Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.05.2012, 21:07   #1
Steini
 
AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen - Standard

AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen



Hallo.
Mein Rechner hat mir im Ordner AppData\Roaming eine Datei gemeldet, die anscheinend der Trojaner Spy.Gen sein soll. AntiVir hat probiert die Datei zu löschen, aber das hat nicht funktioniert. Nach einer kleinen Internetrecherche habe ich dann erstmal den Komplettscan von Malwarebytes laufen lassen. Der hat 8 Funde gehabt und konnte die anscheinend nach einem Neustart auch alle löschen. Zumindest hat der Quickscan nach dem Neustart keine Funde mehr gehabt. Ich habe probiert, mich an die Regeln zu halten, aber leider konnte ich diesen dds-Download nicht machen. Vielleicht weil ich gerade im Hochschulnetz unterwegs bin. Den Defogger habe ich laufen lassen. Einen Neustart wollte er nicht haben.
Die genauen Angaben von AntiVir kann ich leider nicht angeben, da ich nicht weiß, wo ich sie jetzt hernehmen soll. Nach dem durch Malwarebytes verordneten Neustart zeigt es den Fund nicht mehr an. Dafür aber zwei neue, die aber anscheinend behoben werden konnten. Zumindest wurden sie je nur einmal angezeigt und nicht immer wieder wie der Spy.Gen. Die Namen und den Fundort hab ich mir aber leider nicht gemerkt gerade eben. Ich versuche mal die Log-Dateien von Malwarebytes anzuhängen und hoffe, dass mir geholfen werden kann. Vielleicht ist der Rechner ja auch schon wieder sauber, aber hier steht ja überall, dass der Rechner nicht unbedingt sauber sein muss, wenn nichts mehr gefunden wird.
Bitte sagt mir was fehlt, wenn was fehlt, um mir zu helfen.
Viele Grüße und Danke im Voraus, Steini

---Log-Datei direkt nach dem Scan---
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.11.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Aktiviert

11.05.2012 18:33:25
mbam-log-2012-05-11 (20-20-37).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372925
Laufzeit: 1 Stunde(n), 43 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\***\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\***\Downloads\casinoaction.exe (PUP.Casino.Gen) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt.

(Ende)


---Log-Datei nachdem ich einen Haken an alle Funde gemacht habe und dann den Entfernen-Button geklickt habe---
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.11.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Aktiviert

11.05.2012 18:33:25
mbam-log-2012-05-11 (18-33-25).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372925
Laufzeit: 1 Stunde(n), 43 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\***\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\***\Downloads\casinoaction.exe (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.

(Ende)


---Log-Datei nach dem Quickscan nach Neustart---
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.11.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [Administrator]

Schutz: Aktiviert

11.05.2012 20:35:02
mbam-log-2012-05-11 (20-35-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206246
Laufzeit: 10 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 11.05.2012, 23:23   #2
kira
/// Helfer-Team
 
AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen - Standard

AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner - Installer herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira
__________________

__________________

Alt 12.05.2012, 16:40   #3
Steini
 
AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen - Standard

AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.05.2012 16:19:18 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\acer\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 60,65% Memory free
7,71 Gb Paging File | 5,91 Gb Available in Paging File | 76,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 60,49 Gb Free Space | 25,97% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\acer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla\Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla\Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla\Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla\Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla\Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\DRIVERS\AF15BDA.sys (ITETech                  )
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys (Realtek Semiconductor Corporation                           )
DRV - (NinjaUSB) -- C:\Windows\SysWOW64\drivers\NinjaUSB.sys ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.hotmail.com"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.04.15 19:51:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2011.05.08 12:15:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla\Thunderbird\components [2012.05.10 13:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\acer\AppData\Roaming\11023 [2012.05.11 18:57:55 | 000,000,000 | ---D | M]
 
