|
Hi, das ist ne Menge Malware die da auf dem System war und ich bin mir noch nicht sicher, dass alles runter ist. Gibts probleme mit OTL und Co? lg myrtille |
hab ich noch nicht gemacht kommt jetzt als nächstes Bericht von normalscan auf C: Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2713 Windows 6.0.6001 Service Pack 1 29.08.2009 21:34:57 mbam-log-2009-08-29 (21-34-57).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 240503 Laufzeit: 57 minute(s), 1 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Temp\VRT7EC.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\Temp\VRTBFE4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. |
OTL Report Nr. 1 OTL Extras logfile created on: 29.08.2009 21:41:47 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Timon\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 96,14% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,79 Gb Total Space | 61,05 Gb Free Space | 42,46% Space Free | Partition Type: NTFS Drive D: | 140,29 Gb Total Space | 58,18 Gb Free Space | 41,47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 3,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TIMON-PC Current User Name: Timon Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found "C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found "C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found "C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{051F1E82-32F7-4EA7-9FFB-A15FA769EDEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{05D277C8-0779-4C26-AB63-B186C173B840}" = rport=138 | protocol=17 | dir=out | app=system | "{08B43ED8-6415-4E87-8E1B-73547460731D}" = rport=139 | protocol=6 | dir=out | app=system | "{2494CEBD-DD3A-4E85-8B6E-B91EA1AD47E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{24E6C20A-6749-44E5-A4B0-41B06C7E7F4B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{37463E7D-4FC2-417F-ABFE-A79E6A8C229B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{561574A2-F9AB-4A8B-804A-08567418D404}" = lport=138 | protocol=17 | dir=in | app=system | "{5B075D28-0A56-45BA-8F20-CAC6BD77B9CB}" = lport=445 | protocol=6 | dir=in | app=system | "{65938D66-E5FB-46A3-8CEA-2437BAF92DF9}" = rport=445 | protocol=6 | dir=out | app=system | "{71A47D0A-349D-4A64-BCDA-7C24226D7135}" = lport=137 | protocol=17 | dir=in | app=system | "{735162BB-A3EB-492F-9021-DA91064C1840}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8F6F4D5A-15CF-466B-8BDD-DFADE4BDF579}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CF67BB7C-AE53-4F44-A3A6-F889289BBF17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D0DDD2CE-FEA8-4991-B0EB-42DE5449854D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D1A05DB6-1781-4285-ACF3-4B8C05911118}" = rport=137 | protocol=17 | dir=out | app=system | "{D49918B5-86AC-4EC5-9889-BE18BCABE410}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E740C6D8-3D86-466E-9E64-CBAAD7CD98C0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{EEFB268F-A5FF-458B-8BC6-AD97A0D2A582}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{017B0189-F956-4AD5-8F97-6FCCB911BF93}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | "{06E79C14-5A84-438C-BAB7-5D4E7F05EED7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0EC6CF61-6E15-48B0-8A7C-BB247EEA0E60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0F5666C4-4D9F-4457-8846-CDB5460C1B31}" = protocol=6 | dir=in | app=c:\windows\temp\vrt4634.tmp | "{13519E0E-D69B-4211-A216-8A1C94BBD8CA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{138D5839-7684-475F-90B9-06A5FF70D796}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{17EC5777-D665-4D97-9B2C-4ED1A7B95B53}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{22A21EE7-B8A0-45E4-821D-365EC26B7BCC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2CBA208B-A9BE-4904-969D-997F62441370}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{2E45B6E8-B2BA-4C9F-9AAC-E148932314C4}" = protocol=17 | dir=in | app=c:\windows\temp\vrt4634.tmp | "{33B99231-479D-4080-8AD0-D02BB9138FC4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3C9D27B6-9414-4C53-A0C5-2FED0F75233B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142 deluxe edition\bf2142.exe | "{4A51B9F6-0D31-4FD6-9B43-0FB976D99B45}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{4B4A24FE-8FE6-4DBE-8745-520DB9FE1228}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | "{5F3ECD73-620C-425E-A2E8-671FBEF27E29}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{69D03E7C-5D78-4865-9BD6-965229DB7BF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{87CE4073-3764-4329-B0E1-81A5B86E5846}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142 deluxe edition\bf2142.exe | "{8CF96570-C8F6-4D8B-A562-53D349C241F2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | "{AB0AB9A2-E8F0-4998-8630-537E2BC883B7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{AFDFB32C-1864-40F8-9569-620F2F992220}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | "{B1E07B95-5299-4E50-ACFB-CF971C915D4D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B6E2A118-EC4F-494F-B8CF-882F992914CC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | "{C0A3E0B2-64FE-4F1E-955B-7AC340139FEC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{D54EEA5E-807A-4C4F-9422-F76FA412139E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EBB467CC-F343-41EA-BECD-DCDA7B306CDA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F32D8C79-A1CB-4C89-881B-DB9A9D96810D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{F42B23CC-FAFD-4966-9012-0D42584287C7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "TCP