Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme

Antiviren-, Firewall- und andere Schutzprogramme: Generic PUP.i

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 25.06.2010, 11:56   #1
LeJa
 
Generic PUP.i - Standard

Generic PUP.i



Hallo ihr Lieben,

heute meldet sich mein McAfee nach einer Systemprüfung und zeigt "Generic PUP.i" als potenziell unerwünschtes Programm an und zwar im Element: C:\Program files (x86)\PSCS\datasymserv.exe

Ich habe schon einige Suchmaschinen durchgeschaut aber leider bin ich nicht fündig geworden um was es sich hier handelt.

Kann mir hier jemand sagen was das ist?

Danke schon mal vorab.

Grüße Lena

Alt 25.06.2010, 17:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Generic PUP.i - Standard

Generic PUP.i



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 29.06.2010, 15:07   #3
LeJa
 
Generic PUP.i - Standard

Generic PUP.i



Log Malwarebytes (Infizierte Datei wurde entfernt)


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4253

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.06.2010 14:39:05
mbam-log-2010-06-29 (14-39-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 273252
Laufzeit: 1 Stunde(n), 12 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{B59BDB21-7B82-47D6-9913-88165B6F06E4}-actualspy.exe (Application.ActualSpy) -> No action taken.
         
Log OTL

Code:
ATTFilter
OTL logfile created on: 29.06.2010 14:57:56 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Xxy\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 226,50 Gb Free Space | 79,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXY-PC
Current User Name: Xxy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Xxy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - c:\PROGRA~2\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Xxy\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (Radio.fx) -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (McProxy) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.)
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mwlPSDVDisk) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDVdisk.sys (Egis Technology Inc.)
DRV - (mwlPSDNServ) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDNServ.sys (Egis Technology Inc.)
DRV - (mwlPSDFilter) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDFilter.sys (Egis Technology Inc.)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i716l0378z165t4791a676
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i716l0378z165t4791a676
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i716l0378z165t4791a676
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i716l0378z165t4791a676
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i716l0378z165t4791a676
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7540&r=27361109i716l0378z165t4791a676
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://www.schnaeppchenfuchs.com/blog/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.25 12:06:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.25 12:06:00 | 000,000,000 | ---D | M]
 
