4BBF-9B56-95D0C41991B0}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{F6C85A1C-8880-4B7D-99E7-EC9E5D649417}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{FEE6E85C-F423-4791-9E82-AC54194BDF85}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{FFA54780-0426-4BC0-AF17-3D5FDA700604}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.6 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2338C1CD-3423-48BC-8AF3-39385F176076}" = Konz 2011 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{24DF7221-644B-4C3A-A478-459502D40522}" = Backup "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX "{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360 "{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009 "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB "{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010 "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{50783F4B-B5A3-4DBA-8EC5-83247ABFF814}_is1" = 1.0 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{64FD26E2-E914-4B04-9629-CC55944C1D3B}" = SymNet "{651B2108-71B4-4A1D-A2AA-4A2CFEB75926}" = Digimax i50 MP3 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{68258A46-B8CD-4B84-924C-FF1FF343810B}" = USB 2.0 PC Camera "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C92D94C-5676-4496-9EF3-FC2248A43BDA}" = Das Milliardenquiz "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117601840}" = Farm Frenzy 3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81 "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AECEF61B-4916-4E54-9ED5-6F4CBDAE2048}" = Finding Nemo UWF "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D16ECDF4-DA6F-418F-947A-C1652B5CFD96}" = SweetIM for Messenger 2.7 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bertelsmann Fotowelt" = Bertelsmann Fotowelt "Burger Rush" = Burger Rush "Burger Shop 21.0" = Burger Shop 2 "CADE_is1" = Cooking Academy "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "conduitEngine" = Conduit Engine "D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender "ENTERPRISE" = Microsoft Office Enterprise 2007 "Farm Frenzy 21.0" = Farm Frenzy 2 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.91 "Free Video Converter_is1" = Free Video Converter V 2.9 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "Google Updater" = Google Updater "GridVista" = Acer GridVista "HandBrake" = HandBrake 0.9.5 "ICQToolbar" = ICQ Toolbar "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2338C1CD-3423-48BC-8AF3-39385F176076}" = Konz 2011 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{AECEF61B-4916-4E54-9ED5-6F4CBDAE2048}" = Nemo's UWF Demo Sampler "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Lexmark 5400 Series" = Lexmark 5400 Series "LimeWire" = LimeWire 5.1.3 "LiveBilliards" = LiveBilliards "LManager" = Launch Manager "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "NVIDIA Drivers" = NVIDIA Drivers "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2 "softonic-de3 Toolbar" = softonic-de3 Toolbar "SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions "WinLiveSuite_Wave3" = Windows Live Essentials "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 08.04.2010 11:17:05 | Computer Name = Name-PC | Source = Google Update | ID = 20 Description = Error - 08.04.2010 14:27:04 | Computer Name = Name-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1468 Anfangszeit: 01cad72fac3a4ae7 Zeitpunkt der Beendigung: 17 Error - 09.04.2010 07:31:33 | Computer Name = Name-PC | Source = WinMgmt | ID = 10 Description = Error - 09.04.2010 10:09:22 | Computer Name = Name-PC | Source = WinMgmt | ID = 10 Description = Error - 09.04.2010 10:14:13 | Computer Name = Name-PC | Source = WinMgmt | ID = 10 Description = Error - 09.04.2010 13:01:15 | Computer Name = Name-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1594 Anfangszeit: 01cad7ef0135ab74 Zeitpunkt der Beendigung: 33 Error - 09.04.2010 13:20:31 | Computer Name = Name-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 10c8 Anfangszeit: 01cad80644908fe4 Zeitpunkt der Beendigung: 36 Error - 10.04.2010 05:06:17 | Computer Name = Name-PC | Source = WinMgmt | ID = 10 Description = Error - 11.04.2010 05:50:13 | Computer Name = Name-PC | Source = WinMgmt | ID = 10 Description = Error - 11.04.2010 06:35:56 | Computer Name = Name-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 1.9.2.3743 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 12c0 Anfangszeit: 01cad95c8dc9ff55 Zeitpunkt der Beendigung: 18 [ OSession Events ] Error - 17.05.2010 13:37:16 | Computer Name = Name-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5329 seconds with 0 seconds of active time. This session ended with a crash. Error - 22.12.2010 12:42:00 | Computer Name = Name-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 21.04.2011 16:28:47 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7022 Description = Error - 21.04.2011 16:51:24 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7022 Description = Error - 23.04.2011 15:53:36 | Computer Name = Name-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{378858DE-4024-4C27-BBCE-E1E7444B31E5} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 23.04.2011 15:57:59 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7006 Description = Error - 23.04.2011 15:57:59 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7006 Description = Error - 23.04.2011 15:58:22 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7006 Description = Error - 23.04.2011 15:58:22 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7006 Description = Error - 23.04.2011 15:59:26 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7022 Description = Error - 23.04.2011 16:00:38 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7006 Description = Error - 23.04.2011 16:00:38 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7006 Description = < End of report > Code:
ATTFilter OTL logfile created on: 23.04.2011 22:04:52 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = E:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 3,49 Gb Free Space | 2,42% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 140,41 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive E: | 3,74 Gb Total Space | 3,74 Gb Free Space | 99,97% Space Free | Partition Type: FAT32 Computer Name: Name-PC | User Name: Name | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.23 21:35:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2011.03.04 14:36:20 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.04 14:36:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (SafeList) ========== MOD - [2011.04.23 21:35:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.04 14:36:20 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.04 14:36:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.07.14 18:14:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.09.23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009.02.01 16:48:27 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice) SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2008.09.05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2008.08.19 15:27:22 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.07.29 18:53:00 | 000,500,784 | -H-- | M] (Egis Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.02.21 16:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007.12.06 17:15:28 | 000,110,592 | -H-- | M] () [Disabled | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.08.22 02:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2006.11.22 10:11:36 | 000,537,520 | -H-- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxctcoms.exe -- (lxct_device) ========== Driver Services (SafeList) ========== DRV - [2011.03.04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.03.04 14:36:34 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.12.16 11:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110121.002\NAVEX15.SYS -- (NAVEX15) DRV - [2010.12.16 11:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110121.002\NAVENG.SYS -- (NAVENG) DRV - [2010.09.15 20:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20110118.001\IDSvix86.sys -- (IDSvix86) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2010.05.26 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009.02.19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM) DRV - [2009.02.19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2009.02.19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2009.02.19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2009.02.19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2009.02.19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2009.02.10 17:53:46 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008.09.05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2008.08.28 16:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.08.19 15:23:00 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.07.30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon) DRV - [2008.07.18 18:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.18 17:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.06.25 07:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.05.19 18:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.02.01 03:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2008.02.01 03:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2008.02.01 03:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2008.01.16 19:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.10.19 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.08.08 18:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2007.03.28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.01.20 11:37:22 | 012,028,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) DRV - [2004.04.05 08:57:46 | 000,966,352 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Capi20.sys -- (CAPI20) DRV - [2003.03.19 14:36:48 | 000,037,696 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\detewecp.sys -- (DETEWECP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1208&m=aspire_6930g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1208&m=aspire_6930g IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1208&m=aspire_6930g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 21:05:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 21:05:26 | 000,000,000 | ---D | M] [2010.02.07 22:49:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Extensions [2009.06.16 23:55:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.04.21 21:41:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Profiles\wx4mavll.Standard-Benutzer\extensions [2011.03.25 16:29:44 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Name\AppData\Roaming\mozilla\Profiles\wx4mavll.