Rootkit.Dropper firefox.exe und diverses -Überprüfung
Hallihallo,
wahrscheinlich ist mein PC von Ungeziefer ziemlich befallen, hatte mich aber nie getraut iwas dagegen zu unternehmen, da ich wenig Ahnung habe.
Grade den Malewarebytes Anti-Maleware scannen lassen und 2 Funde: Rootkit.Dropper firefox.exe
Auslöser für meine Virensucherei ist diese Toolbar Searchqu oder so.... ich muss zugeben....ich habe ein wenig selbst herumgedoktert. Mit Hijackthis habe ich es soweit wegbekommen, allerdings erschien es noch im Autostart.
Ich poste einfach mal diverse Logs. Ich würde mich freuen, (eigentlich nicht :zzwhip:) wenn jemand etwas Verdächtiges oder unnötiges Gedönse findet, bzw. Verbesserungsvorschläge hat.. oder sowas
So genug gelabert, ich danke Euch schonmal vorab! :bussi:
LG Mari
defogger_disable.log Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:49 on 17/07/2011 (Marion)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL.txt Code:
OTL logfile created on: 17.07.2011 12:53:21 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Marion\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,29% Memory free
6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 294,33 Gb Total Space | 215,51 Gb Free Space | 73,22% Space Free | Partition Type: NTFS
Drive D: | 294,03 Gb Total Space | 223,90 Gb Free Space | 76,15% Space Free | Partition Type: NTFS
Computer Name: MARION-PC | User Name: Marion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.07.17 12:52:16 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL.exe
PRC - [2011.07.11 16:07:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.25 05:03:54 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.05.25 05:03:26 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.05.01 20:50:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.04 21:52:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.01.14 22:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.05 22:35:26 | 001,468,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.05.06 15:53:34 | 000,196,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.09 19:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008.01.09 19:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.09.06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
========== Modules (SafeList) ==========
MOD - [2011.07.17 12:52:16 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [Auto | Stopped] -- -- (LightScribeService)
SRV - [2011.07.11 16:07:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.25 05:03:26 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.05.01 20:50:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.25 19:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.10.17 11:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007.09.10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
========== Driver Services (SafeList) ==========
DRV - [2011.07.11 16:07:24 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.11 16:07:24 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.05.25 04:25:20 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.03.30 20:46:24 | 000,097,808 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2009.11.05 22:35:25 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009.05.11 10:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.06 09:53:20 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.05.06 09:53:20 | 000,132,128 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008.04.28 11:02:42 | 000,042,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.02.26 23:05:00 | 007,629,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.06 10:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.11.06 10:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.07.03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0810&m=aspire_m5641
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0810&m=aspire_m5641
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.16 20:42:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.16 20:42:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Users\Marion\components [2011.07.08 18:37:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Users\Marion\plugins [2011.07.17 10:55:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Users\Marion\components [2011.07.08 18:37:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Users\Marion\plugins [2011.07.17 10:55:52 | 000,000,000 | ---D | M]
[2011.07.17 12:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marion\AppData\Roaming\mozilla\Extensions
[2011.07.17 12:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\vg2a6dqa.default\extensions
[2011.01.24 20:10:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\vg2a6dqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.14 13:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marion\AppData\Roaming\mozilla\Firefox\Profiles\vg2a6dqa.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}
[2010.11.06 09:57:54 | 000,000,950 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\vg2a6dqa.default\searchplugins\icqplugin-1.xml