[2010.12.20 21:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions
[2010.12.20 21:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.03 14:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions
[2010.07.16 14:05:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.29 22:23:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.16 00:43:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.10 09:09:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com
[2010.08.03 14:55:19 | 000,002,361 | ---- | M] () -- C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\6lqgvnj2.default\searchplugins\ecosia.xml
[2012.05.07 18:52:59 | 000,008,130 | ---- | M] () -- C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\6lqgvnj2.default\searchplugins\moviepilot.xml
[2012.05.03 14:02:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6LQGVNJ2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Performance Center] C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe -m File not found
O4 - HKLM..\Run: [StartCCC] C:\ATI\Update\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.173.245.9 131.173.245.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{149947A4-F016-49BC-A41C-3B369D5D0067}: DhcpNameServer = 131.173.245.9 131.173.245.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81DC895A-DA8A-4E4D-9E93-81090B43754A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\Shell - "" = AutoRun
O33 - MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{dba2c640-8110-11de-ba0f-00163689a870}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{fc191942-093d-11df-a274-00163689a870}\Shell\AutoRun\command - "" = w9hw8.exe
O33 - MountPoints2\{fc191942-093d-11df-a274-00163689a870}\Shell\open\Command - "" = w9hw8.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.12 16:17:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
[2012.05.11 18:57:55 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\11023
[2012.05.11 18:24:26 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Malwarebytes
[2012.05.11 18:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.11 18:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.11 18:24:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.11 18:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.11 18:17:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.10 11:36:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2012.05.10 11:36:32 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 11:36:31 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.10 11:36:31 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.10 11:36:31 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.10 11:36:31 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.10 11:36:12 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.08 17:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.05.08 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.05.08 17:33:25 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\11022
[2012.05.05 17:35:31 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\UAs
[2012.05.04 14:34:18 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\11021
[2012.05.02 07:56:12 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.05.02 07:56:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.05.02 07:56:08 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.05.02 07:56:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.05.02 07:56:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.05.02 07:56:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.05.02 07:56:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.05.02 07:56:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.05.02 07:56:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.05.02 07:56:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.05.02 07:56:03 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.05.01 20:37:45 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.05.01 19:43:42 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll
[2012.05.01 19:43:21 | 000,772,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2012.05.01 19:43:21 | 000,419,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2012.05.01 19:43:21 | 000,136,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl100.dll
[2012.05.01 19:43:21 | 000,080,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcm100u.dll
[2012.05.01 19:43:20 | 004,421,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc100u.dll
[2012.04.29 12:24:55 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\11019
[2012.04.16 11:38:26 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\11013
[2012.04.16 11:37:55 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\xmldm
[2012.04.16 11:37:54 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\kock
[2012.04.16 03:09:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.04.16 03:09:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.04.16 03:09:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.04.16 03:09:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.04.16 03:09:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.04.16 03:09:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.04.16 03:09:29 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.04.16 03:09:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.04.16 03:09:29 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.04.16 03:09:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.04.16 03:09:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.04.16 03:09:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.04.16 03:09:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.04.16 03:09:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.04.16 03:09:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.04.16 03:09:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.04.16 03:09:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.04.16 03:09:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.04.16 03:09:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.04.16 03:09:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.04.16 03:09:24 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.04.16 03:09:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.04.16 03:09:24 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.04.16 03:09:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.04.16 03:09:24 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012.04.16 03:09:24 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.04.16 03:09:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.04.16 03:09:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.04.16 03:09:18 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.04.16 03:09:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.04.16 03:09:18 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.04.16 03:09:17 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.04.16 03:09:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.04.16 03:09:17 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.04.16 03:09:17 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012.04.16 03:09:17 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.04.16 03:09:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.04.16 03:09:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.04.16 03:09:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.04.16 03:09:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.04.16 03:09:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.04.16 03:09:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.04.16 03:09:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.04.16 03:09:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.04.16 03:09:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.04.16 03:09:15 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.04.16 03:09:15 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.04.16 03:09:15 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.04.16 03:09:15 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.04.16 03:09:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.04.16 03:09:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.04.16 03:09:14 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.04.16 03:09:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.04.16 03:09:14 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.04.16 03:09:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.04.16 03:09:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.04.16 03:09:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.04.16 03:09:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.04.16 03:09:13 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.04.16 03:09:13 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.04.16 03:09:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.04.16 03:09:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.04.16 03:09:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.04.16 03:06:46 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2012.04.16 03:06:45 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2012.04.16 03:06:45 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2012.04.16 03:06:45 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2012.04.16 03:06:45 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2012.04.16 03:06:45 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2012.04.16 03:06:44 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012.04.16 03:06:44 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012.04.16 03:06:44 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012.04.16 03:06:44 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012.04.16 03:06:44 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012.04.16 03:06:44 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2012.04.16 03:06:44 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2012.04.16 03:06:43 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2012.04.16 03:06:43 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2012.04.16 03:06:43 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2012.04.16 03:06:42 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2012.04.16 03:06:36 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.04.16 03:06:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012.04.16 03:06:32 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.04.16 03:06:31 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2012.04.16 03:06:31 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2012.04.16 03:06:30 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2012.04.16 03:06:30 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2012.04.16 03:06:30 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2012.04.16 03:06:30 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012.04.16 03:06:30 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2012.04.16 03:06:29 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2012.04.16 03:06:29 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2012.04.16 03:06:29 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2012.04.16 03:06:29 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.04.16 03:06:27 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2012.04.16 03:06:27 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.04.16 03:06:27 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.04.16 03:06:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012.04.13 09:42:50 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.13 09:42:50 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.13 09:42:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ]
[1 C:\Users\acer\AppData\Roaming\*.tmp files -> C:\Users\acer\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.12 16:19:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.12 16:17:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
[2012.05.12 16:16:12 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 16:16:12 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 16:06:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.12 16:06:01 | 000,406,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.12 16:05:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.11 21:56:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.11 20:36:29 | 000,000,000 | ---- | M] () -- C:\Users\acer\defogger_reenable
[2012.05.11 19:44:59 | 000,050,477 | ---- | M] () -- C:\Users\acer\Desktop\Defogger.exe
[2012.05.11 18:57:49 | 000,007,360 | ---- | M] () -- C:\Users\acer\AppData\Roaming\BAcroIEHelpe120.dll
[2012.05.11 18:57:48 | 000,218,592 | ---- | M] () -- C:\Users\acer\AppData\Roaming\AcroIEHelpe120.dll
[2012.05.11 18:05:10 | 000,000,016 | ---- | M] () -- C:\Users\acer\AppData\Roaming\blckdom.res
[2012.05.10 14:50:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.05.05 15:09:37 | 000,000,680 | ---- | M] () -- C:\Users\acer\AppData\Local\d3d9caps.dat
[2012.05.03 14:21:10 | 000,000,668 | ---- | M] () -- C:\Users\acer\Desktop\Diplomarbeit.lnk
[2012.05.01 21:49:49 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.01 21:49:49 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.01 21:49:49 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.01 21:49:49 | 000,122,842 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.01 21:49:49 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.18 13:49:50 | 000,405,176 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.04.16 03:09:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012.04.16 03:09:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012.04.16 03:09:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012.04.16 03:09:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012.04.16 03:09:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.04.16 03:09:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.04.16 03:09:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.04.16 03:09:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.04.16 03:09:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.04.16 03:09:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.04.16 03:09:29 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.04.16 03:09:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.04.16 03:09:29 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.04.16 03:09:28 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.04.16 03:09:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.04.16 03:09:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.04.16 03:09:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.04.16 03:09:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.04.16 03:09:28 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.04.16 03:09:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.04.16 03:09:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.04.16 03:09:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.04.16 03:09:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.04.16 03:09:25 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.04.16 03:09:25 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.04.16 03:09:24 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.04.16 03:09:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.04.16 03:09:24 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.04.16 03:09:24 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.04.16 03:09:24 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012.04.16 03:09:24 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.04.16 03:09:24 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.04.16 03:09:24 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.04.16 03:09:18 