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.25 16:29:44 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Name\AppData\Roaming\mozilla\Profiles\wx4mavll.Standard-Benutzer\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.03.25 16:29:43 | 000,000,000 | -H-D | M] () -- C:\Users\Name\AppData\Roaming\mozilla\Profiles\wx4mavll.Standard-Benutzer\extensions\fbdislike@doweb.fr [2010.04.26 17:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009.12.01 19:17:11 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [2010.04.26 17:22:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009.12.01 19:17:11 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKCU..\Run: [Gsezozabulamufoy] C:\Users\Name\AppData\Local\utehifop.dll (Belcarra Technologies) O4 - Startup: C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Name\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Name\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d32dc6db-f20d-11dd-a9bd-00238b553d32}\Shell\AutoRun\command - "" = rtkgfubq.exe O33 - MountPoints2\{d32dc6db-f20d-11dd-a9bd-00238b553d32}\Shell\explore\Command - "" = rtkgfubq.exe O33 - MountPoints2\{d32dc6db-f20d-11dd-a9bd-00238b553d32}\Shell\open\Command - "" = rtkgfubq.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.23 21:58:01 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.04.21 22:08:27 | 000,000,000 | -H-D | C] -- C:\Users\Name\AppData\Roaming\Avira [2011.04.21 21:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.04.21 21:51:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.04.21 21:51:09 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.04.21 21:51:09 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.04.21 21:51:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira [2011.04.21 21:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.04.21 21:37:45 | 000,000,000 | -H-D | C] -- C:\Users\Name\AppData\Local\{6F134934-B5CB-4E7A-B33E-2BE262F01860} [2011.04.21 21:36:53 | 000,000,000 | -H-D | C] -- C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.14 18:00:56 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 18:00:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 18:00:50 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 18:00:50 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 18:00:47 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 18:00:38 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 18:00:38 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 18:00:38 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 18:00:38 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.14 18:00:38 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 18:00:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.14 18:00:36 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 18:00:34 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.14 18:00:33 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.10 20:37:08 | 000,000,000 | -H-D | C] -- C:\Users\Name\Desktop\Neuer Ordner (3) [2011.04.09 13:34:42 | 000,000,000 | -H-D | C] -- C:\Users\Name\AppData\Roaming\HandBrake [2011.04.09 13:34:42 | 000,000,000 | -H-D | C] -- C:\Users\Name\AppData\Local\HandBrake [2011.04.09 13:34:33 | 000,000,000 | -H-D | C] -- C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake [2011.04.09 13:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake [2011.04.09 13:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake [2011.04.06 20:09:05 | 000,000,000 | -H-D | C] -- C:\Users\Name\Desktop\Name [2011.03.27 13:38:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\elsterformular [2011.03.27 13:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2011.03.27 13:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular [2011.03.27 13:36:20 | 000,000,000 | -H-D | C] -- C:\Windows\System32\Visagesoft [2011.03.27 13:36:19 | 000,816,264 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDMOD.DLL [2011.03.27 13:36:19 | 000,760,968 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSDMOD.DLL [2011.03.27 13:36:19 | 000,384,512 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDMOD.DLL [2011.03.27 13:36:19 | 000,316,040 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DMOD.DLL [2011.03.27 13:36:19 | 000,278,559 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\WMV8DS32.AX [2011.03.27 13:36:19 | 000,258,048 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDS32.AX [2011.03.27 13:36:19 | 000,241,664 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DMOD.DLL [2011.03.27 13:36:19 | 000,221,184 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSADDS32.AX [2011.03.27 13:36:19 | 000,121,160 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\mscal.ocx [2011.03.27 13:36:19 | 000,074,000 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\msrclr40.dll [2011.03.27 13:36:19 | 000,028,944 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\msrecr40.dll [2011.03.27 13:36:19 | 000,000,000 | -H-D | C] -- C:\Windows\System32\AIM [2011.03.27 13:36:18 | 001,046,288 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJET35.DLL [2011.03.27 13:36:18 | 000,415,504 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSREPL35.DLL [2011.03.27 13:36:18 | 000,368,912 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\VBAR332.DLL [2011.03.27 13:36:18 | 000,330,000 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSEXCH35.DLL [2011.03.27 13:36:18 | 000,287,504 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSXBSE35.DLL [2011.03.27 13:36:18 | 000,252,176 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSRD2X35.DLL [2011.03.27 13:36:18 | 000,250,128 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSPDOX35.DLL [2011.03.27 13:36:18 | 000,250,128 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSEXCL35.DLL [2011.03.27 13:36:18 | 000,166,160 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSLTUS35.DLL [2011.03.27 13:36:18 | 000,165,648 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSTEXT35.DLL [2011.03.27 13:36:18 | 000,148,240 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJINT35.DLL [2011.03.27 13:36:18 | 000,024,848 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSJTER35.DLL [2011.03.27 13:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Konz Steuertricks [2011.03.27 13:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\USM [2011.03.27 13:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2010 [2011.03.25 16:32:04 | 000,000,000 | -H-D | C] -- C:\Users\Name\Desktop\Fasnet 2011 [2010.09.01 21:11:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [2010.09.01 21:11:04 | 000,172,032 | -H-- | C] ( ) -- C:\Windows\rsnp2std.dll [2009.10.19 21:57:08 | 000,361,984 | -H-- | C] (Belcarra Technologies) -- C:\Users\Name\AppData\Local\utehifop.dll [2009.10.17 21:35:14 | 000,413,696 | -H-- | C] ( ) -- C:\Windows\System32\lxctinpa.dll [2009.10.17 21:35:14 | 000,397,312 | -H-- | C] ( ) -- C:\Windows\System32\lxctiesc.dll [2009.10.17 21:35:14 | 000,323,584 | -H-- | C] ( ) -- C:\Windows\System32\LXCThcp.dll [2009.10.17 21:35:13 | 001,224,704 | -H-- | C] ( ) -- C:\Windows\System32\lxctserv.dll [2009.10.17 21:35:13 | 000,991,232 | -H-- | C] ( ) -- C:\Windows\System32\lxctusb1.dll [2009.10.17 21:35:13 | 000,696,320 | -H-- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll [2009.10.17 21:35:13 | 000,643,072 | -H-- | C] ( ) -- C:\Windows\System32\lxctpmui.dll [2009.10.17 21:35:13 | 000,585,728 | -H-- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll [2009.10.17 21:35:13 | 000,537,520 | -H-- | C] ( ) -- C:\Windows\System32\lxctcoms.exe [2009.10.17 21:35:13 | 000,421,888 | -H-- | C] ( ) -- C:\Windows\System32\lxctcomm.dll [2009.10.17 21:35:13 | 000,385,968 | -H-- | C] ( ) -- C:\Windows\System32\lxctih.exe [2009.10.17 21:35:13 | 000,163,840 | -H-- | C] ( ) -- C:\Windows\System32\lxctprox.dll [2009.10.17 21:35:13 | 000,094,208 | -H-- | C] ( ) -- C:\Windows\System32\lxctpplc.dll [2009.10.17 21:35:12 | 000,684,032 | -H-- | C] ( ) -- C:\Windows\System32\lxctcomc.dll [2009.10.17 21:35:12 | 000,381,872 | -H-- | C] ( ) -- C:\Windows\System32\lxctcfg.exe [2008.11.28 04:43:27 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.23 22:02:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.23 22:02:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.23 22:02:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.23 22:01:52 | 3215,843,328 | -HS- | M] () -- C:\hiberfil.sys [2011.04.23 22:00:54 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.23 22:00:54 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.23 22:00:54 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.23 22:00:54 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.23 21:56:32 | 000,007,592 | -H-- | M] () -- C:\Users\Name\AppData\Local\d3d9caps.dat [2011.04.23 21:56:27 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.23 21:54:38 | 000,000,120 | -H-- | M] () -- C:\Users\Name\AppData\Local\Vpoluresiqaquzuw.dat [2011.04.23 21:54:38 | 000,000,000 | -H-- | M] () -- C:\Users\Name\AppData\Local\Umuyuteroyow.bin [2011.04.23 21:53:52 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.21 21:51:47 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.04.21 21:36:54 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~51109640r [2011.04.21 21:36:54 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~51109640 [2011.04.21 21:36:53 | 000,000,587 | -H-- | M] () -- C:\Users\Name\Desktop\Windows Recovery.lnk [2011.04.21 21:36:48 | 000,000,336 | -H-- | M] () -- C:\ProgramData\51109640 [2011.04.21 21:35:53 | 000,027,839 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.04.21 21:35:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.04.21 21:31:54 | 000,569,344 | -H-- | M] () -- C:\ProgramData\uvEWQXCeAJwf.exe [2011.04.21 21:22:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.16 16:56:09 | 002,352,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.13 13:27:40 | 002,160,853 | -H-- | M] () -- C:\Users\Name\Desktop\13042011557.JPG [2011.04.13 13:27:32 | 002,032,434 | -H-- | M] () -- C:\Users\Name\Desktop\13042011556.JPG [2011.04.13 13:27:28 | 002,098,557 | -H-- | M] () -- C:\Users\Name\Desktop\13042011555.JPG [2011.04.10 21:15:08 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll [2011.04.09 13:34:33 | 000,000,780 | -H-- | M] () -- C:\Users\Name\Desktop\Handbrake.lnk [2011.04.05 17:56:09 | 273,186,119 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.03.28 00:26:44 | 000,002,653 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2010.lnk [2011.03.27 13:38:01 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 21:51:47 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.04.21 21:37:47 | 000,000,120 | -H-- | C] () -- C:\Users\Name\AppData\Local\Vpoluresiqaquzuw.dat [2011.04.21 21:37:47 | 000,000,000 | -H-- | C] () -- C:\Users\Name\AppData\Local\Umuyuteroyow.bin [2011.04.21 21:36:54 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~51109640r [2011.04.21 21:36:54 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~51109640 [2011.04.21 21:36:53 | 000,000,587 | -H-- | C] () -- C:\Users\Name\Desktop\Windows Recovery.lnk [2011.04.21 21:36:48 | 000,000,336 | -H-- | C] () -- C:\ProgramData\51109640 [2011.04.21 21:31:55 | 000,569,344 | -H-- | C] () -- C:\ProgramData\uvEWQXCeAJwf.exe [2011.04.15 17:03:36 | 002,160,853 | -H-- | C] () -- C:\Users\Name\Desktop\13042011557.JPG [2011.04.15 17:03:36 | 002,098,557 | -H-- | C] () -- C:\Users\Name\Desktop\13042011555.JPG [2011.04.15 17:03:36 | 002,032,434 | -H-- | C] () -- C:\Users\Name\Desktop\13042011556.JPG [2011.04.09 13:34:33 | 000,000,780 | -H-- | C] () -- C:\Users\Name\Desktop\Handbrake.lnk [2011.03.27 13:38:01 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2011.03.27 13:36:19 | 000,000,696 | -H-- | C] () -- C:\Windows\System32\jetodbc.rsp [2011.03.27 13:32:35 | 000,002,653 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2010.lnk [2010.09.05 00:04:45 | 000,484,352 | -H-- | C] () -- C:\Windows\System32\lame_enc.dll [2010.09.01 21:11:08 | 012,028,800 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2010.09.01 21:11:08 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2010.09.01 21:11:08 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2010.01.05 17:12:01 | 000,000,059 | -H-- | C] () -- C:\Windows\WINPHONE.INI [2009.10.19 21:57:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.19 21:57:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.19 21:57:08 | 000,092,672 | -H-- | C] () -- C:\Users\Name\AppData\Local\aizetatr.dll [2009.10.17 21:35:14 | 000,274,432 | -H-- | C] () -- C:\Windows\System32\LXCTinst.dll [2009.10.17 21:35:13 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\lxctgrd.dll [2009.05.15 18:13:50 | 000,027,648 | -H-- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.04.25 16:50:37 | 000,000,000 | -H-- | C] () -- C:\Windows\LiveBilliards.INI [2009.04.11 00:10:30 | 000,007,592 | -H-- | C] () -- C:\Users\Name\AppData\Local\d3d9caps.dat [2009.02.09 18:32:38 | 000,000,400 | -H-- | C] () -- C:\Windows\ODBC.INI [2009.02.04 22:21:08 | 000,093,184 | -H-- | C] () -- C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.04 22:20:10 | 000,000,000 | -H-- | C] () -- C:\Windows\JCMKR32.INI [2009.02.02 19:29:19 | 000,027,839 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2009.02.02 18:35:07 | 000,027,839 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2009.02.01 18:22:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.02.01 17:15:52 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2008.11.28 04:41:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.11.27 21:26:09 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.11.27 21:26:09 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.11.27 20:54:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.11.27 20:45:50 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.11.27 20:45:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2008.11.27 20:45:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.11.27 20:45:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.11.27 20:45:50 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.11.27 20:23:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.06 18:37:32 | 003,596,288 | -H-- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:33:02 | 000,012,288 | -H-- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 002,352,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.04.21 11:08:22 | 000,253,952 | -H-- | C] () -- C:\Windows\System32\HtmlHelp.dll [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.02.08 00:11:57 | 000,000,000 | -HSD | M] -- C:\Users\Name\AppData\Roaming\.