[2009.11.12 22:21:15 | 000,000,000 | ---D | M] -- C:\Users\Xxy\AppData\Roaming\mozilla\Extensions
[2010.06.29 10:10:11 | 000,000,000 | ---D | M] -- C:\Users\Xxy\AppData\Roaming\mozilla\Firefox\Profiles\8jmwrrki.default\extensions
[2010.05.08 19:33:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Xxy\AppData\Roaming\mozilla\Firefox\Profiles\8jmwrrki.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.08 19:33:40 | 000,000,000 | ---D | M] -- C:\Users\Xxy\AppData\Roaming\mozilla\Firefox\Profiles\8jmwrrki.default\extensions\firebug@software.joehewitt.com
[2010.06.28 11:26:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.11.03 04:14:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.11.03 04:14:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.11.03 04:14:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.11.03 04:14:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.11.03 04:14:39 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 - HOSTS file present but inaccessible!
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [regapp32] C:\Windows\SysWOW64\regapp32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Xxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Reg Error: Key error.)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.20.173.75 193.189.244.205
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.29 13:20:12 | 000,000,000 | ---D | C] -- C:\Users\Xxy\AppData\Roaming\Malwarebytes
[2010.06.29 13:20:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.29 13:20:01 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.29 13:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.29 13:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.28 21:23:20 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ODKOB32.DLL
[2010.06.28 21:23:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RACREG32.DLL
[2010.06.28 21:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haushaltsbuch
[2010.06.28 11:22:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.28 11:21:59 | 000,000,000 | ---D | C] -- C:\Users\Xxy\Documents\Eigene PaperPort-Dokumente
[2010.06.28 11:09:38 | 000,000,000 | ---D | C] -- C:\Users\Xxy\AppData\Roaming\Enplase
[2010.06.24 08:48:30 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.06.24 08:48:30 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.06.24 08:48:30 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.06.24 08:48:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.06.24 08:48:30 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.06.24 08:48:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.06.24 08:48:30 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.06.24 08:48:30 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.06.23 08:25:05 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010.06.23 08:24:51 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.06.23 08:24:51 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.06.23 08:24:50 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.06.23 08:24:50 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.06.23 08:24:50 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.06.23 08:24:50 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.06.23 08:24:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.06.18 22:21:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.06.18 11:37:34 | 000,000,000 | ---D | C] -- C:\Users\Xxy\AppData\Roaming\Tobit
[2010.06.18 11:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tobit Radio.fx
[2010.06.18 11:37:11 | 001,848,584 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe
[2010.06.18 11:37:11 | 001,848,584 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe
[2010.06.18 11:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tobit
[2010.06.18 11:30:19 | 000,692,224 | ---- | C] (CIA, The Company) -- C:\Windows\SysWow64\emx6.dat
[2010.06.18 11:30:19 | 000,308,224 | ---- | C] (www.dimac.net) -- C:\Windows\SysWow64\p20.dat
[2010.06.18 11:30:19 | 000,213,092 | ---- | C] (CIA, The Company) -- C:\Windows\SysWow64\emx1.dat
[2010.06.18 11:30:19 | 000,151,552 | ---- | C] (Catenary Systems) -- C:\Windows\SysWow64\Vic32.dll
[2010.06.18 11:30:19 | 000,117,507 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\p22.dat
[2010.06.18 11:30:19 | 000,053,248 | ---- | C] (CIA, The Company) -- C:\Windows\SysWow64\emx11.dat
[2010.06.18 11:30:19 | 000,040,960 | ---- | C] (CIA, The Company) -- C:\Windows\SysWow64\emx10.dat
[2010.06.18 11:30:19 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\regapp32.exe
[2010.06.18 11:30:18 | 000,000,000 | RHSD | C] -- C:\Program Files (x86)\PSCS
[2010.06.18 10:48:19 | 000,000,000 | ---D | C] -- C:\Users\Xxy\AppData\Roaming\Uniblue
[2010.06.14 10:31:35 | 000,000,000 | ---D | C] -- C:\Users\Xxy\Citrix
[2010.06.10 08:02:42 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.10 08:02:42 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.10 08:02:42 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.10 08:02:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.06.03 10:43:27 | 000,000,000 | ---D | C] -- C:\Users\Xxy\AppData\Local\ElevatedDiagnostics