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.04.16 03:09:18 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.04.16 03:09:18 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.04.16 03:09:18 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.04.16 03:09:17 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.04.16 03:09:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.04.16 03:09:17 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.04.16 03:09:17 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012.04.16 03:09:17 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.04.16 03:09:17 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.04.16 03:09:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.04.16 03:09:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.04.16 03:09:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.04.16 03:09:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.04.16 03:09:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.04.16 03:09:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.04.16 03:09:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.04.16 03:09:15 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.04.16 03:09:15 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.04.16 03:09:15 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.04.16 03:09:15 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.04.16 03:09:15 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.04.16 03:09:15 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.04.16 03:09:14 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.04.16 03:09:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.04.16 03:09:14 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.04.16 03:09:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.04.16 03:09:14 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.04.16 03:09:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.04.16 03:09:14 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.04.16 03:09:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.04.16 03:09:13 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.04.16 03:09:13 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.04.16 03:09:12 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.04.16 03:09:12 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.04.16 03:09:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.04.16 03:06:46 | 001,257,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2012.04.16 03:06:46 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2012.04.16 03:06:45 | 000,428,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2012.04.16 03:06:45 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2012.04.16 03:06:45 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2012.04.16 03:06:45 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2012.04.16 03:06:44 | 003,548,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012.04.16 03:06:44 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012.04.16 03:06:44 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012.04.16 03:06:44 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012.04.16 03:06:44 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012.04.16 03:06:44 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2012.04.16 03:06:44 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2012.04.16 03:06:43 | 001,204,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2012.04.16 03:06:43 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2012.04.16 03:06:43 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2012.04.16 03:06:42 | 000,748,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2012.04.16 03:06:36 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.04.16 03:06:36 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012.04.16 03:06:32 | 000,566,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.04.16 03:06:31 | 001,268,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2012.04.16 03:06:31 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2012.04.16 03:06:30 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2012.04.16 03:06:30 | 000,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2012.04.16 03:06:30 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2012.04.16 03:06:30 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012.04.16 03:06:30 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2012.04.16 03:06:29 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2012.04.16 03:06:29 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2012.04.16 03:06:29 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2012.04.16 03:06:29 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.04.16 03:06:27 | 003,068,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2012.04.16 03:06:27 | 001,653,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.04.16 03:06:27 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.04.16 03:06:27 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ]
[1 C:\Users\acer\AppData\Roaming\*.tmp files -> C:\Users\acer\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.11 20:36:29 | 000,000,000 | ---- | C] () -- C:\Users\acer\defogger_reenable
[2012.05.11 19:44:58 | 000,050,477 | ---- | C] () -- C:\Users\acer\Desktop\Defogger.exe
[2012.05.11 18:57:49 | 000,007,360 | ---- | C] () -- C:\Users\acer\AppData\Roaming\BAcroIEHelpe120.dll
[2012.05.11 18:57:48 | 000,218,592 | ---- | C] () -- C:\Users\acer\AppData\Roaming\AcroIEHelpe120.dll
[2012.05.03 14:21:10 | 000,000,668 | ---- | C] () -- C:\Users\acer\Desktop\Diplomarbeit.lnk
[2012.04.16 11:38:03 | 000,000,016 | ---- | C] () -- C:\Users\acer\AppData\Roaming\blckdom.res
[2012.04.16 03:09:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.04.16 03:09:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.07.23 00:00:29 | 000,000,157 | ---- | C] () -- C:\Users\acer\AppData\Local\svc2dll.dat
[2010.10.11 15:17:03 | 000,001,490 | ---- | C] () -- C:\Users\acer\AppData\Local\RecConfig.xml
[2010.07.14 22:24:16 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.05.2012 16:19:18 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\acer\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 60,65% Memory free
7,71 Gb Paging File | 5,91 Gb Available in Paging File | 76,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 60,49 Gb Free Space | 25,97% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 6A 45 96 C7 D7 E9 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0367972A-A65B-4881-AA28-9EDC069912DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{087B8FE2-7311-4BEB-AF0C-524FF1A46BC3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0E958350-E963-4F88-83E7-0D40B069A753}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1065F5E4-FA1F-41F7-BC46-62489EADEB43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1103CDFE-340E-4B04-8B9D-FF73CAB71EF8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{12C3DFD2-0CCC-4578-BC87-CB53A9A70376}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1BE4D439-C335-46BA-90CD-001C1E853A83}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1F13C911-0825-41D4-AB92-D6803415CA5A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{211DD3B1-2FB3-4C81-95EE-5ED5843C2E97}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{23D51A42-3087-4749-AC79-AD9568D5DAE4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{26D3E49D-17BB-40A9-88AF-05E68788107A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{29A6A1E1-242C-4297-B30C-4F216A86B99B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3841F094-016F-4C57-B820-469E22E395B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3F986C0C-18A5-4C55-B97D-3B1F9EA6CCA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4F0DB38F-58D5-498E-845D-974A3C8956DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5CD9C156-13A1-40F8-A47E-98839629D251}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{65A261CE-8829-44A5-8883-3B40CAE971C3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6D46504E-1CF1-4B10-9DD2-4E0FD336C0F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C384D40-5A07-4741-A04A-CB187039EF18}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ADD0EB09-AFE8-4E0C-ACC9-0991AD1EFCB4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B0FD0234-E7CF-47FE-8C9D-3EB17E0E88DC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CEE2329E-FED4-4596-BC6C-460B474E7FAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D9E40563-7FAB-44F7-BA9A-AEA99F35D388}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DEC07AC9-C66E-4515-A38F-72527DED8CE4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E4821BAA-5FE4-467D-8FF4-CB8A2FF54933}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F0731AB7-C349-4EB9-9C46-1DF578A88057}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{191325D0-44BE-438C-AA78-5A0654026C0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1CD918CC-4E73-42BC-9B47-CFF84EE6A51A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1EF07557-7EF0-4E39-A4E8-7CF99C0F247E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{205625EC-E620-40E9-B174-27D447181F26}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{2C467438-9209-48CA-98EC-FE2B1DB998F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3EF14FC6-40F1-4F6A-9174-6D75A071A6C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{631A91B2-28F3-4175-B877-F3B9A6C78220}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{650A51D9-ABAC-44E2-98C0-FE0D2702BC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6D6BDD67-821B-4149-93B9-F8D0F3A85B69}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{837966C1-997D-4CA9-8AD7-4618511D728D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{871833A3-641A-41CC-BEAF-27DAAD719F95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A3728FB-C768-4F02-B961-22155279D501}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8B99D4C6-B5CB-484B-B502-2E29F92E9A69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D90A929-E530-40D8-8210-CB49B3DAEFA6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8F889015-0A29-4928-869B-308FF2FF2033}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{94774BE6-6DD9-4798-9A1A-B626A35B5617}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{95C53F17-C83A-4419-8827-DAEAB33346FD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat | 
"{9C326B71-50C7-4672-900A-C39E5E3E3331}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat | 
"{A0EC8EAF-4CA0-430D-A001-E08636AF8B39}" = protocol=6 | dir=out | app=system | 
"{A4608754-6906-494C-A03D-247014461D13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A8123C92-18EB-4E7C-9E7D-CF67388E38D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B06CB572-4ED7-4B7C-859A-C9FCB0AEC629}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B0BE8C01-B63E-4D34-9991-42F9C8FF70FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{B9FFCCA9-4396-4D3C-9CD5-EF5B8B2D2A84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DA7647EF-B7A0-4E67-84C1-892425B0FF6B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{DBFDFAF3-09CC-45DA-9B51-6A8313DDC256}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA2AA23-D2B4-4C16-8945-C888E2574FAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F7C5729F-3FE8-4506-B97C-831E949DB5F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{0BDBCA74-E9B3-4E2C-9F10-73BF835ED5F6}C:\users\acer\appdata\local\svc2dll.exe" = protocol=6 | dir=in | app=c:\users\acer\appdata\local\svc2dll.exe | 
"TCP Query User{35A5C973-0B7B-4AAF-A865-130C32BD1C33}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"TCP Query User{3B0844EB-C79E-4687-82DB-F7089F7F8F81}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{4066F300-7E2D-46E2-A7EC-CA563336FE00}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe | 
"TCP Query User{662F7447-984B-481C-ABE3-9E5C701E63CE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{8FDAD9FC-0CA3-401A-96DD-3EB0D53849C2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{92F530D4-69D3-4808-B834-3CEE09196915}C:\users\acer\appdata\local\svc2dll.exe" = protocol=6 | dir=in | app=c:\users\acer\appdata\local\svc2dll.exe | 
"TCP Query User{CC37F4F8-8D81-4F34-BEB7-4EAE050F29AB}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{D0DCE4DF-DBBF-43A5-827B-44B103E1C7CC}C:\program files (x86)\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare\bearshare.exe | 
"TCP Query User{F028F91B-4F20-47D5-A598-A21CABE4E856}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe | 
"UDP Query User{12D7DDB4-BE7E-4399-9E37-0E583EDB2249}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{2E46EB0E-6D92-47F8-8C7F-A4766EC0A811}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{375839FF-83D6-4EA8-97E1-6D2A4A9C8883}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{47AD530C-5E3B-4C45-B2FB-033454FD5FA7}C:\program files (x86)\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare\bearshare.exe | 
"UDP Query User{61A8D2B4-7D0A-4B00-B66F-C52EE1356175}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe | 
"UDP Query User{660E7F48-D95E-40F9-ABBA-1FBB40E7F52A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{6E3E09AD-7FB1-49F5-BCFD-9419C82BD2F8}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe | 
"UDP Query User{84CDE5AE-C145-4374-8AAE-36F74CF3D5C1}C:\users\acer\appdata\local\svc2dll.exe" = protocol=17 | dir=in | app=c:\users\acer\appdata\local\svc2dll.exe | 
"UDP Query User{CC52662B-B256-4578-AB4B-2A075F0A995E}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
"UDP Query User{D5CE957F-DE5E-4D3F-B58C-0B204EEAD221}C:\users\acer\appdata\local\svc2dll.exe" = protocol=17 | dir=in | app=c:\users\acer\appdata\local\svc2dll.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5840FB7C-D53A-C906-4051-536F6621F3C6}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A116AC61-8223-C019-9F66-2FEBA27A9ABE}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"doPDF 7 printer_is1" = doPDF 7.1 printer
"FinePrint" = FinePrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0483BE07-260D-4E4D-815E-F737C0A72E40}" = Adobe Flash Player 10 ActiveX
"{08A1400E-E040-1C31-2E90-49ADACDCE8FF}" = Catalyst Control Center Graphics Light
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter Mobile
"{18F04681-FCB2-602E-DB5E-302F65268FBE}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212BB5C2-A702-6A1B-A964-C672D94B467D}" = Catalyst Control Center InstallProxy
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 30
"{3060F83F-3A04-DCD1-3BC4-35EC73164AF1}" = CCC Help English
"{3D3AFDE9-A3F1-4F1C-434A-9BC75604CE9D}" = Catalyst Control Center Graphics Full Existing
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}" = Opera 11.01
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{662E830F-830E-1644-9469-607CA1814F4F}" = Catalyst Control Center Core Implementation
"{6804F085-58B9-8E92-CB0F-769F730F0185}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CDA6D95-78B3-B62C-4E25-2E24883749E1}" = Catalyst Control Center Graphics Previews Vista
"{8F2F35B0-4019-4291-BBF5-121F51637FC7}" = VC80MFCRedist - 8.0.50727.4053
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D48818BC-744E-A732-BA1B-59043861F445}" = Catalyst Control Center Graphics Full New
"{D6987225-AECA-91BC-FA4B-9A2D812BF9D3}" = Catalyst Control Center HydraVision Full
"{DD9E3191-A37E-8A0D-D5A6-5D3C5A8AACBF}" = Skins
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.10.423
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.10.423
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.3.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"Google Updater" = Google Updater
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"PoiZone" = PoiZone
"RealAlt_is1" = Real Alternative 2.0.2
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"YTdetect" = Yahoo! Detect
"Zattoo4" = Zattoo4 4.0.4
 
