Trojaner-Board - Bundespolizei-Trojaner ctfmon.lnk

Das Logfile aus Malewarebyte ist bereits im ersten Post.

OTL Logfile:

Code:

OTL logfile created on: 27.07.2012 17:59:06 - Run 1

OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\User\Desktop

Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1013,45 Mb Total Physical Memory | 273,44 Mb Available Physical Memory | 26,98% Memory free

2,21 Gb Paging File | 0,77 Gb Available in Paging File | 34,93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 51,14 Gb Total Space | 19,13 Gb Free Space | 37,41% Space Free | Partition Type: NTFS

Drive D: | 50,89 Gb Total Space | 50,80 Gb Free Space | 99,82% Space Free | Partition Type: NTFS

 

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()

PRC - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()

PRC - C:\Programme\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)

PRC - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)

PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()

PRC - C:\Acer\Mobility Center\MobilityService.exe ()

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\22e348e7fee20fcb2013d3dfe016ae8e\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ae77b2b91367f11d340cf3bf2428af59\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll ()

MOD - C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()

MOD - C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll ()

MOD - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll ()

MOD - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll ()

MOD - C:\Acer\Empowering Technology\eNet\eNetPlugin.dll ()

MOD - C:\Windows\System32\igfxTMM.dll ()

MOD - C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll ()

MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()

MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()

MOD - C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll ()

MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()

MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()

MOD - C:\Windows\System32\BatchCrypto.dll ()

MOD - C:\Windows\System32\ShowErrMsg.dll ()

MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()

MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()

MOD - C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll ()

MOD - C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll ()

MOD - C:\Acer\Empowering Technology\eLock\eLockCTL.dll ()

MOD - C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll ()

MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()

MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()

MOD - C:\Programme\Launch Manager\PowerUtl.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found

SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (CLSched) -- C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()

SRV - (CLCapSvc) -- C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()

SRV - (CyberLink Media Library Service) -- C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)

SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)

SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)

SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()

SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {7701AE81-F4B5-4D98-B52D-020DA509DE83}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{7701AE81-F4B5-4D98-B52D-020DA509DE83}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

 

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer Tour]  File not found

O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)

O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)

O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found

O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Acer Tour Reminder]  File not found

O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.137.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{216DE977-6D64-481B-AE61-971EBF9CD862}: DhcpNameServer = 192.168.137.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A077D898-9E1A-484A-A5CE-CCFDA75B3274}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.27 17:57:41 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2012.07.27 15:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012.07.27 15:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.07.27 15:08:00 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll

[2012.07.27 15:07:59 | 000,472,880 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012.07.27 15:07:59 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.07.27 15:07:59 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.07.27 15:07:58 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.07.27 14:52:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.07.27 14:51:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes

[2012.07.27 14:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.27 14:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.27 14:50:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.07.27 14:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.07.27 13:31:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira

[2012.07.27 13:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.07.27 13:24:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.07.27 13:24:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.07.27 13:24:05 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.07.27 13:24:05 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.07.27 13:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.07.27 13:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.27 17:57:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2012.07.27 17:20:55 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.07.27 17:20:55 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.07.27 17:20:55 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.07.27 17:20:55 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.07.27 17:14:05 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.27 17:14:05 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.27 17:02:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.27 15:07:02 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012.07.27 15:07:02 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012.07.27 15:07:01 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll

[2012.07.27 15:07:01 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012.07.27 15:07:01 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012.07.27 14:54:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2012.07.27 14:50:46 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.27 13:24:37 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.07.27 12:13:42 | 1063,329,792 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.26 19:01:54 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad

[2012.07.26 19:00:36 | 000,005,648 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat

[2012.07.26 16:14:34 | 000,001,716 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

[2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.07.05 11:41:33 | 000,000,040 | ---- | M] () -- C:\ProgramData\ygymqqskjubainz

[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.27 14:50:46 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.27 13:24:37 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.07.26 22:52:07 | 1063,329,792 | -HS- | C] () -- C:\hiberfil.sys

[2012.07.26 16:14:34 | 000,001,716 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

[2012.07.26 16:14:33 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad

[2012.07.05 11:41:33 | 000,000,040 | ---- | C] () -- C:\ProgramData\ygymqqskjubainz