# [2008.11.27 21:21:02 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\Acer GameZone Console [2009.02.07 18:40:48 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\Big Fish Games [2009.02.18 21:38:10 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\eSobi [2010.02.16 15:57:19 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\Facebook [2009.02.02 21:46:10 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\FloodLightGames [2010.09.05 00:04:49 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\FreeAudioPack [2010.09.05 00:08:34 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\FreeCDRipper [2010.09.05 00:10:16 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\FreeVideoConverter [2010.12.26 17:34:52 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\GameHouse [2011.04.09 13:44:33 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\HandBrake [2011.04.13 19:35:57 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\ICQ [2010.01.24 12:14:27 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\Lexware [2009.10.12 01:22:46 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\LimeWire [2010.12.05 16:48:25 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\OpenOffice.org [2010.04.29 20:34:50 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\PlayFirst [2010.09.12 17:24:36 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\ShinyTales [2010.01.28 22:11:45 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\Sony [2010.01.28 21:35:02 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\Sony Setup [2010.10.07 15:42:52 | 000,000,000 | -H-D | M] -- C:\Users\Name\AppData\Roaming\Total Immersion [2011.04.23 22:00:56 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2010.12.31 21:48:02 | 000,010,850 | -H-- | M] ()(C:\Users\Name\Desktop\pssssssssssssssssst?.docx) -- C:\Users\Name\Desktop\pssssssssssssssssst♥.docx [2010.12.31 21:48:01 | 000,010,850 | -H-- | C] ()(C:\Users\Name\Desktop\pssssssssssssssssst?.docx) -- C:\Users\Name\Desktop\pssssssssssssssssst♥.docx ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:CBEB737E @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:9F683177 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C95B63DA @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8AB6C1D7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8173A019 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:861A898F @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:4BB26BE9 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:70E897B5 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:580E04D8 < End of report > |
25.04.2011, 15:33 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :( Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
25.04.2011, 17:37 | #3 |
| TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :( Hallo Arne,
__________________danke für deine Antwort. Ein Logfile gibt es seit gestern. Allerdings wurde der Scan bislang durchgeführt, ohne die aufgezählten Einträge zu löschen. Habe ihr mitgeteilt, dass sie das unbeding machen soll. So wies ausschaut war sie bisher ohne Virenscanner unterwegs Hier das Logfile: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6433 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 24.04.2011 20:13:09 mbam-log-2011-04-24 (20-12-33).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 157919 Laufzeit: 13 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 23 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\Users\Linda\AppData\Local\utehifop.dll (Trojan.Agent.U) -> No action taken. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gsezozabulamufoy (Trojan.Agent.U) -> Value: Gsezozabulamufoy -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cqutuj (Trojan.Agent.U) -> Value: Cqutuj -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\Linda\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> No action taken. c:\restorpoint (Trojan.SpyEyes) -> No action taken. Infizierte Dateien: c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> No action taken. c:\Users\Linda\AppData\Local\Temp\saomcwxren.exe (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\setup1337379328.exe (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\setup1692452352.exe (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\setup1701891840.exe (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\setup2747672192.exe (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\setup3604684800.exe (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\setup45650944.exe (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\6952.tmp (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\6A6B.tmp (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\err.log15495719 (Trojan.FakeAlert) -> No action taken. c:\Users\Linda\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\setup521594496.exe (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\setup547535872.exe (Trojan.Agent) -> No action taken. c:\Users\Linda\AppData\Local\Temp\setup695826176.exe (Trojan.Agent) -> No action taken. c:\Users\Linda\Desktop\windows recovery.lnk (Trojan.FakeAV) -> No action taken. c:\Users\Linda\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> No action taken. c:\Users\Linda\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> No action taken. c:\Users\Linda\AppData\Roaming\Adobe\plugs\kb15497732.exe (Trojan.Agent) -> No action taken. c:\restorpoint\restorpoint.exe (Trojan.SpyEyes) -> No action taken. c:\restorpoint\config.bin (Trojan.SpyEyes) -> No action taken. c:\Users\Linda\AppData\Local\utehifop.dll (Trojan.Agent.U) -> No action taken. c:\Users\Linda\AppData\Local\aizetatr.dll (Trojan.Agent.U) -> No action taken. |
25.04.2011, 20:25 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :(Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Und alle Funde natürlich entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