Query User{24750467-57FB-4A6C-819B-A29F52A751B2}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | "TCP Query User{3650230F-A765-4E55-A024-B76C79822FDA}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | "TCP Query User{3AB84CA3-7510-484C-979A-FB1D044AE99B}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | "TCP Query User{4CEA2357-2D37-48E3-94F9-B0828A90FD5A}E:\progs\shark v0.6\client.exe" = protocol=6 | dir=in | app=e:\progs\shark v0.6\client.exe | "TCP Query User{565B0291-213C-483C-922E-A619E282BEA4}C:\program files\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files\xampp\apache\bin\apache.exe | "TCP Query User{840EA162-F985-4128-A60C-1E44E9681A13}D:\XXX\setups\dk\noob\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\timon\setups\dk\noob\mysql\bin\mysqld.exe | "TCP Query User{84690B6E-44BB-4457-B585-4C76335604D8}C:\program files\icq51\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icq51\icqlite.exe | "TCP Query User{A8DE2E8A-7591-4B77-9ED0-BB3B0071AD04}D:\spiele\blobby\volley.exe" = protocol=6 | dir=in | app=d:\spiele\blobby\volley.exe | "TCP Query User{A9CB7CE9-B432-468E-B49D-EA7ECD56A3BF}D:\XXX\setups\dk\noob\apache\bin\apache.exe" = protocol=6 | dir=in | app=d:\timon\setups\dk\noob\apache\bin\apache.exe | "TCP Query User{AD6FFD32-8781-43D5-A2B9-CF504FCCBC50}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{BAF8D852-6A58-4CAA-BC6F-1176BE1FCA2E}C:\program files\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\xampp\mysql\bin\mysqld.exe | "TCP Query User{BDC88673-D1E7-4754-9B39-205B8F00D018}C:\program files\anno1602\1602.exe" = protocol=6 | dir=in | app=c:\program files\anno1602\1602.exe | "TCP Query User{CBF41069-C208-451C-B29E-84D58FA7E3CD}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{D3245677-2F0C-49CF-AB46-8949F26D6172}D:\fogdownloaderde-runesofmagic.exe" = protocol=6 | dir=in | app=d:\fogdownloaderde-runesofmagic.exe | "TCP Query User{DC4AB5D7-415F-48E2-B7DE-5F35ACF352BD}C:\users\XXX\downloads\installer-13387-32de-nero-showtime-deutsch.exe" = protocol=6 | dir=in | app=c:\users\XXX\downloads\installer-13387-32de-nero-showtime-deutsch.exe | "TCP Query User{DD237981-5ED0-49A3-A007-F5265C704883}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | "TCP Query User{F0EA4163-E0C4-494B-BDD6-1FF2400DF79C}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=6 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe | "TCP Query User{FAA61909-4F36-41B1-934C-8F07F0C093A3}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "UDP Query User{0975FA33-ADC1-46D0-97F5-D157F6E72D71}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | "UDP Query User{1074FA93-84DB-47FA-B070-85260FD179F5}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | "UDP Query User{12A4CC08-378B-46DB-956B-C650B40278C4}E:\progs\shark v0.6\client.exe" = protocol=17 | dir=in | app=e:\progs\shark v0.6\client.exe | "UDP Query User{28372D55-519D-4A29-90D5-A3F409DED2D7}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "UDP Query User{2B01C100-44F7-44F6-998F-27D252D90BCF}C:\program files\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\xampp\mysql\bin\mysqld.exe | "UDP Query User{3EC38B61-03AE-4DA8-9AA7-0A566860E333}C:\program files\icq51\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icq51\icqlite.exe | "UDP Query User{443A2F76-6509-4316-839D-51687C82362F}D:\XXX\setups\dk\noob\apache\bin\apache.exe" = protocol=17 | dir=in | app=d:\timon\setups\dk\noob\apache\bin\apache.exe | "UDP Query User{5490F8C8-C8FF-4357-B5A2-51663E823B2B}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | "UDP Query User{791B8E24-7287-4913-8D65-FDC2F77C050C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{7998D9A8-1E7C-4F47-8A93-D9F1E975BF1C}D:\spiele\blobby\volley.exe" = protocol=17 | dir=in | app=d:\spiele\blobby\volley.exe | "UDP Query User{8F2D076C-F8D4-4E1A-92B1-C3CFEA2C31C5}D:\timon\setups\dk\noob\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\timon\setups\dk\noob\mysql\bin\mysqld.exe | "UDP Query User{93A6DFBD-E4C1-4995-B656-A0325E0B927C}C:\program files\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files\xampp\apache\bin\apache.exe | "UDP Query User{9B788C5E-C0BA-4F7D-B65E-BF3E4E0B9613}C:\program files\anno1602\1602.exe" = protocol=17 | dir=in | app=c:\program files\anno1602\1602.exe | "UDP Query User{A655D958-47CB-4B98-BE37-3229F3C4794C}D:\fogdownloaderde-runesofmagic.exe" = protocol=17 | dir=in | app=d:\fogdownloaderde-runesofmagic.exe | "UDP Query User{B011867E-7790-43E7-B5FB-1279C047A5BA}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | "UDP Query User{E2AC93D4-CEDA-4155-9B0B-1F21FF5DF4C8}C:\users\XXX\downloads\installer-13387-32de-nero-showtime-deutsch.exe" = protocol=17 | dir=in | app=c:\users\timon\downloads\installer-13387-32de-nero-showtime-deutsch.exe | "UDP Query