[2011.07.31 17:07:00 | 000,000,019 | ---- | C] () -- C:\Windows\BibiH.ini

[2011.01.16 22:21:22 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm

[2010.09.15 17:19:47 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2010.09.15 17:19:47 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2010.09.15 17:19:47 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2010.09.15 17:19:47 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2010.09.15 17:19:47 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2010.09.15 17:19:47 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2010.09.15 17:19:47 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2010.09.15 17:19:47 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2010.09.15 17:19:47 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2010.09.15 17:19:47 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2010.09.15 17:19:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2010.09.15 17:19:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2010.09.15 17:19:47 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2010.09.15 17:19:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2010.09.15 17:19:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2010.09.15 17:19:47 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2010.09.15 17:19:47 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2010.09.15 17:19:47 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2010.09.15 17:19:47 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2008.08.23 06:24:22 | 000,005,648 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

[2008.08.11 19:21:40 | 000,036,570 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2008.03.06 00:29:41 | 000,011,264 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.03.04 19:03:54 | 000,001,472 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
 

< End of report >

--- --- ---

--- --- ---OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 27.07.2012 17:59:06 - Run 1

OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\User\Desktop

Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1013,45 Mb Total Physical Memory | 273,44 Mb Available Physical Memory | 26,98% Memory free

2,21 Gb Paging File | 0,77 Gb Available in Paging File | 34,93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 51,14 Gb Total Space | 19,13 Gb Free Space | 37,41% Space Free | Partition Type: NTFS

Drive D: | 50,89 Gb Total Space | 50,80 Gb Free Space | 99,82% Space Free | Partition Type: NTFS

 

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0EA4353C-E90C-49A8-A29D-1776B8330B76}" = rport=139 | protocol=6 | dir=out | app=system | 

"{35A1C070-EFF7-49F7-94D0-DF46F5A6B574}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{5E3FED8A-1EA5-4174-83AE-6443B9395753}" = lport=445 | protocol=6 | dir=in | app=system | 

"{5F9CDA9B-23AF-4165-86D5-A1D2E2AB3810}" = lport=137 | protocol=17 | dir=in | app=system | 

"{62C79632-F9EF-4544-9EC7-E65A5126622C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{65F8D97D-012C-4295-A6CB-529B4E46CACA}" = rport=137 | protocol=17 | dir=out | app=system | 

"{7175ABAE-B98D-42DA-A112-242A79103325}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{922118D8-CE27-4F74-AABD-04AF107FE0AE}" = lport=138 | protocol=17 | dir=in | app=system | 

"{B9B2CFFC-EEE5-4201-9BA2-2AD7F89AD606}" = rport=445 | protocol=6 | dir=out | app=system | 

"{BDE05BC5-F3E0-4A2D-A6CC-78FD8A5AF837}" = rport=138 | protocol=17 | dir=out | app=system | 

"{F2031B8F-ACB2-4290-9E48-471CCF84794A}" = lport=139 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{004304D7-184B-44E8-B5C8-7D003073DDF5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{08157C46-06FD-425A-87D5-FB04BB5299A3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{0A09853D-26EB-4795-A229-C57B837A9BF9}" = dir=in | app=c:\program files\acer\homemedia\homemedia.exe | 

"{1595699B-8AEA-4929-B1C9-A5167AE1D9FC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{3BDEACC4-AC60-4713-91E5-42AF5E537301}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{5DDB42EA-DF56-443C-9831-CC97C4B8960F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{637F1072-BEBE-4DED-9FE2-25D9159A1C12}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{6A428BDC-A688-450B-A47D-222850C9F56A}" = dir=in | app=c:\program files\acer\acer arcade\kernel\dms\clmsservice.exe | 

"{82F7EB0E-36D5-47A0-B1CF-D3F26A981EB7}" = dir=in | app=c:\program files\acer\acer arcade\kernel\dmp\clbrowserengine.exe | 

"{98BFC150-751C-4756-9F97-ED53FB6F0EB9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{BAB55F3F-6FE6-4B93-B8EE-87E01DDD66E2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{CDF17F1B-ED32-4BB5-A2FF-36B9B4F80685}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{D1F7DD85-AF61-447C-B938-503473E5EE34}" = dir=in | app=c:\program files\acer\acer arcade\powercinema.exe | 

"{D465218B-2091-4342-A76C-F878FB27E844}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{D5F43FB9-E3C8-4043-B9B3-ECABBC5308E1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{F3FE0DF1-6969-4DA9-A516-E8ABDC2E774A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{F66DD536-9EAA-4763-B672-9F026F2B12AC}" = dir=in | app=c:\program files\acer\acer arcade\pcmservice.exe | 

"TCP Query User{883FEF0F-5F69-45BF-A640-D57463AC4F6B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 

"UDP Query User{DEEE8CEA-DE42-4E34-A643-DB45E13248C4}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33

"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}" = Big Kahuna Reef 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = Mystery Case Files Ravenhearst

