|
Plagegeister aller Art und deren Bekämpfung: Trojaner oder so etwas . Help .Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.05.2011, 11:28 | #1 |
| Trojaner oder so etwas . Help . Hallo und ! Da ich neu hier bin möchete ich euch erstmal Herzlich Begrüßen . Und jetz zu meinem Problem : Ich weis nich was es ist aber ich glaube es ist ein vir oder trojaner nach runderladen von eine zip datei entpacken und draufklickien war es vorbei Blauer Skreen und gehts nichts mehr , sogar Windows Vista Look also ich meine windows vista schaut aus wie win 95. Kann mir bitte Jemand Helfen den Trojana zu finden und Löschen . ? |
08.05.2011, 11:38 | #2 |
| Trojaner oder so etwas . Help . HiJackthis Logfile:
__________________Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:32:33, on 08.05.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19019) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Users\Arek\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Windows\PLFSetI.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AVG\AVG9\avgui.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\AVG\AVG9\avgscanx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Windows\system32\conime.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Arek\Desktop\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\Arek\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0E920766-3676-416A-88F1-7BA4C953F573}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CS1\Services\Tcpip\..\{0E920766-3676-416A-88F1-7BA4C953F573}: NameServer = 139.7.30.125 139.7.30.126 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11498 bytes |
08.05.2011, 12:09 | #3 |
/// Malware-holic | Trojaner oder so etwas . Help . hi, hast du die datei noch? falls ja, lade sie mal hoch:
__________________dateiupload: http://www.trojaner-board.de/54791-a...ner-board.html falls du einen link hast wo du die datei geladen hast, sende ihn mir als private nachicht.
__________________ |
10.05.2011, 17:20 | #4 |
| Trojaner oder so etwas . Help . leider kann ich es nicht weil ich die daten nicht mehr habe . können sie bitte mir trotzdem helfen bei der log file zu auswerten |
10.05.2011, 17:48 | #5 |
/// Malware-holic | Trojaner oder so etwas . Help . Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.05.2011, 18:21 | #6 |
| Trojaner oder so etwas . Help . Schon dabei. Wie Lange dauert der scan ? |
10.05.2011, 18:30 | #7 |
/// Malware-holic | Trojaner oder so etwas . Help . kann schon n bissel dauern. schalte alle aktieven programme aus und arbeite nicht am pc
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.05.2011, 18:39 | #8 |
| Trojaner oder so etwas . Help . Es war aber nur 1 report OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.05.2011 19:08:16 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Arek\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,29 Gb Total Space | 73,71 Gb Free Space | 51,08% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 134,34 Gb Free Space | 93,27% Space Free | Partition Type: NTFS Drive G: | 36,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KATJA-PC | User Name: Arek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Arek\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Users\Arek\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Arek\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\HCWTVServer.exe (Hauppauge Computer Works) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUSB.sys (Danish Wireless Design A/S) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (ezplay) -- C:\Windows\System32\drivers\ezplay.sys (VSO Software) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia) DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3383825707-3237043923-2490184305-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-3383825707-3237043923-2490184305-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-3383825707-3237043923-2490184305-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3383825707-3237043923-2490184305-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3383825707-3237043923-2490184305-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 8F 3B 97 5E 0B CC 01 [binary data] IE - HKU\S-1-5-21-3383825707-3237043923-2490184305-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.08 11:20:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.08 11:36:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.08 11:36:29 | 000,000,000 | ---D | M] [2010.12.22 09:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arek\AppData\Roaming\mozilla\Extensions [2011.05.10 18:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arek\AppData\Roaming\mozilla\Firefox\Profiles\n10panq3.default\extensions [2010.12.22 10:19:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Arek\AppData\Roaming\mozilla\Firefox\Profiles\n10panq3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.09 18:36:26 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Arek\AppData\Roaming\mozilla\Firefox\Profiles\n10panq3.