[2010.11.14 19:00:02 | 000,000,950 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\vg2a6dqa.default\searchplugins\icqplugin-2.xml
[2010.10.24 20:27:31 | 000,001,056 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\vg2a6dqa.default\searchplugins\icqplugin.xml
[2011.07.03 10:11:48 | 000,002,501 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Mozilla\Firefox\Profiles\vg2a6dqa.default\searchplugins\SearchResults.xml
[2011.01.16 20:42:51 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.01.16 20:42:52 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.11.13 11:02:00 | 000,000,000 | ---D | M] (Java Console) -- C:\USERS\MARION\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marion\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marion\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found
MsConfig - StartUpReg: PCMMediaSharing - hkey= - key= - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
MsConfig - StartUpReg: removeSearchqudatamngr - hkey= - key= - File not found
MsConfig - StartUpReg: removeSearchqutoolbar - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - File not found
MsConfig - StartUpReg: tcactive - hkey= - key= - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.07.17 12:52:14 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL.exe
[2011.07.17 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\backups
[2011.07.17 12:07:09 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\Schule ect Downloads
[2011.07.17 11:26:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011.07.17 11:25:53 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2011.07.17 11:25:53 | 001,723,536 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2011.07.17 11:25:53 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011.07.17 11:25:53 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2011.07.17 11:25:53 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2011.07.17 11:25:53 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011.07.17 11:25:52 | 000,214,352 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFNHK.dll
[2011.07.17 11:25:52 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFCOM.dll
[2011.07.17 11:25:52 | 000,068,944 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFAPO.dll
[2011.07.17 11:25:50 | 001,705,816 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2011.07.17 11:25:50 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2011.07.17 11:25:50 | 000,341,848 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2011.07.17 11:25:50 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2011.07.17 11:25:50 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2011.07.17 11:25:50 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2011.07.17 11:25:50 | 000,096,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2011.07.17 11:25:50 | 000,081,240 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2011.07.17 11:25:50 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2011.07.17 11:25:50 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2011.07.17 11:25:50 | 000,061,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2011.07.17 11:25:49 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2011.07.17 11:25:49 | 001,439,064 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2011.07.17 11:25:49 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2011.07.17 11:25:49 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2011.07.17 11:25:49 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2011.07.17 11:25:49 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2011.07.17 11:25:47 | 001,558,944 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2011.07.17 11:25:47 | 001,132,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2011.07.17 11:25:47 | 000,962,664 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2011.07.17 11:25:47 | 000,901,224 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2011.07.17 11:25:47 | 000,448,616 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2011.07.17 11:25:47 | 000,429,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2011.07.17 11:25:47 | 000,406,120 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2011.07.17 11:25:47 | 000,291,432 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2011.07.17 11:25:47 | 000,236,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2011.07.17 11:25:47 | 000,224,360 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2011.07.17 11:25:47 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2011.07.17 11:25:47 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2011.07.17 11:25:47 | 000,106,600 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2011.07.17 11:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011.07.17 11:21:34 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011.07.17 11:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.07.17 11:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011.07.17 11:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.07.17 11:04:18 | 000,000,000 | ---D | C] -- C:\ATI