[2010.06.01 17:51:36 | 000,000,000 | ---D | C] -- C:\Users\Xxy\AppData\Roaming\Nero
[2010.06.01 17:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.06.01 17:21:39 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010.06.01 17:21:09 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010.06.01 17:20:41 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.06.01 17:20:13 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010.06.01 17:19:45 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2010.06.01 17:19:15 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2010.05.31 21:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2010.05.30 22:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze_Remote
[1 C:\Users\Xxy\Desktop\*.tmp files -> C:\Users\Xxy\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.29 15:01:16 | 002,883,584 | -HS- | M] () -- C:\Users\Xxy\ntuser.dat
[2010.06.29 14:50:17 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.29 14:50:17 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.29 14:43:24 | 000,030,498 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010.06.29 14:42:53 | 000,427,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.29 14:42:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.29 14:42:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.29 14:41:34 | 2414,628,864 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.29 14:40:28 | 008,061,010 | -H-- | M] () -- C:\Users\Xxy\AppData\Local\IconCache.db
[2010.06.29 08:15:45 | 000,236,179 | ---- | M] () -- C:\Users\Xxy\Desktop\2010-06-28-1047976846_04-RG-1.pdf
[2010.06.28 22:15:51 | 000,111,216 | ---- | M] () -- C:\Users\Xxy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.26 08:58:09 | 001,523,126 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.26 08:58:09 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.26 08:58:09 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.26 08:58:09 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.26 08:58:09 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.25 17:25:38 | 000,248,320 | ---- | M] () -- C:\Users\Xxy\Desktop\WM Spielplan.xls
[2010.06.21 09:52:56 | 000,240,128 | ---- | M] () -- C:\Users\Xxy\Desktop\Email.doc
[2010.06.21 09:50:43 | 000,226,327 | ---- | M] () -- C:\Users\Xxy\Desktop\Email.docx
[2010.06.18 11:30:53 | 000,000,718 | ---- | M] () -- C:\Windows\SysWow64\psini.ini
[2010.06.18 08:55:12 | 000,000,983 | ---- | M] () -- C:\Windows\uninst.ini
[2010.06.14 16:29:30 | 000,010,525 | ---- | M] () -- C:\Users\Xxy\Desktop\Rechnung.xlsx
[2010.06.14 10:31:38 | 000,000,081 | ---- | M] () -- C:\Users\Xxy\CTX.DAT
[2010.06.01 17:51:52 | 000,000,000 | ---- | M] () -- C:\Users\Xxy\AppData\Roaming\.NANotifyHere
[1 C:\Users\Xxy\Desktop\*.tmp files -> C:\Users\Xxy\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.29 08:15:45 | 000,236,179 | ---- | C] () -- C:\Users\Xxy\Desktop\2010-06-28-1047976846_04-RG-1.pdf
[2010.06.21 17:18:14 | 000,248,320 | ---- | C] () -- C:\Users\Xxy\Desktop\WM Spielplan.xls
[2010.06.21 09:52:54 | 000,240,128 | ---- | C] () -- C:\Users\Xxy\Desktop\Email.doc
[2010.06.21 09:50:42 | 000,226,327 | ---- | C] () -- C:\Users\Xxy\Desktop\Email.docx
[2010.06.18 11:37:11 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2010.06.18 11:30:19 | 000,000,718 | ---- | C] () -- C:\Windows\SysWow64\psini.ini
[2010.06.14 10:31:38 | 000,000,081 | ---- | C] () -- C:\Users\Xxy\CTX.DAT
[2010.06.01 17:51:10 | 000,000,000 | ---- | C] () -- C:\Users\Xxy\AppData\Roaming\.NANotifyHere
[2010.05.18 17:51:22 | 000,000,983 | ---- | C] () -- C:\Windows\uninst.ini
[2010.05.18 16:22:44 | 000,000,000 | ---- | C] () -- C:\Windows\buhl.ini
[2010.05.18 16:21:05 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\BpShellEx.dll
[2010.05.10 11:57:55 | 000,000,057 | ---- | C] () -- C:\Windows\pdf2word.INI
[2010.04.27 13:04:15 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.03 18:51:35 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.28 19:27:58 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.04 00:53:22 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\msnacjosd.dll
[2009.11.29 20:14:19 | 000,000,980 | ---- | C] () -- C:\Windows\wininit.ini
[2009.08.30 17:26:52 | 000,001,667 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009.08.30 08:30:13 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.08.30 08:06:45 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.08.30 08:06:45 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009.08.22 08:01:04 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.08.22 08:01:04 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.08.22 08:01:02 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.08.22 08:01:02 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.08.22 08:01:02 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.09.28 10:40:55 | 000,009,851 | ---- | C] () -- C:\Windows\SysWow64\mswanjose.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:8927A071
< End of report >
         