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011.01.09 18:36:23 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Arek\AppData\Roaming\mozilla\Firefox\Profiles\n10panq3.default\extensions\finder@meingutscheincode.de [2011.02.27 18:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.11 08:51:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.05.08 11:35:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.04.12 12:39:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.09.11 08:51:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.05.08 11:35:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.20 09:35:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.20 09:35:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.20 09:35:31 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.20 09:35:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.20 09:35:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Programme\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-3383825707-3237043923-2490184305-1001\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3383825707-3237043923-2490184305-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Acer Tour Reminder] File not found O4 - HKLM..\Run: [ALaunch] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Onet.pl AutoUpdate] File not found O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3383825707-3237043923-2490184305-1001..\Run: [LG LinkAir] File not found O4 - HKU\S-1-5-21-3383825707-3237043923-2490184305-1001..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation) O7 - HKU\S-1-5-21-3383825707-3237043923-2490184305-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Arek\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Arek\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.03.13 21:39:50 | 000,000,070 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{39e8bd5b-1dd0-11dd-8348-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{39e8bd5b-1dd0-11dd-8348-806e6f6e6963}\Shell\AutoRun\command - "" = E:\0data\cbs.exe O33 - MountPoints2\{66b845e9-a381-11dd-93b0-001b38e1b2b1}\Shell - "" = AutoRun O33 - MountPoints2\{66b845e9-a381-11dd-93b0-001b38e1b2b1}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{73f9b0fc-e305-11dd-bff5-001b38e1b2b1}\Shell - "" = AutoRun O33 - MountPoints2\{73f9b0fc-e305-11dd-bff5-001b38e1b2b1}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{99c0a141-1201-11e0-a750-a4713d03838c}\Shell - "" = AutoRun O33 - MountPoints2\{99c0a141-1201-11e0-a750-a4713d03838c}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe O33 - MountPoints2\{ff533577-a41e-11dd-af60-001b38e1b2b1}\Shell - "" = AutoRun O33 - MountPoints2\{ff533577-a41e-11dd-af60-001b38e1b2b1}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.05.10 19:05:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Arek\Desktop\OTL.exe [2011.05.10 18:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.05.10 18:35:37 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\Avira [2011.05.10 18:29:09 | 166,955,472 | ---- | C] (AVG Technologies) -- C:\Users\Arek\Desktop\avg_free_x86_all_2011_1325a3589.exe [2011.05.10 18:29:03 | 119,414,180 | ---- | C] (AVG Technologies) -- C:\Users\Arek\Desktop\avg_free_x86_all_2011_1325a3589.exe.part [2011.05.10 18:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.05.10 18:25:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.05.10 18:25:54 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.05.10 18:25:54 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.05.10 18:25:51 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.05.10 18:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.05.10 17:45:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.05.08 12:16:08 | 000,000,000 | ---D | C] -- C:\Users\Arek\Desktop\HiJackThis [2011.05.08 12:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.05.08 12:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.05.08 12:05:10 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2011.05.08 11:57:24 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2011.05.08 11:56:28 