========== Last 10 Event Log Errors ==========
 
[ OSession Events ]
Error - 20.05.2009 06:31:18 | Computer Name = acer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.05.2009 17:46:38 | Computer Name = acer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.05.2012 12:16:05 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.05.2012 12:16:05 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.05.2012 12:20:43 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.05.2012 12:20:43 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.05.2012 12:21:29 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.05.2012 12:21:29 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.05.2012 12:23:43 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.05.2012 12:23:43 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.05.2012 12:23:44 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.05.2012 12:23:44 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---


Code:
ATTFilter
7-Zip 4.65		27.04.2010	3,13MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	18.11.2011	2,96MB	10.3.181.26
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	10.10.2011		11.0.1.152
Adobe Reader 9 - Deutsch	Adobe Systems Incorporated	22.02.2009	232MB	9.0.0
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	22.02.2010		11.5.6.606
ATI Catalyst Install Manager	ATI Technologies, Inc.	19.05.2009	18,2MB	3.0.715.0
Avira AntiVir Personal - Free Antivirus	Avira GmbH	02.04.2012	132,1MB	10.2.0.707
CCleaner	Piriform	11.05.2012	8,97MB	3.18
CDBurnerXP	CDBurnerXP	26.04.2010	12,1MB	4.3.1.2101
DivX Codec	DivX, Inc.	23.04.2011	1,31MB	6.8.5
DivX Converter	DivX, Inc.	16.11.2010	37,1MB	7.0.0
DivX Converter Mobile	DivX, Inc.	19.11.2010	43,4MB	1.0.0
DivX Player	DivX, Inc.	23.04.2011	8,41MB	7.2.0
DivX Plus DirectShow Filters	DivX, Inc.	23.04.2011	1,22MB	
DivX Web Player	DivX,Inc.	23.04.2011	2,53MB	1.5.0
DivX-Setup	DivX, LLC	23.04.2011	2,13MB	2.5.0.8
doPDF 7.1 printer	Softland	14.08.2010	4,94MB	
FinePrint		03.01.2011		
FL Studio 9	Image-Line	10.03.2010	416MB	
Free Mp3 Wma Converter V 1.9	Koyote Soft	19.02.2010	5,20MB	1.9.0.0
Free MP4 Video Converter version 5.0.10.423	DVDVideoSoft Ltd.	30.04.2012	14,5MB	5.0.10.423
Free Video to MP3 Converter version 5.0.10.423	DVDVideoSoft Ltd.	30.04.2012	14,5MB	5.0.10.423
Free YouTube Download version 3.0.16.923	DVDVideoSoft Ltd.	28.09.2011	5,04MB	
Free YouTube to DVD Converter version 3.0.3.923	DVDVideoSoft Ltd.	28.09.2011	5,14MB	
Free YouTube to MP3 Converter version 3.11.20.423	DVDVideoSoft Ltd.	30.04.2012	3,38MB	3.11.20.423
Gigaflat	Bitrockers Inc.	19.02.2010	74,1MB	
Google Earth	Google	05.12.2011	92,8MB	6.1.0.5001
Google Updater	Google Inc.	10.05.2010	3,60MB	2.4.1739.5352
Hardcore	Image-Line	10.03.2010	7,34MB	
IL Download Manager	Image-Line	10.03.2010	4,27MB	
Java(TM) 6 Update 30	Sun Microsystems, Inc.	15.04.2009	94,5MB	6.0.300
LG USB Modem Drivers	LG Electronics	05.01.2011	1,02MB	4.9.4
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	10.05.2012	11,7MB	1.61.0.1400
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	02.05.2010	42,1MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	13.05.2009	32,4MB	
Microsoft Office Enterprise 2007	Microsoft Corporation	09.04.2012	1,11MB	12.0.6612.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	10.05.2012	7,95MB	14.0.5130.5003
Microsoft Office Live Add-in 1.5	Microsoft Corporation	07.05.2012	0,49MB	2.0.4024.1
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	30.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	08.12.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	19.05.2009	0,68MB	8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	22.05.2011	0,56MB	8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	25.08.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	23.05.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	23.08.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	28.11.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	22.06.2011	0,58MB	9.0.30729.6161
Mozilla Firefox 11.0 (x86 de)	Mozilla	14.04.2012	41,4MB	11.0
Mozilla Thunderbird 12.0.1 (x86 de)	Mozilla	09.05.2012	39,7MB	12.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	08.03.2010	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	08.03.2010	1,34MB	4.20.9876.0
Opera 11.01	Opera Software ASA	26.01.2011	28,1MB	11.01
PoiZone	Image-Line	10.03.2010	10,1MB	
QuickTime	Apple Inc.	19.12.2010	73,7MB	7.69.80.9
Real Alternative 2.0.2		07.06.2010	21,8MB	2.0.2
Sawer	Image-Line	10.03.2010	8,77MB	
Skype™ 4.0	Skype Technologies S.A.	06.03.2009	32,0MB	4.0.206
Toxic Biohazard	Image-Line	10.03.2010	10,6MB	
Uninstall 1.0.0.1		05.08.2010	30,8MB	
VLC media player 0.9.8a	VideoLAN Team	22.02.2009	60,9MB	0.9.8a
WinZip 14.0	WinZip Computing, S.L. 	10.03.2010	17,7MB	14.0.8708
Zattoo4 4.0.4	Zattoo Inc.	07.03.2010	40,2MB	4.0.4
         
Danke!
__________________

Alt 12.05.2012, 21:11   #4
kira
/// Helfer-Team
 
AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen - Standard

AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen



Systemreinigung und Prüfung:

1.
Windows Defender abschalten:
Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> Starttyp "Deaktiviert" auswählen

2.
war schon mal installiert...:
Code:
ATTFilter
Bearshare
         
die Nutzung der von Filesharing (Filesharing (deutsch "Dateifreigabe" oder "gemeinsamer Dateizugriff", wörtlich "Dateien teilen") )- Plattformen ...
Zitat:
Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!
Selbst wenn du glaubst, dass Du ein „sicheres“ P2P Programm verwendest, nicht mal das Programm selbst sicher, da Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!
Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen!

3.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2011.05.10 09:09:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\Shell - "" = AutoRun
O33 - MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O33 - MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\Shell\AutoRun\command - "" = G:\
O33 - MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{dba2c640-8110-11de-ba0f-00163689a870}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{fc191942-093d-11df-a274-00163689a870}\Shell\AutoRun\command - "" = w9hw8.exe
O33 - MountPoints2\{fc191942-093d-11df-a274-00163689a870}\Shell\open\Command - "" = w9hw8.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
[2012.05.12 16:19:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.12 16:06:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{35A5C973-0B7B-4AAF-A865-130C32BD1C33}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" =-
"TCP Query User{D0DCE4DF-DBBF-43A5-827B-44B103E1C7CC}C:\program files (x86)\bearshare\bearshare.exe" =-
"UDP Query User{2E46EB0E-6D92-47F8-8C7F-A4766EC0A811}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe" =-
"UDP Query User{47AD530C-5E3B-4C45-B2FB-033454FD5FA7}C:\program files (x86)\bearshare\bearshare.exe" =-

:Files
C:\Users\acer\AppData\Roaming\11023
C:\Users\acer\AppData\Roaming\11022
C:\Users\acer\AppData\Roaming\UAs
C:\Users\acer\AppData\Roaming\11021
C:\Users\acer\AppData\Roaming\11019
C:\Users\acer\AppData\Roaming\11019
C:\Users\acer\AppData\Roaming\11013
C:\Users\acer\AppData\Roaming\xmldm
C:\Users\acer\AppData\Roaming\kock
C:\Users\acer\AppData\Roaming\BAcroIEHelpe120.dll
C:\Users\acer\AppData\Roaming\AcroIEHelpe120.dll
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