User{E31CED14-873F-4C5C-A1B0-034554AEDB3A}C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe" = protocol=17 | dir=in | app=c:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe | "UDP Query User{F4A7D782-0A58-476B-A922-4CFB34F1A9EB}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes "{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II "{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager "{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.1 "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1 "{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{ADC7FA12-E165-428a-AF13-4CE686E030AA}" = C5100 "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe "{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter "{EFFE151C-F863-4B1E-9E22-3C1369B4C690}" = phase6_17 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE) "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Age of Empires 2.0" = Microsoft Age of Empires II "AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3 "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "ArtMoney SE_is1" = ArtMoney SE v7.30.2 "Audacity_is1" = Audacity 1.2.6 "CABAL Online (Europe)_is1" = CABAL Online "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "Deluxe Pacman_is1" = Deluxe Pacman (1.69b) "Ghost Recon Advanced Warfighter Patch_is1" = GRAW Patch 1.35 "Gothic II" = Gothic II "Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben "GridVista" = Acer GridVista "Hamachi" = Hamachi 1.0.1.3 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "ICQLite" = ICQ 5.1 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MC-Load Preinstaller" = MC-Load Preinstaller "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13) "Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22) "NVIDIA Drivers" = NVIDIA Drivers "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamViewer 3" = TeamViewer 3 "VLC media player" = VLC media player 0.9.8a "WinRAR archiver" = WinRAR archiver ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27.07.2009 08:19:00 | Computer Name = XXX-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Gothic3.exe, Version 1.7.25755.0, Zeitstempel 0x00002ad9, fehlerhaftes Modul Engine.dll!?GetVirtualRootPath@eCVirtualFi, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode 0xc0000139, Fehleroffset 0x00009cac, Prozess-ID 0x15c0, Anwendungsstartzeit 01ca0eb467f2a5d0. Error - 27.07.2009 08:19:43 | Computer Name = XXX-PC | Source = VSS | ID = 8194 Description = Error - 27.07.2009 08:22:32 | Computer Name = XXX-PC | Source = VSS | ID = 8194 Description = Error - 28.07.2009 08:28:26 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10 Description = Error - 28.07.2009 08:35:41 | Computer Name = XXX-PC | Source = Application Hang | ID = 1002 Description = Programm ICQLite.exe, Version 20.52.2573.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: fb8 Anfangszeit: 01ca0f7ee70ff789 Zeitpunkt der Beendigung: 16 Error - 28.07.2009 09:09:22 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10 Description = Error - 28.07.2009 17:09:10 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10 Description = Error - 29.07.2009 09:34:29 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10 Description = Error - 29.07.2009 16:34:18 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10 Description = Error - 31.07.2009 12:23:18 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 29.08.2009 14:17:50 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.08.2009 14:19:39 | Computer Name = XXX-PC | Source = bowser | ID = 8003 Description = Error - 29.08.2009 14:26:19 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7030 Description = Error - 29.08.2009 14:28:43 | Computer Name = XXX-PC | Source = HTTP | ID = 15016 Description = Error - 29.08.2009 14:29:01 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.08.2009 14:31:39 | Computer Name = XXX-PC | Source = bowser | ID = 8003 Description = Error - 29.08.2009 15:36:57 | Computer Name = XXX-PC | Source = HTTP | ID = 15016 Description = Error - 29.08.2009 15:37:16 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.08.2009 15:37:16 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000 Description = Error - 29.08.2009 15:39:24 | Computer Name = XXX-PC | Source = bowser | ID = 8003 Description = < End of report > |
OTL logfile created on: 29.08.2009 21:41:47 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Timon\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 96,14% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,79 Gb Total Space | 61,05 Gb Free Space | 42,46% Space Free | Partition Type: NTFS Drive D: | 140,29 Gb Total Space | 58,18 Gb Free Space | 41,47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 3,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TIMON-PC Current User Name: Timon Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\System32\PnkBstrA.exe () PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe () PRC - C:\Program Files\TeamViewer3\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation) PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\Users\Timon\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\wbem\WMIADAP.EXE (Microsoft Corporation) PRC - C:\Users\Timon\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (ALaunchService [Auto | Running]) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (AntiVirUpgradeService [Auto | Stopped]) -- File not found SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (eDataSecurity Service [Auto | Running]) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (eLockService [Auto | Running]) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (eNet Service [Auto | Running]) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eRecoveryService [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (eSettingsService [Auto | Running]) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (HPSLPSVC [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.) SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (MobilityService [Auto | Running]) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard) SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (npggsvc [On_Demand | Stopped]) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard) SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\System32\PnkBstrA.exe () SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe () SRV - (TeamViewer [Auto | Running]) -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WMIService [Auto | Running]) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (atksgt [Auto | Running]) -- C:\Windows\System32\DRIVERS\atksgt.sys () DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avipbb [System | Running]) -- C:\Windows\System32\DRIVERS\avipbb.sys (Avira GmbH) DRV - (b57nd60x [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\b57nd60x.sys (Broadcom Corporation) DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (DKbFltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\DKbFltr.sys (Dritek System Inc.) DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation) DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (hamachi [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\hamachi.sys (LogMeIn, Inc.) DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (int15 [Auto | Running]) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (lirsgt [Auto | Running]) -- C:\Windows\System32\DRIVERS\lirsgt.sys () DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel Corporation) DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation) DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (NTIDrvr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (nxxex [Unknown | Running]) -- Service key not found. File not found DRV - (PSDFilter [Boot | Running]) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ [Auto | Running]) -- C:\Windows\System32\DRIVERS\PSDNServ.sys (Egis Incorporated) DRV - (psdvdisk [Auto | Running]) -- C:\Windows\System32\DRIVERS\PSDVdisk.sys (Egis Incorporated) DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC) DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC) DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC) DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (ssmdrv [System | Running]) -- C:\Windows\System32\DRIVERS\ssmdrv.sys (AVIRA GmbH) DRV - (StillCam [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\serscan.sys (Microsoft Corporation) DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.) DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (winbondcir [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\winbondcir.sys (Winbond Electronics Corporation) DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Auto | Running]) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (MBAMSwissArmy [On_Demand | Running]) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "http://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.startup.homepage: "http://www.google.de/" FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13 FF - prefs.js..keyword.URL: "http://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.08.10 22:48:47 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.08.05 22:56:52 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.08.05 22:56:52 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Thunderbird\components [2009.08.01 12:11:21 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Thunderbird\plugins [2009.04.14 23:25:30 | 00,000,000 | ---D | M] [2008.11.24 02:07:23 | 00,000,000 | ---D | M] -- C:\Users\Timon\AppData\Roaming\mozilla\Extensions [2008.11.24 02:07:23 | 00,000,000 | ---D | M] -- C:\Users\Timon\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008.11.24 02:07:23 | 00,000,000 | ---D | M] -- C:\Users\Timon\AppData\Roaming\mozilla\Firefox\Profiles\8q38yk1a.default\extensions [2009.08.29 21:38:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009.08.05 22:56:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009.02.19 21:24:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009.08.05 22:56:51 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009.08.05 22:56:51 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008.10.07 00:48:36 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2009.08.05 22:56:51 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2008.10.14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008.11.27 