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2011.04.27 21:00:13 | 000,000,000 | ---D | C] -- C:\Programme\Agatha Christie - Death on the Nile [2011.04.27 20:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games [2011.04.27 20:56:44 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache [2011.04.27 10:13:07 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\PlayFirst [2011.04.26 20:09:22 | 000,000,000 | ---D | C] -- C:\Users\Arek\Desktop\JADMaker [2011.04.23 12:19:29 | 000,000,000 | ---D | C] -- C:\Users\Arek\{2e12e2a1-d6fc-47d6-92f0-f9e4d703c3bb} [2011.04.18 18:56:14 | 000,000,000 | ---D | C] -- C:\Users\Arek\AppData\Roaming\FloodLightGames [2008.05.09 16:16:02 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2008.05.09 16:14:19 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.05.09 16:14:19 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.20 01:16:44 | 002,431,661 | ---- | M] () -- C:\Users\Arek\Desktop\SN150383.JPG [2011.05.10 19:10:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.10 19:05:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Arek\Desktop\OTL.exe [2011.05.10 19:03:05 | 166,955,472 | ---- | M] (AVG Technologies) -- C:\Users\Arek\Desktop\avg_free_x86_all_2011_1325a3589.exe [2011.05.10 18:55:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.10 18:55:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.10 18:51:08 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3383825707-3237043923-2490184305-1001UA.job [2011.05.10 18:35:13 | 119,414,180 | ---- | M] (AVG Technologies) -- C:\Users\Arek\Desktop\avg_free_x86_all_2011_1325a3589.exe.part [2011.05.10 18:30:18 | 000,000,000 | ---- | M] () -- C:\Users\Arek\AppData\Local\prvlcl.dat [2011.05.10 18:26:20 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.10 18:24:32 | 052,718,176 | ---- | M] () -- C:\Users\Arek\Desktop\avira_antivir_personal_de.exe [2011.05.10 18:20:17 | 001,215,906 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.10 18:20:17 | 000,776,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.10 18:20:17 | 000,316,540 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.10 18:20:17 | 000,277,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.10 18:13:49 | 000,103,336 | ---- | M] () -- C:\Users\Arek\AppData\Roaming\nvModes.001 [2011.05.10 18:13:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.10 18:12:21 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2011.05.10 18:12:07 | 3219,996,672 | -HS- | M] () -- C:\hiberfil.sys [2011.05.10 17:58:09 | 000,008,268 | ---- | M] () -- C:\Users\Arek\AppData\Local\d3d9caps.dat [2011.05.10 17:45:17 | 268,981,162 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.05.08 12:05:31 | 000,001,059 | ---- | M] () -- C:\Users\Arek\Desktop\Spybot - Search & Destroy.lnk [2011.05.08 11:56:21 | 000,178,640 | ---- | M] () -- C:\Users\Arek\Desktop\activescan2_de.exe [2011.05.08 10:16:44 | 000,001,616 | ---- | M] () -- C:\Users\Arek\AppData\Roaming\wklnhst.dat [2011.04.30 14:12:55 | 000,106,521 | ---- | M] () -- C:\Users\Arek\Desktop\Scannen0002.jpg [2011.04.30 14:02:01 | 000,104,889 | ---- | M] () -- C:\Users\Arek\Desktop\Scannen0001.jpg [2011.04.29 10:39:31 | 000,017,920 | ---- | M] () -- C:\Users\Arek\Desktop\Trennung Wohnung.wps [2011.04.29 10:39:12 | 000,017,920 | ---- | M] () -- C:\Users\Arek\Documents\Trennung Wohnung.wps [2011.04.27 10:13:29 | 000,103,336 | ---- | M] () -- C:\Users\Arek\AppData\Roaming\nvModes.dat [2011.04.25 10:05:19 | 000,297,060 | ---- | M] () -- C:\Users\Arek\Desktop\Michelle.jpg [2011.04.22 13:42:00 | 000,123,236 | ---- | M] () -- C:\Users\Arek\Desktop\Trinkverkhalten.jpg [2011.04.22 13:42:00 | 000,007,697 | ---- | M] () -- C:\Users\Arek\.recently-used.xbel [2011.04.18 22:07:53 | 000,021,237 | ---- | M] () -- C:\Users\Arek\Desktop\03749e97c4.jpeg [2011.04.18 19:37:42 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000B88.LCS [2011.04.18 18:48:52 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000017B4.LCS [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.10 18:26:20 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.10 18:22:35 | 052,718,176 | ---- | C] () -- C:\Users\Arek\Desktop\avira_antivir_personal_de.exe [2011.05.10 18:12:07 | 3219,996,672 | -HS- | C] () -- C:\hiberfil.sys [2011.05.10 17:45:17 | 268,981,162 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.05.08 12:05:31 | 000,001,059 | ---- | C] () -- C:\Users\Arek\Desktop\Spybot - Search & Destroy.lnk [2011.05.08 11:56:18 | 000,178,640 | ---- | C] () -- C:\Users\Arek\Desktop\activescan2_de.exe [2011.04.30 