[2011.07.17 10:37:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Marion\Desktop\HiJackThis204(2).exe
[2011.07.10 19:03:43 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\gtk-2.0
[2011.07.10 19:03:02 | 000,000,000 | ---D | C] -- C:\Users\Marion\.thumbnails
[2011.07.10 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\gegl-0.0
[2011.07.10 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Marion\.gimp-2.6
[2011.07.10 19:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011.07.10 19:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2011.07.10 19:00:29 | 020,367,424 | ---- | C] (The GIMP Team ) -- C:\Users\Marion\Desktop\gimp-2.6.11-i686-setup-1.exe
[2011.07.09 11:43:37 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{790643D0-D9E4-48B5-AC29-6A1D642CBA7C}
[2011.07.08 18:24:50 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\{56735254-FEA2-42F7-B4F9-7FF46D716A24}
[2011.07.04 07:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011.07.03 10:13:12 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Ilivid Player
[2011.07.03 10:12:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C1D18E30-468F-478F-8837-B6CBA25F6547}
[2011.07.03 09:43:58 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\HTC DESIRE HD
[2011.07.02 11:11:10 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\Juli 2011
[2010.08.27 07:14:17 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL
[2010.08.27 07:09:39 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
========== Files - Modified Within 30 Days ==========
[2011.07.17 12:52:16 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL.exe
[2011.07.17 12:52:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.17 12:50:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.17 12:50:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.17 12:50:36 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.17 12:50:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.17 12:50:29 | 3220,389,888 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.17 12:48:03 | 000,000,000 | ---- | M] () -- C:\Users\Marion\defogger_reenable
[2011.07.17 12:47:23 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.17 12:47:23 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.17 12:47:23 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.17 12:47:23 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.17 12:45:18 | 000,050,477 | ---- | M] () -- C:\Users\Marion\Desktop\Defogger.exe
[2011.07.17 12:13:10 | 000,026,610 | ---- | M] () -- C:\Users\Marion\Documents\cc_20110717_121308.reg
[2011.07.17 10:55:52 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.07.17 10:37:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Marion\Desktop\HiJackThis204(2).exe
[2011.07.15 19:20:26 | 003,678,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.11 16:07:24 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.11 16:07:24 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.10 19:03:43 | 000,000,857 | ---- | M] () -- C:\Users\Marion\.recently-used.xbel
[2011.07.10 19:01:14 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.07.10 19:00:42 | 020,367,424 | ---- | M] (The GIMP Team ) -- C:\Users\Marion\Desktop\gimp-2.6.11-i686-setup-1.exe
[2011.07.01 17:50:13 | 000,004,723 | ---- | M] () -- C:\Users\Marion\updates.xml
[2011.07.01 17:50:13 | 000,000,057 | ---- | M] () -- C:\Users\Marion\active-update.xml
[2011.07.01 17:50:10 | 001,014,744 | ---- | M] () -- C:\Users\Marion\js3250.dll
[2011.07.01 17:50:10 | 000,505,816 | ---- | M] (sqlite.org) -- C:\Users\Marion\sqlite3.dll
[2011.07.01 17:50:10 | 000,000,478 | ---- | M] () -- C:\Users\Marion\softokn3.chk
[2011.07.01 17:50:10 | 000,000,478 | ---- | M] () -- C:\Users\Marion\nssdbm3.chk
[2011.07.01 17:50:10 | 000,000,478 | ---- | M] () -- C:\Users\Marion\freebl3.chk
[2011.07.01 17:50:10 | 000,000,142 | ---- | M] () -- C:\Users\Marion\platform.ini
[2011.07.01 17:50:09 | 000,002,129 | ---- | M] () -- C:\Users\Marion\application.ini
========== Files Created - No Company Name ==========
[2011.07.17 12:48:03 | 000,000,000 | ---- | C] () -- C:\Users\Marion\defogger_reenable
[2011.07.17 12:45:17 | 000,050,477 | ---- | C] () -- C:\Users\Marion\Desktop\Defogger.exe
[2011.07.17 12:13:09 | 000,026,610 | ---- | C] () -- C:\Users\Marion\Documents\cc_20110717_121308.reg
[2011.07.17 11:25:55 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2011.07.17 10:55:52 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.07.17 10:55:52 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011.07.10 19:03:43 | 000,000,857 | ---- | C] () -- C:\Users\Marion\.recently-used.xbel
[2011.07.10 19:01:14 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.07.01 17:50:12 | 000,004,723 | ---- | C] () -- C:\Users\Marion\updates.xml
[2011.07.01 17:50:12 | 000,000,057 | ---- | C] () -- C:\Users\Marion\active-update.xml