Log 2:

Code:
ATTFilter
OTL Extras logfile created on: 29.06.2010 14:57:57 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Xxy\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 226,50 Gb Free Space | 79,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXY-PC
Current User Name: Xxy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BADFD936-E907-C666-A6E1-3C04C06E4260}" = ATI Catalyst Install Manager
"{C3199A20-E216-102C-04B0-8F9FF608A8E1}" = ccc-utility64
"{EE5BE032-86BA-4A2B-4CB0-556156B45FEA}" = ATI AVIVO64 Codecs
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00303EC0-EE53-4934-A606-E9B98A96E026}" = CCC Help German
"{046BFB05-BC7F-01A4-C199-B49640D2AD0F}" = Catalyst Control Center Graphics Full New
"{064C45D3-880F-D130-554A-91043413BCEE}" = CCC Help Thai
"{08C12672-6B9B-F155-B060-D375A020B656}" = CCC Help Chinese Traditional
"{090EFBB9-1196-5391-3637-64CAAC5E982B}" = CCC Help Hungarian
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{14272C6B-36D4-FB95-B95B-ADB1C2A7F029}" = CCC Help Italian
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1D535E4B-4D8D-FD55-AD08-125C8C4117D3}" = ccc-core-static
"{1DC4A8CA-F9B1-F762-2448-0A72B36E1E12}" = CCC Help Korean
"{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Haushaltsbuch Freeware 2.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 19
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{309BBBEE-F25E-0105-6DB1-B668958C9D37}" = CCC Help Polish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EDFC198-8ACC-A6C1-6991-35A80EC9A002}" = CCC Help English
"{42ED876C-C635-EF22-F4CD-620DC799CDDD}" = Catalyst Control Center Localization All
"{47826EF1-5634-D2E7-0C39-E356B8207676}" = CCC Help Turkish
"{49D59D86-7A0D-4217-979A-3D43F1F45CC8}" = BUHL-Lizenzmanagement-Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C93667C-8802-F818-DE66-5E16996D6074}" = CCC Help Japanese
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6140FD34-61AF-2EE7-3E9F-C0D26E532617}" = CCC Help Finnish
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-375CW
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8568FE6D-9769-A751-11D5-5AC7F6B698C2}" = CCC Help Russian
"{890E6592-0998-3C7A-2DB4-A29381485DA5}" = CCC Help Spanish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{96A39248-6496-075F-BD29-E99333354958}" = CCC Help French
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9978DB94-91EE-8D32-354E-F54A99051A37}" = Catalyst Control Center Core Implementation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A14A9BB0-7284-D33A-C5D8-DFD773843484}" = Catalyst Control Center Graphics Full Existing
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A391AF4E-D4D4-D295-19FC-FF6C2DB74169}" = CCC Help Portuguese
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.2 MUI
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B02C36FE-3C50-CD6B-6469-4A2F8D90DB3B}" = CCC Help Dutch
"{B4E92469-CC2A-3AB0-E45A-F4C20F8C86C6}" = CCC Help Chinese Standard
"{B77CD8C3-7DB4-8339-0E2F-EEB8DFCABCBC}" = CCC Help Norwegian
"{BF2433BA-ACC4-6DA5-047E-B2D95FE8ECDA}" = CCC Help Greek
"{CD0F9E16-4E3F-2369-9D67-9A0B84362D0A}" = Catalyst Control Center InstallProxy
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D332D9A9-C8C7-67C6-D5B5-6A0088AB4CF5}" = CCC Help Czech
"{E0A6AD5F-CFAF-63ED-5C31-6E94B271A4C8}" = Catalyst Control Center Graphics Light
"{E41CF65A-72A1-143E-1B4E-1E570C6AD4EC}" = CCC Help Danish
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC1FFB3D-0FD9-0746-31EF-3AD987574BE8}" = CCC Help Swedish
"Acer Registration" = Acer Registration
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.7.1
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MSC" = McAfee SecurityCenter
"Nice PDF Compressor_is1" = Nice PDF Compressor 2.0
"Tobit Radio.fx Server" = Radio.fx
"Totalcmd" = Total Commander (Remove or Repair)
"VeryPDF PDF2Word v3.0_is1" = VeryPDF PDF2Word v3.0
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.06.2010 17:39:56 | Computer Name = Xxy-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/06/26 23:39:56.742]: [00004324]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 26.06.2010 17:39:58 | Computer Name = Xxy-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/06/26 23:39:58.243]: [00004324]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 26.06.2010 17:39:59 | Computer Name = Xxy-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/06/26 23:39:59.743]: [00004324]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 26.06.2010 17:40:01 | Computer Name = Xxy-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/06/26 23:40:01.244]: [00004324]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 26.06.2010 17:40:02 | Computer Name = Xxy-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/06/26 23:40:02.746]: [00004324]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 26.06.2010 17:40:04 | Computer Name = Xxy-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/06/26 23:40:04.247]: [00004324]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 26.06.2010 17:40:05 | Computer Name = Xxy-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/06/26 23:40:05.748]: [00004324]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 26.06.2010 17:40:07 | Computer Name = Xxy-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/06/26 23:40:07.251]: [00004324]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 26.06.2010 17:40:08 | Computer Name = Xxy-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/06/26 23:40:08.752]: [00004324]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 26.06.2010 17:40:10 | Computer Name = Xxy-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/06/26 23:40:10.252]: [00004324]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
[ OSession Events ]
Error - 01.12.2009 12:36:49 | Computer Name = Xxy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.12.2009 10:30:52 | Computer Name = Xxy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1376
 seconds with 1140 seconds of active time.  This session ended with a crash.
 