29.04.2011, 11:58 | #5 |
| TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :( Hi, also ich hab zwei Logfiles hier. Das Erste ist (leider) nochmal von einem Quickscan, das Zweite von einem Vollscan: Quckscan: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6433 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 25.04.2011 22:57:16 mbam-log-2011-04-25 (22-57-16).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 157967 Laufzeit: 8 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 23 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\Users\Linda\AppData\Local\utehifop.dll (Trojan.Agent.U) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gsezozabulamufoy (Trojan.Agent.U) -> Value: Gsezozabulamufoy -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cqutuj (Trojan.Agent.U) -> Value: Cqutuj -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\Linda\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\restorpoint (Trojan.SpyEyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\saomcwxren.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\setup1337379328.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\setup1692452352.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\setup1701891840.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\setup2747672192.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\setup3604684800.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\setup45650944.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\6952.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\6A6B.tmp (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\err.log15495719 (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\setup521594496.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\setup547535872.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\Temp\setup695826176.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Linda\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Roaming\Adobe\plugs\kb15497732.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\restorpoint\restorpoint.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\restorpoint\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\Users\Linda\AppData\Local\utehifop.dll (Trojan.Agent.U) -> Delete on reboot. c:\Users\Linda\AppData\Local\aizetatr.dll (Trojan.Agent.U) -> Quarantined and deleted successfully. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5363 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 28.04.2011 23:28:00 mbam-log-2011-04-28 (23-28-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 351671 Laufzeit: 2 Stunde(n), 13 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (Adware.WidgiToolbar) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\COMPONENTS\DEALIOTOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: DEALIOTOOLBARFF.DLL -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gsezozabulamufoy (Trojan.Agent.U) -> Value: Gsezozabulamufoy -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\dealio toolbar\dealiotoolbarie.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\$RECYCLE.BIN\s-1-5-21-1029128513-812140374-3680683593-1000\$RC4NT3T\backup-20110421-223921-410.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{01398b87-61af-4ffb-9ab5-1a1c5fb39a9c}\components\dealiotoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\program files\dealio toolbar\widgihelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully. |
29.04.2011, 12:23 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :(Zitat:
__________________ --> TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :( |
29.04.2011, 12:27 | #7 |
| TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :( Hi Arne, ist mir auch grade aufgefallen, sorry. Ich fahr übers Wochenende heim, da kann ich mich mal selbst vor ihren Rechner setzen. Ist es sinnvoll nach dem Malwarebytes Scan nochmal einen neuen OTL Scan zu machen? Gruß und schönes Wochenende! |
Themen zu TR/Kazy.mekml.1 eigefangen, Desktop schwarz, Dateien versteckt :( |
5 minuten, alternate, audacity, avgntflt.sys, avira, bho, browser, dateien versteckt, desktop, diner dash, downloader, error, excel, flash player, google, google chrome, home, install.exe, intranet, intrusion prevention, launch, lexware, limewire, location, logfile, microsoft office word, nvlddmkm.sys, office 2007, oldtimer, programm, realtek, registry, saver, searchplugins, security, security update, server, shell32.dll, shortcut, skype.exe, software, spigot, start menu, svchost.exe, sweetim, symantec, system, tr/kazy.mekml.1, usb 2.0, video converter, virus, vista, wma, youtube downloader |