18:15:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008.11.27 18:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008.11.27 18:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008.11.27 18:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008.11.27 18:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008.11.27 18:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008.11.27 18:15:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009.03.26 17:35:07 | 00,001,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.03.26 17:35:07 | 00,001,779 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\clipfish.xml [2009.03.26 17:35:07 | 00,001,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conrad.xml [2009.03.26 17:35:07 | 00,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml [2009.03.26 17:35:07 | 00,000,860 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ebay-de.xml [2008.04.16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008.02.19 16:40:48 | 00,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.03.26 17:35:07 | 00,001,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\musicload.xml [2009.03.26 17:35:07 | 00,002,120 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\myvideo.xml [2009.03.26 17:35:07 | 00,002,023 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\otto.xml [2009.03.26 17:35:07 | 00,000,758 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\quelle.xml [2009.03.26 17:35:07 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml [2009.03.26 17:35:07 | 00,002,545 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\webnews.xml [2006.12.03 17:59:22 | 00,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2006.11.17 13:19:24 | 00,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml [2009.03.26 17:35:07 | 00,005,385 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yodl.xml |
O1 HOSTS File: (673 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 jL.chura.pl O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [ICQ Lite] C:\Program Files\ICQ51\ICQLite.exe (ICQ Ltd.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found O4 - HKCU..\RunOnce: [ICQ Lite] C:\Program Files\ICQ51\ICQLite.exe (ICQ Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ51\ICQLite.exe (ICQ Ltd.) O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQ51\ICQLite.exe (ICQ Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{04f80011-10cc-11de-89d0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found O33 - MountPoints2\{9a626434-5005-11dd-a396-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9a626434-5005-11dd-a396-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchBFII.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009.08.29 21:40:20 | 00,535,040 | ---- | C] (OldTimer Tools) -- C:\Users\Timon\Desktop\OTL.exe [2009.08.29 20:07:18 | 00,000,000 | ---D | C] -- C:\Users\Timon\AppData\Roaming\Malwarebytes [2009.08.29 20:07:13 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009.08.29 20:07:12 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009.08.29 20:07:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.08.29 20:07:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009.08.29 19:46:03 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity2 [2009.08.29 19:44:17 | 00,002,924 | ---- | C] () -- C:\Users\Timon\Desktop\exefix.vbs [2009.08.25 20:29:09 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2009.08.25 20:29:08 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2009.08.24 22:42:19 | 00,000,000 | ---- | C] () -- C:\Windows\SC.INS [2009.08.20 17:42:09 | 00,000,000 | ---D | C] -- C:\Windows\System32\ageia [2009.08.20 17:42:09 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2009.08.20 01:28:43 | 00,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.08.20 01:28:36 | 00,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.08.20 01:27:39 | 00,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.08.20 01:27:39 | 00,000,000 | ---D | C] -- C:\Users\Timon\AppData\Local\PunkBuster [2009.08.19 22:55:41 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP [2009.08.19 22:53:31 | 00,000,000 | ---D | C] -- C:\Users\Timon\Documents\Battlefield 2142 [2009.08.19 22:46:22 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2009.08.13 23:51:55 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2009.08.13 23:51:55 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll [2009.08.13 23:51:55 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll [2009.08.13 23:51:55 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll [2009.08.13 23:51:55 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll [2009.08.13 23:51:54 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys [2009.08.13 23:51:54 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll [2009.08.13 23:51:54 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe [2009.08.12 20:05:56 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll [2009.08.12 20:05:55 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll [2009.08.12 20:05:54 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll [2009.08.12 20:05:52 