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.04.20 18:30:06 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.11.26 04:15:14 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.11.14 18:07:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.10.26 19:58:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.10.26 19:58:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.10.25 17:46:50 | 000,001,356 | ---- | C] () -- C:\Users\Marion\AppData\Local\d3d9caps.dat
[2010.09.14 19:10:50 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.09.14 19:10:49 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.09.14 19:10:49 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.09.14 19:10:49 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.09.14 19:10:49 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.09.14 19:10:49 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.09.14 19:10:49 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.09.14 19:10:49 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.09.14 19:10:49 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.09.14 19:10:49 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.09.14 19:10:49 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.09.14 19:10:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.09.14 19:10:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.09.14 19:10:49 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.09.14 19:10:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.09.14 19:10:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.09.14 19:10:49 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.09.14 19:10:49 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.09.14 19:10:49 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.09.14 19:02:01 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2010.09.02 20:34:57 | 000,028,160 | ---- | C] () -- C:\Users\Marion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.27 07:20:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.08.27 07:14:24 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2010.08.27 07:14:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2010.08.27 07:12:55 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2010.08.27 07:12:55 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2010.08.27 07:10:38 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2010.08.27 07:09:39 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2010.08.26 21:19:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.21 16:05:54 | 003,099,648 | ---- | C] () -- C:\Program Files\openofficeorg32.msi
[2010.05.21 16:04:24 | 000,460,088 | ---- | C] () -- C:\Program Files\setup.exe
[2010.05.21 16:02:28 | 145,988,142 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2010.05.21 15:07:44 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2008.03.22 00:49:55 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008.03.21 23:05:48 | 000,001,108 | ---- | C] () -- C:\Windows\generic.ini
[2008.03.21 23:05:48 | 000,000,138 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008.03.21 16:18:28 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.03.21 15:19:12 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 003,678,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
========== LOP Check ==========
[2008.03.21 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Acer GameZone Console
[2011.01.19 10:02:09 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Auslogics
[2011.05.23 16:37:37 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.12.28 21:59:46 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\EPSON
[2011.01.25 19:14:18 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Fighters
[2010.08.27 18:47:03 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\GetRightToGo
[2011.07.10 19:03:43 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\gtk-2.0
[2011.07.17 12:11:52 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\ICQ
[2011.01.26 16:17:11 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Leadertech
[2011.01.16 20:42:53 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Local
[2010.11.14 12:52:39 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\OpenOffice.org
[2011.01.24 16:47:35 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\thecleaner
[2010.08.28 19:42:04 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\TS3Client
[2011.02.02 18:59:31 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Uniblue
[2011.07.17 12:49:40 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2010.08.26 21:28:46 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.08.26 21:35:01 | 000,000,000 | ---D | M] -- C:\5f58f3e56a0a7a309775f3e2708a06bc
[2010.08.27 07:08:13 | 000,000,000 | ---D | M] -- C:\Acer
[2010.08.27 18:14:27 | 000,000,000 | ---D | M] -- C:\AcerSW
[2011.07.17 11:08:25 | 000,000,000 | ---D | M] -- C:\AMD
[2011.07.17 11:04:18 | 000,000,000 | ---D | M] -- C:\ATI
[2008.03.21 23:05:47 | 000,000,000 | ---D | M] -- C:\Book
[2010.10.30 20:04:57 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.08.26 21:23:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.08.27 07:14:22 | 000,000,000 | ---D | M] -- C:\DRV