14:12:55 | 000,106,521 | ---- | C] () -- C:\Users\Arek\Desktop\Scannen0002.jpg [2011.04.30 14:02:01 | 000,104,889 | ---- | C] () -- C:\Users\Arek\Desktop\Scannen0001.jpg [2011.04.29 10:39:31 | 000,017,920 | ---- | C] () -- C:\Users\Arek\Desktop\Trennung Wohnung.wps [2011.04.29 10:36:55 | 000,017,920 | ---- | C] () -- C:\Users\Arek\Documents\Trennung Wohnung.wps [2011.04.25 10:05:19 | 000,297,060 | ---- | C] () -- C:\Users\Arek\Desktop\Michelle.jpg [2011.04.25 10:04:10 | 002,431,661 | ---- | C] () -- C:\Users\Arek\Desktop\SN150383.JPG [2011.04.22 13:42:00 | 000,007,697 | ---- | C] () -- C:\Users\Arek\.recently-used.xbel [2011.04.22 13:41:59 | 000,123,236 | ---- | C] () -- C:\Users\Arek\Desktop\Trinkverkhalten.jpg [2011.04.18 22:08:03 | 000,021,237 | ---- | C] () -- C:\Users\Arek\Desktop\03749e97c4.jpeg [2011.01.17 21:53:58 | 000,103,336 | ---- | C] () -- C:\Users\Arek\AppData\Roaming\nvModes.001 [2011.01.17 21:51:14 | 000,103,336 | ---- | C] () -- C:\Users\Arek\AppData\Roaming\nvModes.dat [2011.01.14 23:45:14 | 000,005,120 | ---- | C] () -- C:\Users\Arek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.28 00:50:01 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2010.12.28 00:50:01 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2010.12.26 21:47:09 | 000,008,268 | ---- | C] () -- C:\Users\Arek\AppData\Local\d3d9caps.dat [2010.12.26 20:38:31 | 000,000,000 | ---- | C] () -- C:\Users\Arek\AppData\Local\prvlcl.dat [2010.12.22 18:20:05 | 000,001,616 | ---- | C] () -- C:\Users\Arek\AppData\Roaming\wklnhst.dat [2010.12.22 16:43:47 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.12.22 16:43:47 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.11.13 23:16:49 | 000,000,027 | ---- | C] () -- C:\Windows\ZigarettenS.ini [2010.11.13 23:16:31 | 000,000,253 | ---- | C] () -- C:\Windows\Zigarettenschachtel-Spruch.ini [2010.11.07 10:18:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.11.07 10:18:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.10.25 11:09:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.10.25 11:09:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.10.25 11:09:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.10.25 11:09:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys [2010.05.13 11:38:34 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.05.08 11:20:35 | 000,023,686 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.05.08 11:14:53 | 000,078,185 | ---- | C] () -- C:\Windows\hpqins05.dat [2010.04.30 19:03:30 | 000,179,780 | ---- | C] () -- C:\Windows\hpoins29.dat [2010.04.02 18:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.02.13 12:53:03 | 000,001,515 | ---- | C] () -- C:\Windows\vtplus32.ini [2010.02.13 12:52:57 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2010.02.13 12:52:10 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini [2010.02.13 12:51:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2010.02.13 12:50:49 | 000,000,526 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.13 12:50:49 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.02.13 12:50:47 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2010.02.13 12:50:01 | 000,006,235 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.11.16 18:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.09.13 11:48:21 | 000,000,257 | ---- | C] () -- C:\Windows\Lexstat.ini [2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll [2008.09.17 15:46:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.05.10 01:53:56 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2008.05.10 01:53:55 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.05.09 16:16:02 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.05.09 16:14:20 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys [2008.05.09 16:14:19 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys [2008.05.09 16:14:19 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini [2008.05.09 16:13:31 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.05.09 16:13:31 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008.04.04 04:59:21 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.04.04 02:30:51 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.04.04 02:30:51 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.04.04 02:30:51 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini [2008.04.03 18:31:05 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.04.03 18:30:15 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2008.04.03 18:04:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.04.03 