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2009.08.12 20:05:46 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll [2009.08.12 20:05:45 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll [2009.08.12 20:05:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2009.08.12 20:05:44 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2009.08.12 20:05:44 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2009.08.12 20:05:43 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2009.08.12 20:05:43 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2009.08.12 20:05:43 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2009.08.10 23:10:30 | 00,000,000 | ---D | C] -- C:\Program Files\Games-Masters.com [2009.08.10 22:43:36 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2009.08.10 22:43:35 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2009.08.10 22:43:35 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2009.08.10 22:43:35 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2009.08.10 22:43:35 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2009.08.10 22:43:35 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2009.08.10 22:43:34 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2009.08.10 22:43:32 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2009.08.10 22:30:23 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll [2009.08.10 22:30:21 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll [2009.08.10 22:30:19 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2009.08.10 22:30:03 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2009.08.10 22:29:50 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2009.08.01 22:41:56 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo [2009.07.31 18:35:31 | 03,583,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009.07.31 18:35:31 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009.07.31 18:35:30 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009.07.31 18:35:29 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009.07.31 18:35:29 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009.07.31 18:35:29 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009.07.31 18:35:29 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009.07.31 18:35:29 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009.07.31 18:35:28 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009.07.31 18:35:28 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009.07.31 18:35:28 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009.07.31 18:35:28 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009.07.31 18:35:28 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009.07.31 18:35:28 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009.07.31 18:35:28 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009.07.24 12:56:37 | 00,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.07.24 12:56:37 | 00,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.01.05 01:08:19 | 00,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.01.05 01:08:19 | 00,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.12.27 13:21:35 | 00,000,030 | ---- | C] () -- C:\Windows\CDMKR32.INI [2008.10.16 20:44:12 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.09.16 14:14:19 | 00,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2008.09.16 14:14:19 | 00,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2008.08.26 21:49:39 | 00,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.07.12 22:26:47 | 00,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2008.07.12 22:26:20 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.07.12 13:50:00 | 00,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.07.12 13:50:00 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.07.12 13:33:56 | 00,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.03.26 01:32:43 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.25 22:59:41 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.03.25 16:21:39 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.25 16:20:59 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2006.11.02 14:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2006.11.02 12:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.20 21:43:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2006.03.20 21:43:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2006.03.20 21:43:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2006.03.20 21:43:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2006.03.20 21:43:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2006.03.20 21:43:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2006.03.20 21:43:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2006.03.20 21:43:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2006.03.20 21:43:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2001.12.26 16:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1997.06.14 10:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll |
========== Files - Modified Within 30 Days ========== [2009.08.29 21:40:22 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Users\Timon\Desktop\OTL.exe [2009.08.29 21:37:26 | 00,218,795 | ---- | M] () -- C:\Users\Timon\AppData\Roaming\nvModes.001 [2009.08.29 21:36:57 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009.08.29 21:36:57 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009.08.29 21:36:57 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At22.job [2009.08.29 21:36:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009.08.29 21:36:49 | 00,000,673 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2009.08.29 21:36:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009.08.29 21:36:41 | 32,195,78880 | -HS- | M] () -- C:\hiberfil.sys [2009.08.29 21:35:16 | 02,807,287 | -H-- | M] () -- C:\Users\Timon\AppData\Local\IconCache.db [2009.08.29 21:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At94.job [2009.08.29 21:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At70.job [2009.08.29 21:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At46.job [2009.08.29 20:36:42 | 01,447,804 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009.08.29 20:36:42 | 00,628,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2009.08.29 20:36:42 | 00,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009.08.29 20:36:42 | 00,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2009.08.29 20:36:42 | 00,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009.08.29 20:17:34 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At68.job [2009.08.29 20:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At93.job [2009.08.29 20:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At69.job [2009.08.29 20:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At45.job [2009.08.29 20:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At21.job [2009.08.29 19:44:17 | 00,002,924 | ---- | M] () -- C:\Users\Timon\Desktop\exefix.vbs [2009.08.29 19:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At92.job [2009.08.29 19:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At44.job [2009.08.29 19:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At20.job [2009.08.29 01:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At74.job [2009.08.29 01:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At50.job [2009.08.29 01:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At26.job [2009.08.29 01:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At2.job [2009.08.29 00:58:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At25.job [2009.08.28 14:33:24 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At96.job [2009.08.27 23:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At72.job [2009.08.27 23:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At24.job [2009.08.27 22:59:59 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At48.job [2009.08.27 22:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At95.job [2009.08.27 22:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At71.job [2009.08.27 22:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At47.job [2009.08.27 22:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At23.job [2009.08.27 21:58:58 | 00,218,795 | ---- | M] () -- C:\Users\Timon\AppData\Roaming\nvModes.dat [2009.08.24 22:42:19 | 00,000,000 | ---- | M] () -- C:\Windows\SC.INS [2009.08.23 14:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At87.job [2009.08.23 14:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At63.job [2009.08.23 14:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At39.job [2009.08.23 14:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At15.job [2009.08.23 13:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At86.job [2009.08.23 13:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At62.job [2009.08.23 13:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At38.job [2009.08.23 13:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At14.job [2009.08.23 12:46:05 | 24,835,1297 | ---- | M] () -- C:\Windows\MEMORY.DMP [2009.08.23 00:38:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At73.job [2009.08.23 00:33:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At1.job [2009.08.23 00:30:59 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At49.job [2009.08.22 18:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At91.job [2009.08.22 18:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At67.job [2009.08.22 18:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At43.job [2009.08.22 18:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At19.job [2009.08.22 17:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At90.job [2009.08.22 17:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At66.job [2009.08.22 17:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At42.job [2009.08.22 17:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At18.job [2009.08.22 16:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At65.job [2009.08.22 16:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At17.job [2009.08.22 15:59:59 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At89.job [2009.08.22 15:59:59 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At41.job [2009.08.21 04:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At77.job [2009.08.21 04:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At53.job [2009.08.21 04:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At5.job [2009.08.21 04:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At29.job [2009.08.21 03:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At76.job [2009.08.21 03:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At52.job [2009.08.21 03:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At4.job [2009.08.21 03:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At28.job [2009.08.21 02:51:33 | 00,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.08.21 02:50:53 | 00,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe [2009.08.21 01:59:59 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At75.job [2009.08.21 01:59:59 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At51.job [2009.08.21 01:59:59 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At3.job [2009.08.21 01:59:59 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At27.job [2009.08.20 12:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At85.job [2009.08.20 12:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At61.job [2009.08.20 12:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At37.job [2009.08.20 12:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At13.job [2009.08.20 11:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At84.job [2009.08.20 11:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At60.job [2009.08.20 11:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At36.job [2009.08.20 11:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At12.job [2009.08.20 01:27:39 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe [2009.08.20 01:25:15 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2009.08.18 16:39:35 | 00,007,592 | ---- | M] () -- C:\Users\Timon\AppData\Local\d3d9caps.dat [2009.08.12 15:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At88.job [2009.08.12 15:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At64.job [2009.08.12 15:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At40.job [2009.08.12 15:00:00 | 00,000,354 | ---- | M] () -- C:\Windows\tasks\At16.job [2009.08.11 16:28:44 | 00,134,144 | ---- | M] () -- C:\Users\Timon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009.08.03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys < End of report > |
noch ein Quickscan von C: Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2713 Windows 6.0.6001 Service Pack 1 29.08.2009 21:46:03 mbam-log-2009-08-29 (21-46-03).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 87296 Laufzeit: 6 minute(s), 38 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Temp\VRT249F.tmp (Trojan.Agent) -> Quarantined and deleted successfully. |
scheinbar findet der immer wieder einen in Temp Malwarebytes' Anti-Malware 1.40 Datenbank Version: 2713 Windows 6.0.6001 Service Pack 1 29.08.2009 22:12:40 mbam-log-2009-08-29 (22-12-40).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 87504 Laufzeit: 4 minute(s), 26 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Temp\VRT18DC.tmp (Trojan.Agent) -> Quarantined and deleted successfully. |
Hi, ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. (ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix) lg myrtille |
also soll ich CCleaner runterladen und ausführen bevor ich ComboFix starte? |
ja, bitte. lg myrtille |
wenn ich combofix starte kommt ne fehlermeldung das ich ne neuere version benötige und ich mit einem virus infiziert bin oder so |
Hi, lade bitte combofix.exe zu virustotal.com hoch und poste das Ergebnis hier. lg myrtille |
Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.24 2009.08.29 - AhnLab-V3 5.0.0.2 2009.08.29 - AntiVir 7.9.1.7 2009.08.28 - Antiy-AVL 2.0.3.7 2009.08.24 - Authentium 5.1.2.4 2009.08.29 - Avast 4.8.1335.0 2009.08.29 - AVG 8.5.0.406 2009.08.29 - BitDefender 7.2 2009.08.30 - CAT-QuickHeal 10.00 2009.08.29 - ClamAV 0.94.1 2009.08.29 Pua.Hideexec Comodo 2124 2009.08.30 ApplicUnsaf.Win32.Hide.~AB DrWeb 5.0.0.12182 2009.08.30 BATCH.Virus eSafe 7.0.17.0 2009.08.27 - eTrust-Vet 31.6.6707 2009.08.28 - F-Prot 4.5.1.85 2009.08.29 - F-Secure 8.0.14470.0 2009.08.29 - Fortinet 3.120.0.0 2009.08.29 PossibleThreat GData 19 2009.08.30 - Ikarus T3.1.1.68.0 2009.08.29 - Jiangmin 11.0.800 2009.08.29 - K7AntiVirus 7.10.831 2009.08.29 - Kaspersky 7.0.0.125 2009.08.30 - McAfee 5724 2009.08.29 - McAfee+Artemis 5724 2009.08.29 - McAfee-GW-Edition 6.8.5 2009.08.30 - Microsoft 1.5005 2009.08.29 - NOD32 4380 2009.08.30 - Norman 2009.08.29 - nProtect 2009.1.8.0 2009.08.29 - Panda 10.0.2.2 2009.08.29 - PCTools 4.4.2.0 2009.08.29 - Prevx 3.0 2009.08.30 - Rising 21.44.40.00 2009.08.28 - Sophos 4.45.0 2009.08.29 NirCmd Sunbelt 3.2.1858.2 2009.08.29 - Symantec 1.4.4.12 2009.08.29 - TheHacker 6.3.4.3.391 2009.08.29 - TrendMicro 8.950.0.1094 2009.08.30 - VBA32 3.12.10.10 2009.08.29 - ViRobot 2009.8.28.1907 2009.08.28 - VirusBuster 4.6.5.0 2009.08.29 - habe ich eigl eine chance? oder lieber XP draufmachen und versuchen die treiber aufzutreiben^^ treiber auftreiben :P |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 20:42 Uhr. |
Copyright ©2000-2025, Trojaner-Board