4.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 32 " von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

5.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

6.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

7.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

8.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

9.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

10.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

11.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 15.05.2012, 10:28   #5
Steini
 
AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen - Standard

AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen



1.OTL Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\engine@conduit.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20cfb0a4-f0fb-11df-8a48-00163689a870}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20cfb0a4-f0fb-11df-8a48-00163689a870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20cfb0a4-f0fb-11df-8a48-00163689a870}\ not found.
File E:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{774739f5-ecc5-11de-9f29-00163689a870}\ not found.
File G:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{774739f5-ecc5-11de-9f29-00163689a870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{774739f5-ecc5-11de-9f29-00163689a870}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba2c640-8110-11de-ba0f-00163689a870}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dba2c640-8110-11de-ba0f-00163689a870}\ not found.
File WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc191942-093d-11df-a274-00163689a870}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc191942-093d-11df-a274-00163689a870}\ not found.
File w9hw8.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc191942-093d-11df-a274-00163689a870}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc191942-093d-11df-a274-00163689a870}\ not found.
File w9hw8.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\USBAutoRun.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{35A5C973-0B7B-4AAF-A865-130C32BD1C33}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D0DCE4DF-DBBF-43A5-827B-44B103E1C7CC}C:\program files (x86)\bearshare\bearshare.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2E46EB0E-6D92-47F8-8C7F-A4766EC0A811}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{47AD530C-5E3B-4C45-B2FB-033454FD5FA7}C:\program files (x86)\bearshare\bearshare.exe not found.
========== FILES ==========
C:\Users\acer\AppData\Roaming\11023\components folder moved successfully.
C:\Users\acer\AppData\Roaming\11023 folder moved successfully.
C:\Users\acer\AppData\Roaming\11022\components folder moved successfully.
C:\Users\acer\AppData\Roaming\11022 folder moved successfully.
C:\Users\acer\AppData\Roaming\UAs folder moved successfully.
C:\Users\acer\AppData\Roaming\11021\components folder moved successfully.
C:\Users\acer\AppData\Roaming\11021 folder moved successfully.
C:\Users\acer\AppData\Roaming\11019\components folder moved successfully.
C:\Users\acer\AppData\Roaming\11019 folder moved successfully.
File\Folder C:\Users\acer\AppData\Roaming\11019 not found.
C:\Users\acer\AppData\Roaming\11013\components folder moved successfully.
C:\Users\acer\AppData\Roaming\11013 folder moved successfully.
C:\Users\acer\AppData\Roaming\xmldm folder moved successfully.
C:\Users\acer\AppData\Roaming\kock folder moved successfully.
C:\Users\acer\AppData\Roaming\BAcroIEHelpe120.dll moved successfully.
File\Folder C:\Users\acer\AppData\Roaming\AcroIEHelpe120.dll not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\acer\Desktop\cmd.bat deleted successfully.
C:\Users\acer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: acer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1491078 bytes
->Java cache emptied: 72928166 bytes
->FireFox cache emptied: 54504009 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1882322 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 73586508 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 195,00 mb
 
 
OTL by OldTimer - Version 3.2.42.3 log created on 05142012_153052

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
SuperAntiSpyware Log:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/14/2012 at 06:30 PM

Application Version : 5.0.1148

Core Rules Database Version : 8590
Trace Rules Database Version: 6402

Scan type       : Complete Scan
Total Scan Time : 01:56:56

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned      : 623
Memory threats detected   : 0
Registry items scanned    : 64588
Registry threats detected : 0
File items scanned        : 57453
File threats detected     : 3

Adware.Tracking Cookie
	.olympiaverlag.122.2o7.net [ C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6LQGVNJ2.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6LQGVNJ2.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Krpytik
	C:\USERS\ACER\VIDEOS\GIGAFLAT\COMMAND AND CONQUER - ALARMSTUFE ROT 3 DER AUFSTAND\EXTRACTED\KEYGEN.EXE
         
ESET Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a2e35c8d7533b345b2a970efc0ba44a2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-14 10:29:26
# local_time=2012-05-15 12:29:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 266555 111923850 24472 0
# compatibility_mode=5892 16776574 100 56 63233457 174551192 0 0
# compatibility_mode=8192 67108863 100 0 473 473 0 0
# scanned=174910
# found=2
# cleaned=2
# scan_time=7280
C:\Users\acer\Downloads\Setup19_FreeConverter.exe	Win32/Toolbar.Widgi application (deleted - quarantined)	00000000000000000000000000000000	C
C:\_OTL\MovedFiles\05142012_153052\C_Users\acer\AppData\Roaming\BAcroIEHelpe120.dll	a variant of Win32/Spy.Banker.XSL trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         
OTL-Logs:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.05.2012 09:36:37 - Run 2
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\acer\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,42% Memory free
7,73 Gb Paging File | 5,91 Gb Available in Paging File | 76,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 67,01 Gb Free Space | 28,77% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.12 16:17:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
PRC - [2012.04.15 19:51:57 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla\Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.01 23:24:57 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 21:21:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.30 22:53:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.15 19:51:56 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla\Firefox\mozjs.dll
MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009.02.25 23:34:02 | 000,949,760 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008.01.21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.01 23:24:57 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 21:21:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011.07.01 23:24:58 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.01 23:24:58 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.07.14 22:20:18 | 000,507,392 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AF15BDA.sys -- (AF15BDA)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.09.05 14:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.04.11 07:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.02.26 01:00:20 | 005,265,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009.02.26 01:00:20 | 005,265,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.01.21 04:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008.01.21 04:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008.01.21 04:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2006.09.18 23:27:33 | 000,055,640 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys -- (RTL8023x64)
DRV - [2010.02.08 14:01:11 | 000,024,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\NinjaUSB.sys -- (NinjaUSB)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ecosia"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.hotmail.com"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla\Firefox\components [2012.04.15 19:51:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Firefox\plugins [2012.05.14 16:22:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla\Thunderbird\components [2012.05.10 13:59:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\acer\AppData\Roaming\11023
 