"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management

"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72

"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Avira AntiVir Desktop" = Avira Free Antivirus

"Die Wilden Fußballkerle" = Die Wilden Fußballkerle

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EPSON Scanner" = EPSON Scan

"Epson Stylus SX110_TX110 Benutzerhandbuch" = Epson Stylus SX110_TX110 Handbuch

"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall

"GridVista" = Acer GridVista

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"PC-Kids Englisch 3_is1" = PC-Kids Englisch 3

"ShockwaveFlash" = Adobe Flash Player 9 ActiveX

"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker

"Yahoo! Toolbar" = Yahoo! Toolbar

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 18.11.2009 13:18:55 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 18.11.2009 13:22:23 | Computer Name = User-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 19.11.2009 06:40:00 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 19.11.2009 06:46:01 | Computer Name = User-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 21.11.2009 09:37:27 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 21.11.2009 09:42:03 | Computer Name = User-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 22.11.2009 07:39:14 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 22.11.2009 07:43:08 | Computer Name = User-PC | Source = WerSvc | ID = 5007

Description = 

 

Error - 22.11.2009 13:39:43 | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 22.11.2009 13:43:24 | Computer Name = User-PC | Source = WerSvc | ID = 5007

Description = 

 

[ System Events ]

Error - 26.07.2012 16:46:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 26.07.2012 16:46:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 26.07.2012 16:46:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 26.07.2012 16:46:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 26.07.2012 16:46:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 26.07.2012 16:46:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 26.07.2012 16:46:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 26.07.2012 16:46:03 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 26.07.2012 17:15:22 | Computer Name = User-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 26.07.2012 um 23:04:13 unerwartet heruntergefahren.

 

Error - 27.07.2012 06:12:07 | Computer Name = User-PC | Source = Dhcp | ID = 1001

Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server

 für die Netzwerkkarte mit der Netzwerkadresse 001F3A013730 zugeteilt werden. Der

 folgende Fehler ist aufgetreten:   %%121. Es wird weiterhin im Hintergrund versucht,

 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

 

 

< End of report >

--- --- ---

MfG
Philipp

Ah, jetzt sollts passen:

Code:

All processes killed

========== PROCESSES ==========

========== OTL ==========

No active process named RtkBtMnt.exe was found!

Error: No service named LiveUpdate Notice Ex was found to stop!

Service\Driver key LiveUpdate Notice Ex not found.

File  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found not found.

Error: No service named CLTNetCnService was found to stop!

Service\Driver key CLTNetCnService not found.

File  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found not found.

Error: No service named NwlnkFwd was found to stop!

Service\Driver key NwlnkFwd not found.

File  system32\DRIVERS\nwlnkfwd.sys File not found not found.

Error: No service named NwlnkFlt was found to stop!

Service\Driver key NwlnkFlt not found.

File  system32\DRIVERS\nwlnkflt.sys File not found not found.

Error: No service named IpInIp was found to stop!

Service\Driver key IpInIp not found.

File  system32\DRIVERS\ipinip.sys File not found not found.

Error: No service named blbdrive was found to stop!

Service\Driver key blbdrive not found.

File  C:\Windows\system32\drivers\blbdrive.sys File not found not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7701AE81-F4B5-4D98-B52D-020DA509DE83}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7701AE81-F4B5-4D98-B52D-020DA509DE83}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.

File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.

File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.

File C:\Windows\System32\eDStoolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ALaunch not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SetPanel not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File C:\autoexec.bat not found.

File C:\ProgramData\0tbpw.pad not found.

File C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.

File C:\ProgramData\ygymqqskjubainz not found.

========== FILES ==========

C:\Users\User\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\User\Desktop\cmd.bat deleted successfully.

C:\Users\User\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Gast

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: User

->Temp folder emptied: 33169 bytes

->Temporary Internet Files folder emptied: 33300 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2048 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 0,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Gast

->Flash cache emptied: 0 bytes

 

User: Public

 

User: User

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.55.0 log created on 07282012_154942
 

Files\Folders moved on Reboot...

File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.

File move failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.

File\Folder C:\Windows\temp\sqlite_ePmxwbMZbJtXJzP not found!
 

PendingFileRenameOperations files...

[2006.10.22 23:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll : MD5=C11F6A1F61481E24BE3FDC06EA6F7D2A

[2012.07.28 15:52:40 | 000,000,000 | ---- | M] () C:\Windows\temp\CLML_AGENT_LOG1.txt : Unable to obtain MD5

File C:\Windows\temp\sqlite_ePmxwbMZbJtXJzP not found!
 

Registry entries deleted on Reboot...