17:52:51 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.03.07 17:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.03.07 14:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml [2008.02.19 06:36:13 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat [2008.01.21 09:15:58 | 001,215,906 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,316,540 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.03.29 12:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.02.07 17:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini [2006.11.02 14:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,312,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,776,936 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,277,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.09.13 16:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.22 16:06:02 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Adobe [2011.03.27 23:32:02 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Ashampoo Cover Studio 2 [2011.03.19 14:38:32 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\AutoUpdate [2011.05.10 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Avira [2010.12.22 10:06:54 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Canneverbe Limited [2011.04.18 18:56:14 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\FloodLightGames [2011.03.04 14:36:41 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Grand Ages Rome [2011.01.29 00:46:58 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\HP [2010.02.21 20:59:25 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Identities [2011.05.08 09:38:39 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Kamerzysta [2010.02.21 20:59:53 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Macromedia [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Media Center Programs [2011.05.10 18:35:12 | 000,000,000 | --SD | M] -- C:\Users\Arek\AppData\Roaming\Microsoft [2010.12.22 09:39:46 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Mozilla [2011.03.03 18:07:56 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\MysteryStudio [2011.04.27 10:13:07 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\PlayFirst [2011.03.03 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\ProtectDISC [2010.12.22 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Samsung [2011.05.10 19:14:04 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\SoftGrid Client [2010.12.22 18:20:08 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Template [2011.04.18 19:25:12 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Ubisoft [2011.05.08 11:36:33 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\vlc [2010.02.21 20:59:54 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\Vodafone [2010.12.22 16:05:21 | 000,000,000 | ---D | M] -- C:\Users\Arek\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > [2005.08.16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2010.12.18 08:22:10 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:193426B4 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9E22BBE8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C95B63DA @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:55F44B88 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8 < End of report > |
10.05.2011, 18:42 | #9 |
| Trojaner oder so etwas . Help . Sorry Da ist der 2 reportOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.05.2011 19:08:16 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Arek\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,29 Gb Total Space | 73,71 Gb Free Space | 51,08% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 134,34 Gb Free Space | 93,27% Space Free | Partition Type: NTFS Drive G: | 36,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KATJA-PC | User Name: Arek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{83C9AD52-05A3-47D7-BFA3-9C7C0EB8C515}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B9134613-5BC5-48D6-957F-BBCE9F9447D9}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0333017E-4257-4561-A8B1-91518BBFBA3A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{06CCB944-A600-4820-BF29-A1E1117A519D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{1FABE9C4-98F7-41F1-8653-2DB0560715B5}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | "{2EF02783-769A-431A-9253-CA17E838D5B0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{383FFD41-287D-40BB-9927-B53D4AB001C7}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{389C2211-4BA7-47DE-8CD5-B0A57F13DF03}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{3C0DB20A-D4D2-4B08-8D46-AED606E46AE3}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{404953C7-0E9C-4A7F-BA98-B5CDD3E79532}" = protocol=6 | dir=in | app=c:\program files\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe | "{4BADB57B-0DDE-4B8E-B4C2-1AE870E7820D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{4F848915-5BA0-4063-B502-2F4A433E108A}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | "{535560CF-1F21-4AF6-BDE1-30A185E0E3EB}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{5431F7C2-CE51-4DF6-A416-9ACAB2B144A6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{56408135-58D4-4C2C-97E1-C1EC5DB26A7F}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | "{5931D0AD-D9C0-4796-8F4A-10F144C052E0}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{5A2F9BB5-B60A-493A-A47E-F31CE977710D}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{7C704270-D47A-4592-A31B-E5B648718EC2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{856D5FAD-F3F8-444D-B9F7-6F6ED06AF1E4}" = protocol=6 | dir=in | app=c:\program files\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe | "{A1C952DB-615F-4BB1-A6A4-0D594EEB10C4}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | "{A6DAFDA8-ABB0-4DEA-9442-AE7E7B7CF70C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{ABDEBEC4-E559-491F-84A0-CC07364A9CFF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{B501C151-4ACE-4EB1-95A9-323A87664AD3}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{BC16612D-9263-4425-AC26-EE4E5A0B042C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{BE352FE0-A45F-4946-993A-47C3693D2A4D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | "{C4E328D2-764B-41F0-AFFE-D46AA368D1A3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | "{CC70B40A-877A-43AC-811D-09F3A7D3D70A}" = protocol=17 | dir=in | app=c:\program files\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe | "{CCDD4061-B629-4776-B1E2-0F7E70C5A0C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{CDA041B1-F8CE-4F23-9CF7-0B4C47F39413}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | "{D2EE71FE-EDF7-40FA-82B7-DEB824C201DE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{D6760355-F6C8-4F08-8CC9-2BA45A54954A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{D87DBBB2-F4AE-476D-BACE-88C01EE6FEA6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{D8DDD718-4009-4222-A58C-283AAFAC6003}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{DBF23798-E0B4-473B-B298-047A1EFF2709}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{DD69206F-808D-4298-B009-49E67B49ACDE}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{E510386F-B8E0-46C4-A345-B836041D8388}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{F323AAB3-7D92-409D-A682-EE53B7A22336}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F8042CE8-8566-4B9A-91C1-37B77C6D9F0D}" = protocol=17 | dir=in | app=c:\program files\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe | "TCP Query User{0A29567C-1EC6-4B49-852F-02D27BEDDA9E}D:\novomatic\novomatic gaminator cf1 final\game.exe" = protocol=6 | dir=in | app=d:\novomatic\novomatic gaminator cf1 final\game.exe | "TCP Query User{15126DE4-FEDC-4522-8BC0-78A547FAAB2A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{4405DE5D-13C0-4E96-9A88-E37FB54AECF1}C:\users\katja\desktop\arek alles\spiele1\gameunp.exe" = protocol=6 | dir=in | app=c:\users\katja\desktop\arek alles\spiele1\gameunp.exe | "TCP Query User{47CE8E54-1F56-470D-9A31-145110D2EBC2}D:\novomatic gaminator cf1 final\game.exe" = protocol=6 | dir=in | app=d:\novomatic gaminator cf1 final\game.exe | "TCP Query User{C5C0385D-0006-498D-842A-5EDA161500A9}C:\program files\dsnet corp\atube catcher 1.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 1.0\yct.exe | "TCP Query User{DA68D883-EADE-47E3-805C-A9D1F10E6EBA}C:\users\katja\desktop\arek alles\spiele2\gameunp.exe" = protocol=6 | dir=in | app=c:\users\katja\desktop\arek alles\spiele2\gameunp.exe | "UDP Query User{63580044-1A72-461D-A166-4827B1CD42A1}C:\users\katja\desktop\arek alles\spiele1\gameunp.exe" = protocol=17 | dir=in | app=c:\users\katja\desktop\arek alles\spiele1\gameunp.exe | "UDP Query User{7267D61F-5DC8-4D89-B657-69AFF1499671}C:\users\katja\desktop\arek alles\spiele2\gameunp.exe" = protocol=17 | dir=in | app=c:\users\katja\desktop\arek alles\spiele2\gameunp.exe | "UDP Query User{968FE95A-A448-4E8D-AA1C-9E2F39F2DF32}D:\novomatic gaminator cf1 final\game.exe" = protocol=17 | dir=in | app=d:\novomatic gaminator cf1 final\game.exe | "UDP Query User{99BB80CD-1196-4B47-8BE5-E0EE11A6793F}C:\program files\dsnet corp\atube catcher 1.