[2010.12.20 21:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions
[2010.12.20 21:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.14 15:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions
[2010.07.16 14:05:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.29 22:23:06 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.16 00:43:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\6lqgvnj2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.03 14:55:19 | 000,002,361 | ---- | M] () -- C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\6lqgvnj2.default\searchplugins\ecosia.xml
[2012.05.07 18:52:59 | 000,008,130 | ---- | M] () -- C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\6lqgvnj2.default\searchplugins\moviepilot.xml
[2012.05.03 14:02:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ACER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6LQGVNJ2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\ATI\Update\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Program Files\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{149947A4-F016-49BC-A41C-3B369D5D0067}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81DC895A-DA8A-4E4D-9E93-81090B43754A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.14 16:22:18 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.14 16:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.05.14 16:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.14 16:20:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.14 16:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.14 16:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.14 16:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.05.14 16:18:36 | 000,772,552 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.05.14 16:18:36 | 000,227,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.05.14 16:18:18 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.05.14 16:18:18 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.05.14 15:30:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.12 16:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.12 16:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.12 16:35:43 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\acer\Desktop\ccsetup318.exe
[2012.05.12 16:17:17 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
[2012.05.11 18:24:26 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Roaming\Malwarebytes
[2012.05.11 18:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.11 18:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.11 18:24:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.11 18:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.10 11:36:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2012.05.10 11:36:32 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 11:36:31 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.10 11:36:31 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.10 11:36:31 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.10 11:36:31 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.10 11:36:12 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.08 17:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.05.08 17:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.05.02 07:56:12 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.05.02 07:56:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.05.02 07:56:08 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.05.02 07:56:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.05.02 07:56:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.05.02 07:56:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.05.02 07:56:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.05.02 07:56:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.05.02 07:56:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.05.02 07:56:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.05.02 07:56:03 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.05.01 20:37:45 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.05.01 19:43:42 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll
[2012.05.01 19:43:21 | 000,772,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2012.05.01 19:43:21 | 000,419,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2012.05.01 19:43:21 | 000,136,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl100.dll
[2012.05.01 19:43:21 | 000,080,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcm100u.dll
[2012.05.01 19:43:20 | 004,421,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc100u.dll
[2012.04.16 03:09:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.04.16 03:09:30 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.04.16 03:09:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.04.16 03:09:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.04.16 03:09:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.04.16 03:09:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.04.16 03:09:29 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.04.16 03:09:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.04.16 03:09:29 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.04.16 03:09:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.04.16 03:09:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.04.16 03:09:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.04.16 03:09:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.04.16 03:09:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.04.16 03:09:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.04.16 03:09:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.04.16 03:09:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.04.16 03:09:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.04.16 03:09:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.04.16 03:09:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.04.16 03:09:24 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.04.16 03:09:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.04.16 03:09:24 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.04.16 03:09:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.04.16 03:09:24 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012.04.16 03:09:24 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.04.16 03:09:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.04.16 03:09:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.04.16 03:09:18 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.04.16 03:09:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.04.16 03:09:18 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.04.16 03:09:17 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.04.16 03:09:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.04.16 03:09:17 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.04.16 03:09:17 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012.04.16 03:09:17 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.04.16 03:09:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.04.16 03:09:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.04.16 03:09:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.04.16 03:09:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.04.16 03:09:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.04.16 03:09:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.04.16 03:09:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.04.16 03:09:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.04.16 03:09:15 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.04.16 03:09:15 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.04.16 03:09:15 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.04.16 03:09:15 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.04.16 03:09:15 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.04.16 03:09:15 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.04.16 03:09:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.04.16 03:09:14 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.04.16 03:09:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.04.16 03:09:14 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.04.16 03:09:14 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.04.16 03:09:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.04.16 03:09:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.04.16 03:09:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.04.16 03:09:13 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.04.16 03:09:13 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.04.16 03:09:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.04.16 03:09:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.04.16 03:09:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.04.16 03:06:46 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2012.04.16 03:06:45 | 001,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2012.04.16 03:06:45 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2012.04.16 03:06:45 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2012.04.16 03:06:45 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2012.04.16 03:06:45 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2012.04.16 03:06:44 | 003,548,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012.04.16 03:06:44 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012.04.16 03:06:44 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012.04.16 03:06:44 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012.04.16 03:06:44 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012.04.16 03:06:44 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2012.04.16 03:06:44 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2012.04.16 03:06:43 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2012.04.16 03:06:43 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2012.04.16 03:06:43 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2012.04.16 03:06:42 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2012.04.16 03:06:36 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.04.16 03:06:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012.04.16 03:06:32 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.04.16 03:06:31 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2012.04.16 03:06:31 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2012.04.16 03:06:30 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2012.04.16 03:06:30 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2012.04.16 03:06:30 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2012.04.16 03:06:30 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012.04.16 03:06:30 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2012.04.16 03:06:29 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2012.04.16 03:06:29 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2012.04.16 03:06:29 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2012.04.16 03:06:29 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.04.16 03:06:27 | 003,068,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2012.04.16 03:06:27 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.04.16 03:06:27 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.04.16 03:06:27 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[1 C:\Users\acer\AppData\Roaming\*.tmp files -> C:\Users\acer\AppData\Roaming\*.tmp -> ]
[1 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.15 09:36:11 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.15 09:36:11 | 000,005,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.15 09:13:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.14 18:43:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.14 16:22:05 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.05.14 16:21:11 | 000,001,716 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.14 16:17:50 | 000,227,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.05.14 16:17:50 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.05.14 16:17:50 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.05.14 16:17:49 | 000,772,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.05.14 16:17:49 | 000,687,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.05.14 15:29:37 | 000,330,634 | ---- | M] () -- C:\Users\acer\Desktop\cc_20120514_152843.reg
[2012.05.14 14:50:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.05.12 16:35:49 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\acer\Desktop\ccsetup318.exe
[2012.05.12 16:17:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
[2012.05.12 16:06:01 | 000,406,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.11 20:36:29 | 000,000,000 | ---- | M] () -- C:\Users\acer\defogger_reenable
[2012.05.11 19:44:59 | 000,050,477 | ---- | M] () -- C:\Users\acer\Desktop\Defogger.exe
[2012.05.11 18:05:10 | 000,000,016 | ---- | M] () -- C:\Users\acer\AppData\Roaming\blckdom.res
[2012.05.05 15:09:37 | 000,000,680 | ---- | M] () -- C:\Users\acer\AppData\Local\d3d9caps.dat
[2012.05.03 14:21:10 | 000,000,668 | ---- | M] () -- C:\Users\acer\Desktop\Diplomarbeit.lnk
[2012.05.01 21:49:49 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.01 21:49:49 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.01 21:49:49 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.01 21:49:49 | 000,122,842 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.01 21:49:49 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.18 13:49:50 | 000,405,176 | ---- | M] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.04.16 03:09:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012.04.16 03:09:52 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012.04.16 03:09:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012.04.16 03:09:52 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012.04.16 03:09:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.04.16 03:09:30 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.04.16 03:09:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.04.16 03:09:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.04.16 03:09:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.04.16 03:09:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.04.16 03:09:29 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.04.16 03:09:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.04.16 03:09:29 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.04.16 03:09:28 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.04.16 03:09:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.04.16 03:09:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.04.16 03:09:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.04.16 03:09:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.04.16 03:09:28 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.04.16 03:09:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.04.16 03:09:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.04.16 03:09:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.04.16 03:09:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.04.16 03:09:25 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.04.16 03:09:25 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.04.16 03:09:24 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.04.16 03:09:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.04.16 03:09:24 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.04.16 03:09:24 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.04.16 03:09:24 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2012.04.16 03:09:24 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.04.16 03:09:24 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.04.16 03:09:24 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.04.16 03:09:18 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.04.16 03:09:18 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.04.16 03:09:18 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.04.16 03:09:18 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.04.16 03:09:17 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.04.16 03:09:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.04.16 03:09:17 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.04.16 03:09:17 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2012.04.16 03:09:17 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.04.16 03:09:17 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.04.16 03:09:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.04.16 03:09:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.04.16 03:09:16 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.04.16 03:09:16 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.04.16 03:09:16 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.04.16 03:09:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.04.16 03:09:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.04.16 03:09:15 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.04.16 03:09:15 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.04.16 03:09:15 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.04.16 03:09:15 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.04.16 03:09:15 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.04.16 03:09:15 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.04.16 03:09:14 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.04.16 03:09:14 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.04.16 03:09:14 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.04.16 03:09:14 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.04.16 03:09:14 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.04.16 03:09:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.04.16 03:09:14 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.04.16 03:09:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.04.16 03:09:13 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.04.16 03:09:13 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.04.16 03:09:12 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.04.16 03:09:12 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.04.16 03:09:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.04.16 03:06:46 | 001,257,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFH264Dec.dll
[2012.04.16 03:06:46 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFH264Dec.dll
[2012.04.16 03:06:45 | 000,428,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFHEAACdec.dll
[2012.04.16 03:06:45 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4src.dll
[2012.04.16 03:06:45 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFHEAACdec.dll
[2012.04.16 03:06:45 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4src.dll
[2012.04.16 03:06:44 | 003,548,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012.04.16 03:06:44 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012.04.16 03:06:44 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012.04.16 03:06:44 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012.04.16 03:06:44 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012.04.16 03:06:44 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2012.04.16 03:06:44 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2012.04.16 03:06:43 | 001,204,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2012.04.16 03:06:43 | 000,278,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2012.04.16 03:06:43 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2012.04.16 03:06:42 | 000,748,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2012.04.16 03:06:36 | 000,479,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.04.16 03:06:36 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012.04.16 03:06:32 | 000,566,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.04.16 03:06:31 | 001,268,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2012.04.16 03:06:31 | 000,287,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2012.04.16 03:06:30 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2012.04.16 03:06:30 | 000,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2012.04.16 03:06:30 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2012.04.16 03:06:30 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012.04.16 03:06:30 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2012.04.16 03:06:29 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsservices.dll
[2012.04.16 03:06:29 | 001,461,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2012.04.16 03:06:29 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2012.04.16 03:06:29 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.04.16 03:06:27 | 003,068,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xpsservices.dll
[2012.04.16 03:06:27 | 001,653,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.04.16 03:06:27 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.04.16 03:06:27 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[1 C:\Users\acer\AppData\Roaming\*.tmp files -> C:\Users\acer\AppData\Roaming\*.tmp -> ]
[1 C:\Users\acer\AppData\Local\*.tmp files -> C:\Users\acer\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.14 16:22:05 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.05.14 16:22:04 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.05.14 16:21:11 | 000,001,716 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.14 15:29:05 | 000,330,634 | ---- | C] () -- C:\Users\acer\Desktop\cc_20120514_152843.reg
[2012.05.11 20:36:29 | 000,000,000 | ---- | C] () -- C:\Users\acer\defogger_reenable
[2012.05.11 19:44:58 | 000,050,477 | ---- | C] () -- C:\Users\acer\Desktop\Defogger.exe
[2012.05.03 14:21:10 | 000,000,668 | ---- | C] () -- C:\Users\acer\Desktop\Diplomarbeit.lnk
[2012.04.16 11:38:03 | 000,000,016 | ---- | C] () -- C:\Users\acer\AppData\Roaming\blckdom.res
[2012.04.16 03:09:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.04.16 03:09:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.07.23 00:00:29 | 000,000,157 | ---- | C] () -- C:\Users\acer\AppData\Local\svc2dll.dat
[2010.10.11 15:17:03 | 000,001,490 | ---- | C] () -- C:\Users\acer\AppData\Local\RecConfig.xml
[2010.07.14 22:24:16 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
 