[2008.03.21 15:36:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.17 12:10:40 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.17 12:09:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.08.26 21:23:39 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.07.17 12:54:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.08.26 21:27:14 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.17 12:20:52 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
[2010.05.21 16:04:24 | 000,460,088 | ---- | M] () -- C:\Program Files\setup.exe
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: REGEDIT.EXE >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WININIT.EXE >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-16 10:05:24
< >
< End of report >
Extras.txt Code:
OTL Extras logfile created on: 17.07.2011 12:53:21 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Marion\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,29% Memory free
6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 294,33 Gb Total Space | 215,51 Gb Free Space | 73,22% Space Free | Partition Type: NTFS
Drive D: | 294,03 Gb Total Space | 223,90 Gb Free Space | 76,15% Space Free | Partition Type: NTFS
Computer Name: MARION-PC | User Name: Marion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\Marion\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B94945-53D4-43BD-B57D-5282F15EA5AE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2DD51182-FC64-4CF5-A11E-63B410CBB201}" = lport=139 | protocol=6 | dir=in | app=system |
"{3B05027F-2664-422C-9F1D-B49CF14D346D}" = lport=445 | protocol=6 | dir=in | app=system |
"{4F4533BC-9D2E-4BE0-8FAC-758043B44151}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8337E78B-2607-436E-929B-0154C348149B}" = lport=138 | protocol=17 | dir=in | app=system |
"{8989EA0C-2C84-4DEB-A506-4A4CC3229496}" = rport=445 | protocol=6 | dir=out | app=system |
"{8A5FF588-4141-4E3B-A259-DCDE888D12C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CDEBF96D-1425-4886-BFBA-362665C89C8A}" = rport=138 | protocol=17 | dir=out | app=system |
"{DB5E71D4-174B-4C88-9BC6-972F5EBA2390}" = rport=139 | protocol=6 | dir=out | app=system |
"{E4A02D87-4964-49D3-B2C8-A5F9388B60D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE9CCDD5-82CA-461C-95C9-E30A4049CB62}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F5B97BC0-61E7-4084-85DB-8EE35C5B9C10}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077D2931-DB4D-4CCD-99C5-11DB2FC33C10}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{16CD19F5-5416-4E02-B4C8-E2154CF5FFE0}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1F737DB0-A5FC-4DAA-B056-E3C3DA941552}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2D937DCC-89DF-408A-B5B0-485337D6B49C}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{3346C1E6-4F92-4D3F-B0B9-4406C8A74FFE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{35D53898-57BE-4F42-B36A-0743BE2F1468}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{44243609-A4B6-4B6E-90C7-CA3CD553AADA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{47D16413-04EB-4B22-BA9C-B4F828EAF718}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4AE2CD71-746B-490E-A268-4155D6E0EE3E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4D56D392-50C7-48E8-8CE2-A2FEC81D8D05}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{56C7AC59-B7FD-41BD-88A9-C7E531B96227}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{58BEA4DE-640F-4CB2-B799-CC58BA736C79}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5A4B0AC6-94CB-4AFC-8EC7-A51E2F73DC3D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8111BAA1-A3B6-48D3-8F15-F7A714861972}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9D81F770-C5C3-4649-9B8E-03A975A0B578}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9DD883C7-01A0-49D2-81F9-4086CC10441B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A3B416BD-6980-4235-BE55-1B9529AE5EBB}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{AF5C8288-6EA0-4A05-A18E-4AFAE5C0C963}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B44AA5D3-0CFD-44BE-9577-18C84291DF01}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{BCCE2808-3651-42B2-B6C0-3FC7A8BC2D36}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{C00FD3C5-4BC7-4880-A82F-9A48F7ABA477}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{C8366C07-2131-473C-BBED-D27222D02A87}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{C9BE918B-43B1-4DF5-84A0-E1760D6C4B95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D64B9BE2-AD71-472C-9DB8-D2D6810FAB82}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{D8247DA8-A092-4F69-8CC3-7F4EA54A7FC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC96B31F-5D1B-4D34-954B-65049D1139C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{183A5A47-78DB-4578-80B8-4A048A906D9C}D:\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{2E365986-B6C4-4C1C-A500-63C98D24F63C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{2FF0C35C-59B3-4DCC-9E2E-0DAE3E70D23F}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{31D3B45B-818A-4359-A6C7-0B430A2A389B}C:\users\marion\firefox.exe" = protocol=6 | dir=in | app=c:\users\marion\firefox.exe |