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 1.0\yct.exe | "UDP Query User{A822AA7A-FE54-4167-83BC-2EB21686B103}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{E2103355-1950-486D-A8C7-0B40A173757D}D:\novomatic\novomatic gaminator cf1 final\game.exe" = protocol=17 | dir=in | app=d:\novomatic\novomatic gaminator cf1 final\game.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar) "{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 24 "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver "{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar) "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400 "{4FAA9E03-B710-491F-82CB-8E9F9DA33DE6}" = Happy Farm "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software "{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CE6F531A-92B0-474A-93EE-5DDA0B66F611}" = Samsung Theme Designer "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{EDCDB56B-123E-443A-B452-A371F609327D}" = ArtRage 2 Starter Edition "{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe "{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help "{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FB9A2BF4-3388-403F-ACE6-A412414329BA}" = LG SDK for Mobile Widgets "{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Alarm für Cobra 11 - Das Syndikat - DEMO_is1" = Alarm für Cobra 11 - Das Syndikat - DEMO "aTube Catcher" = aTube Catcher "AutoScan8400" = AutoScan8400 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Black Mirror III - DEMO_is1" = Black Mirror III - DEMO "Civitas3" = Grand Ages Rome 1.11 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "CSINYUbisoft" = CSI NY "FastStone Photo Resizer" = FastStone Photo Resizer 2.4 "FMCODEC" = FM Screen Capture Codec (Remove Only) "Gray Matter - DEMO_is1" = Gray Matter - DEMO "GridVista" = Acer GridVista "Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources "Hauppauge WinTV" = Hauppauge WinTV "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "Hauppauge WinTV Radio" = Hauppauge WinTV Radio "Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler "Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "HPOCR" = OCR Software by I.R.I.S. 10.0 "Infineon Mobile Phone Platform" = Infineon Mobile Phone Platform Software "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "IrfanView" = IrfanView (remove only) "IsoBuster_is1" = IsoBuster 2.8 "LG PC Suite IV" = LG PC Suite IV "LManager" = Launch Manager "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Noki_is1" = Noki v2.1 "NVIDIA Drivers" = NVIDIA Drivers "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "RocketDock_is1" = RocketDock 1.3.5 "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2 "Shop for HP Supplies" = Shop for HP Supplies "sPlan_60_Demo_is1" = sPlan 6.0 (Demo) "Sweet Home 3D_is1" = Sweet Home 3D version 2.6 "VLC media player" = VLC media player 1.0.5 "VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German) "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = WinRAR "WorldUnlock Codes Calculator" = WorldUnlock Codes Calculator "Zigarettenschachtel-Spruch" = Zigarettenschachtel-Spruch ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3383825707-3237043923-2490184305-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
10.05.2011, 18:46 | #10 |
/// Malware-holic | Trojaner oder so etwas . Help . bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.05.2011, 18:49 | #11 |
| Trojaner oder so etwas . Help . wie soll ich es machen ? sorry keine ahnung von sowas |
10.05.2011, 18:54 | #12 |
/// Malware-holic | Trojaner oder so etwas . Help . steht doch da, lesen musst du schon die links die ich dir gebe, dass kann ich ja wohl schlecht für dich machen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.05.2011, 18:56 | #13 |
| Trojaner oder so etwas . Help . Ia stimmts sorry mein fehler |
10.05.2011, 19:49 | #14 |
| Trojaner oder so etwas . Help . Windows ist abgesturzt und ich habe keine logfile soll ich es nochmal versuchen ? |
10.05.2011, 19:51 | #15 |
/// Malware-holic | Trojaner oder so etwas . Help . starte im abgesicherten modus ohne netzwer, erreicht man bei den meisten pcs bei start mit f8 dann combofix versuchen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Trojaner oder so etwas . Help . |
blauer, datei, entpacken, glaube, help, löschen, neu, nichts, problem, troja, trojana, trojaner, trojaner oder ??, vista, windows, windows vista |