========== LOP Check ==========
 
[2010.09.11 00:30:14 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\avidemux
[2010.04.27 10:09:50 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Canneverbe Limited
[2012.05.01 20:38:02 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DVDVideoSoft
[2012.05.01 20:37:55 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.02.20 17:29:42 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\FreeAudioPack
[2010.02.20 17:32:41 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\FreeCDRipper
[2009.02.26 23:32:46 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\ICQ
[2010.11.21 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\LG Electronics
[2010.03.08 05:32:51 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\MAGIX
[2010.05.11 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Opera
[2010.10.18 22:30:20 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\ScummVM
[2010.08.15 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Softland
[2011.11.19 02:18:52 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Sony
[2010.11.09 23:21:13 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\SuperEasy Software
[2010.12.20 21:40:21 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Thunderbird
[2009.12.14 18:31:29 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\WordToPDF
[2012.05.14 18:43:34 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.05.2012 09:36:37 - Run 2
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\acer\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,42% Memory free
7,73 Gb Paging File | 5,91 Gb Available in Paging File | 76,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 67,01 Gb Free Space | 28,77% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 6A 45 96 C7 D7 E9 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0367972A-A65B-4881-AA28-9EDC069912DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{087B8FE2-7311-4BEB-AF0C-524FF1A46BC3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0E958350-E963-4F88-83E7-0D40B069A753}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1065F5E4-FA1F-41F7-BC46-62489EADEB43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1103CDFE-340E-4B04-8B9D-FF73CAB71EF8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{12C3DFD2-0CCC-4578-BC87-CB53A9A70376}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1BE4D439-C335-46BA-90CD-001C1E853A83}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1F13C911-0825-41D4-AB92-D6803415CA5A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{211DD3B1-2FB3-4C81-95EE-5ED5843C2E97}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{23D51A42-3087-4749-AC79-AD9568D5DAE4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{26D3E49D-17BB-40A9-88AF-05E68788107A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{29A6A1E1-242C-4297-B30C-4F216A86B99B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3841F094-016F-4C57-B820-469E22E395B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3F986C0C-18A5-4C55-B97D-3B1F9EA6CCA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4F0DB38F-58D5-498E-845D-974A3C8956DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5CD9C156-13A1-40F8-A47E-98839629D251}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{65A261CE-8829-44A5-8883-3B40CAE971C3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6D46504E-1CF1-4B10-9DD2-4E0FD336C0F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C384D40-5A07-4741-A04A-CB187039EF18}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ADD0EB09-AFE8-4E0C-ACC9-0991AD1EFCB4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B0FD0234-E7CF-47FE-8C9D-3EB17E0E88DC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CEE2329E-FED4-4596-BC6C-460B474E7FAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D9E40563-7FAB-44F7-BA9A-AEA99F35D388}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DEC07AC9-C66E-4515-A38F-72527DED8CE4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E4821BAA-5FE4-467D-8FF4-CB8A2FF54933}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F0731AB7-C349-4EB9-9C46-1DF578A88057}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{191325D0-44BE-438C-AA78-5A0654026C0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1CD918CC-4E73-42BC-9B47-CFF84EE6A51A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1EF07557-7EF0-4E39-A4E8-7CF99C0F247E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{205625EC-E620-40E9-B174-27D447181F26}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{2C467438-9209-48CA-98EC-FE2B1DB998F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3EF14FC6-40F1-4F6A-9174-6D75A071A6C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{631A91B2-28F3-4175-B877-F3B9A6C78220}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{650A51D9-ABAC-44E2-98C0-FE0D2702BC7B}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6D6BDD67-821B-4149-93B9-F8D0F3A85B69}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{837966C1-997D-4CA9-8AD7-4618511D728D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{871833A3-641A-41CC-BEAF-27DAAD719F95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A3728FB-C768-4F02-B961-22155279D501}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8B99D4C6-B5CB-484B-B502-2E29F92E9A69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D90A929-E530-40D8-8210-CB49B3DAEFA6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8F889015-0A29-4928-869B-308FF2FF2033}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{94774BE6-6DD9-4798-9A1A-B626A35B5617}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A0EC8EAF-4CA0-430D-A001-E08636AF8B39}" = protocol=6 | dir=out | app=system | 
"{A4608754-6906-494C-A03D-247014461D13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A8123C92-18EB-4E7C-9E7D-CF67388E38D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B06CB572-4ED7-4B7C-859A-C9FCB0AEC629}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B0BE8C01-B63E-4D34-9991-42F9C8FF70FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{B9FFCCA9-4396-4D3C-9CD5-EF5B8B2D2A84}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DA7647EF-B7A0-4E67-84C1-892425B0FF6B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{DBFDFAF3-09CC-45DA-9B51-6A8313DDC256}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA2AA23-D2B4-4C16-8945-C888E2574FAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F7C5729F-3FE8-4506-B97C-831E949DB5F2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{4066F300-7E2D-46E2-A7EC-CA563336FE00}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe | 
"TCP Query User{8FDAD9FC-0CA3-401A-96DD-3EB0D53849C2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{F028F91B-4F20-47D5-A598-A21CABE4E856}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe | 
"UDP Query User{375839FF-83D6-4EA8-97E1-6D2A4A9C8883}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{61A8D2B4-7D0A-4B00-B66F-C52EE1356175}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe | 
"UDP Query User{6E3E09AD-7FB1-49F5-BCFD-9419C82BD2F8}C:\program files (x86)\mozilla\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla\firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5840FB7C-D53A-C906-4051-536F6621F3C6}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A116AC61-8223-C019-9F66-2FEBA27A9ABE}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"CCleaner" = CCleaner
"doPDF 7 printer_is1" = doPDF 7.1 printer
"FinePrint" = FinePrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0483BE07-260D-4E4D-815E-F737C0A72E40}" = Adobe Flash Player 10 ActiveX
"{08A1400E-E040-1C31-2E90-49ADACDCE8FF}" = Catalyst Control Center Graphics Light
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter Mobile
"{18F04681-FCB2-602E-DB5E-302F65268FBE}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212BB5C2-A702-6A1B-A964-C672D94B467D}" = Catalyst Control Center InstallProxy
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{3060F83F-3A04-DCD1-3BC4-35EC73164AF1}" = CCC Help English
"{3D3AFDE9-A3F1-4F1C-434A-9BC75604CE9D}" = Catalyst Control Center Graphics Full Existing
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}" = Opera 11.01
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{662E830F-830E-1644-9469-607CA1814F4F}" = Catalyst Control Center Core Implementation
"{6804F085-58B9-8E92-CB0F-769F730F0185}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CDA6D95-78B3-B62C-4E25-2E24883749E1}" = Catalyst Control Center Graphics Previews Vista
"{8F2F35B0-4019-4291-BBF5-121F51637FC7}" = VC80MFCRedist - 8.0.50727.4053
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D48818BC-744E-A732-BA1B-59043861F445}" = Catalyst Control Center Graphics Full New
"{D6987225-AECA-91BC-FA4B-9A2D812BF9D3}" = Catalyst Control Center HydraVision Full
"{DD9E3191-A37E-8A0D-D5A6-5D3C5A8AACBF}" = Skins
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.10.423
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.10.423
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.3.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"Google Updater" = Google Updater
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"PoiZone" = PoiZone
"RealAlt_is1" = Real Alternative 2.0.2
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"YTdetect" = Yahoo! Detect
"Zattoo4" = Zattoo4 4.0.4
 