"TCP Query User{4BDC0BD7-5DB4-4266-A6BF-64149C0A665C}C:\users\marion\test wow\world of warcraft public test\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\marion\test wow\world of warcraft public test\launcher.patch.exe |
"TCP Query User{5BE3C05B-BF18-4A2C-A7EB-0AE8F2E51B36}D:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"TCP Query User{808491E8-EDD5-4BD6-B5FB-42A9CCFE3D81}D:\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{ABA58270-F577-4ED5-B130-658D9F6FDFD5}D:\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"TCP Query User{AC75059C-908A-42AA-8578-15EFC0D25B28}D:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"TCP Query User{B342180F-A339-4AE9-AFE4-4132D3CF5063}D:\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{BD02E061-B233-434D-B826-6CBC9430A330}D:\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{BE732AF1-B84B-4DD9-A053-B788631E3EE9}D:\games\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"TCP Query User{BEC7C282-29F4-4536-A8BB-258F09EFC142}D:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"TCP Query User{CCEB8479-0D91-4BEF-BD08-54847CAC4498}D:\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{E6DD1A4B-C3E6-4095-BED1-865C8C8C81A2}D:\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{EBDDFE26-0893-4367-A73D-80D5576434C3}D:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"TCP Query User{F1603AC7-9447-4DFC-BEB1-A1DE00A931F4}D:\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{06B670F3-6387-4D77-9915-7E439BCE5152}D:\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{0FF2F826-B635-42BA-8FF1-239A0241996C}D:\games\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.patch.exe |
"UDP Query User{16140DF1-3CA5-45EA-8E5E-914FD58D9FB2}D:\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{1C45EC75-F7D6-4A67-8DA8-E6CBBBB7C8F1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{265E2DEF-EC14-47C1-90EA-038C316B5299}D:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{7A9DF6E8-E72C-4AA3-9859-1AE0997CFE2C}D:\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{A3C56611-CE2B-41CE-9469-11182B01D03C}D:\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{AD8D12AE-6766-456E-97EF-E83AADB1A4E8}D:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"UDP Query User{ADECDA5A-E0A8-4802-A0B3-1BB3F0AC15F4}D:\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{B57BA662-4724-4132-B31E-B1E7B2AD4A70}D:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |
"UDP Query User{BC897D9A-5856-49B3-B0B6-588471D3045C}D:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |
"UDP Query User{C8F13599-FA7A-45C7-85DC-D9F3C7167E68}D:\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |
"UDP Query User{CA648B48-3D38-433C-96E0-2D72ABB9301C}D:\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{CCAAF495-CA0D-4DF8-9C37-397B378C4DD8}C:\users\marion\firefox.exe" = protocol=17 | dir=in | app=c:\users\marion\firefox.exe |
"UDP Query User{D11E88B5-AB08-4076-87A0-BD58E0D15B76}D:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\launcher.exe |
"UDP Query User{E3B7D727-2C43-404F-B1EE-2A2CC5B7AFF8}C:\users\marion\test wow\world of warcraft public test\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\marion\test wow\world of warcraft public test\launcher.patch.exe |
"UDP Query User{F4B43442-91B6-4096-8569-CD08FA19BB10}D:\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{027B17C7-C291-6FB5-0C82-8BC157599201}" = Catalyst Control Center
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D3F755-05A0-934E-6F48-706C43927AA9}" = CCC Help English
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{363188E4-1A27-4DE6-BA48-823D2E205385}" = ArcSoft Scan-n-Stitch Deluxe
"{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}" = ArcSoft Panorama Maker 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA2B4FD-AEF2-ED4F-F5E5-0095DDA47AC7}" = Adobe Download Assistant
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{40DA94AF-34B7-4BA7-A37F-26F899C031FF}" = ArcSoft PhotoStudio Darkroom 2
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{469032A5-C6F3-CE61-67B1-F8820B747401}" = Application Profiles
"{488405CF-0BD3-D35E-13BD-4D71ADE5E401}" = ATI Problem Report Wizard
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67D7D7EB-9330-2884-6EC2-4AB32CC981B5}" = ATI AVIVO Codecs
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68CF04B1-A3B4-472D-BF4C-1B562EE2BE17}" = ArcSoft PhotoImpression 2000
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BCC0A09-6235-C2DE-4E3D-09F7793C6FB3}" = Catalyst Control Center Graphics Previews Common
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{81E04A8B-C804-4886-FA79-0AD2BE946A06}" = Catalyst Control Center InstallProxy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8FA4B2B-67A0-18D0-77DD-F08405016F37}" = ATI Catalyst Install Manager
"{C1392D78-3958-03C8-E747-51DE7CEE8E03}" = Catalyst Control Center InstallProxy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D751FC11-146D-9848-6993-9A567E05B1EF}" = ccc-utility
"{D8A8894A-B875-8206-E820-B27BCD72C5A0}" = HydraVision
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F03EC055-F34E-4F6B-A684-8A370E11A304}" = ArcSoft Print Creations
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX-Setup
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"Security Task Manager" = Security Task Manager 1.8c
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.07.2011 13:20:51 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.07.2011 13:21:02 | Computer Name = Marion-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.07.2011 06:00:52 | Computer Name = Marion-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.07.2011 06:01:04 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.07.2011 06:01:04 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.07.2011 04:51:44 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.07.2011 04:51:44 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.07.2011 04:53:58 | Computer Name = Marion-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.07.2011 04:54:08 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.07.2011 04:54:08 | Computer Name = Marion-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 25.10.2010 11:46:52 | Computer Name = Marion-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: COMException trying to call ehepgdat. Prozess:
DefaultDomain Objektname: Microsoft.Ehome.Epg.Helper.EhepgdatHelper
Error - 25.10.2010 11:46:52 | Computer Name = Marion-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: COMException trying to call ehepgdat. Prozess:
DefaultDomain Objektname: Microsoft.Ehome.Epg.Helper.EhepgdatHelper
Error - 25.10.2010 11:46:52 | Computer Name = Marion-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: COMException trying to call ehepgdat. Prozess:
DefaultDomain Objektname: Microsoft.Ehome.Epg.Helper.EhepgdatHelper
Error - 25.10.2010 11:46:52 | Computer Name = Marion-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: COMException trying to call ehepgdat. Prozess:
DefaultDomain Objektname: Microsoft.Ehome.Epg.Helper.EhepgdatHelper
Error - 25.10.2010 11:46:52 | Computer Name = Marion-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: Error reprocessing guide: System.Runtime.InteropServices.COMException
(0x8007043C): Die COM-Klassenfactory für die Komponente mit CLSID {4B635ECB-0887-4015-8CA6-D621362F98D1}
konnte aufgrund des folgenden Fehlers nicht abgerufen werden: 8007043c. bei Microsoft.Ehome.Epg.Helper.EhepgdatHelper.GetEhepgdat()
bei Microsoft.Ehome.Epg.Helper.EhepgdatBase.Retry(EhepgdatCall action) bei
Microsoft.Ehome.Epg.Guide.ReprocessGuideImp() Prozess: DefaultDomain Objektname:
Media Center Guide
[ System Events ]
Error - 17.07.2011 04:55:19 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 17.07.2011 04:55:19 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.07.2011 05:21:58 | Computer Name = Marion-PC | Source = DCOM | ID = 10010
Description =
Error - 17.07.2011 05:23:52 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.07.2011 05:27:08 | Computer Name = Marion-PC | Source = DCOM | ID = 10010
Description =
Error - 17.07.2011 05:28:57 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.07.2011 06:19:52 | Computer Name = Marion-PC | Source = DCOM | ID = 10010
Description =
Error - 17.07.2011 06:21:06 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.07.2011 06:49:37 | Computer Name = Marion-PC | Source = DCOM | ID = 10010
Description =
Error - 17.07.2011 06:50:42 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Gmer.txt Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-07-17 13:36:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000058 WDC_WD64 rev.01.0
Running: tebx99zx.exe; Driver: C:\Users\Marion\AppData\Local\Temp\fgriypod.sys
---- System - GMER 1.0.15 ----
INT 0xA0 ? 9166BCD0
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA07000, 0x38E905, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[684] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 767EB37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
---- EOF - GMER 1.0.15 ----
mbam-log Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7173
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
17.07.2011 14:36:20
mbam-log-2011-07-17 (14-35-59).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 335731
Laufzeit: 34 Minute(n), 4 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
c:\Users\Marion\firefox.exe (Rootkit.Dropper) -> 5564 -> No action taken.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Marion\firefox.exe (Rootkit.Dropper) -> No action taken.
hijackthis.log Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:22, on 17.07.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Marion\firefox.exe
C:\Users\Marion\plugin-container.exe
C:\Users\Marion\Desktop\HiJackThis204(2).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0810&m=aspire_m5641
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0810&m=aspire_m5641
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 9139 bytes
|