========== Last 10 Event Log Errors ==========
 
[ OSession Events ]
Error - 20.05.2009 06:31:18 | Computer Name = acer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.05.2009 17:46:38 | Computer Name = acer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.05.2012 07:37:04 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 14.05.2012 07:39:15 | Computer Name = acer-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.05.2012 07:39:16 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 14.05.2012 07:39:16 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.05.2012 07:41:51 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 14.05.2012 07:41:55 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.05.2012 10:21:29 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 14.05.2012 10:21:29 | Computer Name = acer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.05.2012 10:21:31 | Computer Name = acer-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.05.2012 12:34:16 | Computer Name = acer-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 131.173.192.147 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF709A06 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
 
< End of report >
         
--- --- ---


Hallo.
Den eigentlichen Trojaner hat mein AntiVir nicht mehr gefunden, aber noch 1 oder 2 mal etwas anderes. Das waren auch anscheinend auch Trojaner. Der Rechner läuft ansonsten ohne Probleme.
Vielen Dank für die bisherige Hilfe, Steini


Alt 15.05.2012, 10:57   #6
kira
/// Helfer-Team
 
AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen - Standard

AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen



ohje...ohje:
- Das Installieren von Raubkopien ist eine ziemlich sichere Methode, ein Rechner zu infizieren
- Ich beführte dass Du Dein Problem nur lösen kannst, wenn du dein System neu installierst, da geht`s um:
Zitat:
C:\USERS\ACER\VIDEOS\GIGAFLAT\COMMAND AND CONQUER - ALARMSTUFE ROT 3 DER AUFSTAND\EXTRACTED\KEYGEN.EXE
"Solche Programme" enthalten immer besonders viele und gefährliche Schadprogramme, sollte man die Finger davon lassen!
** Du solltest in so einem Fall mal dein Konsummuster überdenken
Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Support an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten (ohne cracks & Keygens!) und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung!
Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...
-> Forumregel!

Zitat:
Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.
__________________
--> AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen

Alt 15.05.2012, 13:58   #7
Steini
 
AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen - Standard

AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen



Alles klar, wusste nicht mehr dass das noch auf dem Rechner ist(Das hört ihr wahrscheinlich häufiger). Ich danke auf jeden Fall für die Hilfe. Kann das Verhalten vom Trojaner-Board oder dir im Speziellen gut verstehen. Werd mal schauen, ob ich das Neuinstallieren hinkriege.
Nochmals vielen Dank, Steini

Alt 16.05.2012, 08:38   #8
kira
/// Helfer-Team
 
AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen - Standard

AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen



Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

Lesestoff Nr.1:
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen
administrator, anti-malware, antivir, appdata, autostart, browser, datei, dateisystem, explorer, gelöscht, helper, heuristiks/extra, heuristiks/shuriken, löschen, malwarebytes, microsoft, namen, neue, neustart, nicht mehr, ordner, rechner, scan, software, spy.gen, spy.gen., trojaner, unbedingt, vista



Ähnliche Themen: AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen


  1. Win 7: Antivir lässt sich nicht mehr öffnen und ich habe "One-Klick-Fishing"-Versuche auf Videos z.B. Facebook
    Log-Analyse und Auswertung - 04.11.2015 (33)
  2. Windows 7 32-Bit: Antivir stellt Trojaner "TR/Sirefef.AB.78" fest. Lässt sich nicht löschen
    Log-Analyse und Auswertung - 04.06.2015 (23)
  3. Laptop ruckelt nur noch, Iminent lässt sich nicht löschen und Radio schaltet sich alleine an und aus und lässt sich ebenfalls nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.06.2014 (3)
  4. Internetstartseite hat sich geändert in "Quick Start" und lässt sich nicht ändern
    Plagegeister aller Art und deren Bekämpfung - 13.04.2014 (9)
  5. Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.02.2014 (19)
  6. Emsisoft fund Application.Win32.InstallAd (A) und lässt sich nicht quarantäne schieben oder löschen
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (21)
  7. Ask Toobar lässt sich nicht deinstallieren + die Seite: "http://rvzr-a.akamaihd.net" öffnet sich ständig - Was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 03.12.2013 (13)
  8. Firefox "Neuer Tab": mixidj.delta-search.com, lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (24)
  9. Avira Fund "js/obfuscated.cf" und gleich darauf ""TR/SPY.KeyLogger.301" fund auf vista
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (19)
  10. Trojaner "TR/PSW.Papras.AB" gefunden, lässt sich jedoch nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (13)
  11. Antivir-Fund in "C:\Windows\myproc.dll" und "C:\Windows\security\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 22.04.2009 (4)
  12. Spion "URLSearchHook" lässt sich nicht löschen!
    Plagegeister aller Art und deren Bekämpfung - 07.10.2008 (5)
  13. Helios Lite gibt für Registry-Key "Acess Denied" aus und key lässt sich nicht löschen
    Antiviren-, Firewall- und andere Schutzprogramme - 20.06.2008 (20)
  14. in temporary internet files" ordner lässt sich eine datei nicht löschen.trojaner?
    Plagegeister aller Art und deren Bekämpfung - 16.06.2008 (4)
  15. Virusbefallener Ordner lässt sich nicht löschen -.-"
    Plagegeister aller Art und deren Bekämpfung - 03.01.2007 (6)
  16. Gelöschte Datei lässt sich nicht "entgültig" löschen
    Alles rund um Windows - 08.03.2006 (2)
  17. Startseite: "searchfor" lässt sich nicht löschen. Außerdem lässtige Nachrichtena
    Log-Analyse und Auswertung - 10.01.2005 (7)

Zum Thema AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen - Hallo. Mein Rechner hat mir im Ordner AppData\Roaming eine Datei gemeldet, die anscheinend der Trojaner Spy.Gen sein soll. AntiVir hat probiert die Datei zu löschen, aber das hat nicht funktioniert. - AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen...
Archiv
Du betrachtest: AntiVir-Fund "TR\Spy.Gen" lässt sich nicht löschen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.