Error - 18.01.2010 04:17:00 | Computer Name = Xxy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38734
 seconds with 4020 seconds of active time.  This session ended with a crash.
 
Error - 25.01.2010 14:36:05 | Computer Name = Xxy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 376
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 03.03.2010 14:09:19 | Computer Name = Xxy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 754
 seconds with 480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.04.2010 13:26:15 | Computer Name = Xxy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 24.04.2010 13:26:16 | Computer Name = Xxy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 24.04.2010 13:32:38 | Computer Name = Xxy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.04.2010 01:32:43 | Computer Name = Xxy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.04.2010 01:32:44 | Computer Name = Xxy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.04.2010 01:32:46 | Computer Name = Xxy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.04.2010 01:33:02 | Computer Name = Xxy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.04.2010 03:15:38 | Computer Name = Xxy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.04.2010 03:15:39 | Computer Name = Xxy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 25.04.2010 03:15:41 | Computer Name = Xxy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
 
< End of report >
         
Ich hoffe das du dir einen Überblick verschaffen kannst. Vorab schon mal vielen Dank!
__________________

Alt 29.06.2010, 23:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Generic PUP.i - Standard

Generic PUP.i



Sieht rel unauffällig aus.
Aber ich frag mich gerade wie der Fund von Malwarebytes da zu stande kommt. Hast Du mal Actual Spy installiert? Hat noch jmd anders Vollzugriff auf diesen Computer, jmd der DIch evtl überwachen will?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.06.2010, 07:55   #5
LeJa
 
Generic PUP.i - Standard

Generic PUP.i



Was? Mich jemand überwachen? Hmm, ja es hat jemand Zugriff auf meinen PC...na da werde ich wohl jemanden zur Rede stellen müssen.

Danke für deine Hilfe!


Alt 30.06.2010, 10:57   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Generic PUP.i - Standard

Generic PUP.i



Ja ich frag ja nur, von allein sollte ActualSpy da nicht rein kommen.
__________________
--> Generic PUP.i

Alt 30.06.2010, 11:00   #7
LeJa
 
Generic PUP.i - Standard

Generic PUP.i



...da kriegt heute jemand ärger...

Antwort

Themen zu Generic PUP.i
files, generic, liebe, lieben, mcafee, melde, meldet, programm, suchmaschine, suchmaschinen, systemprüfung, unerwünschtes, unerwünschtes programm



Ähnliche Themen: Generic PUP.i


  1. Trojan.GenericKD.2269178 (B) + Trojan.Generic.13051484 (B) + Trojan.Generic.12905642 (B)
    Log-Analyse und Auswertung - 10.04.2015 (12)
  2. Generic.Vundo.C
    Plagegeister aller Art und deren Bekämpfung - 13.07.2014 (5)
  3. ZoneAlarm hat zwei Viren gefunden: HEUR:Exploit.Script.Generic und HEUR:Exploit.Java.Generic
    Log-Analyse und Auswertung - 21.02.2014 (15)
  4. Trojaner Generic 28
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (32)
  5. Generic.Dropper_C.mmi
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (1)
  6. simdemo.exe mit Trojaner Generic 22.BSSM & Generic 26.KCB
    Log-Analyse und Auswertung - 28.12.2011 (7)
  7. Generic Host Process for Win32 Services hat ein Problem festgestellt = W32/Generic.worm!p2p
    Log-Analyse und Auswertung - 06.09.2011 (25)
  8. Generic PWS.y!ctj
    Plagegeister aller Art und deren Bekämpfung - 18.08.2010 (1)
  9. Generic, Dropper.Generic, Downloader.Generic gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (21)
  10. Generic.Bot.H
    Plagegeister aller Art und deren Bekämpfung - 24.02.2010 (2)
  11. Generic 14.DNH
    Plagegeister aller Art und deren Bekämpfung - 28.07.2009 (32)
  12. TR/Generic.1857123.27
    Plagegeister aller Art und deren Bekämpfung - 21.06.2009 (38)
  13. Jede min >>PAK Generic<< usw..
    Log-Analyse und Auswertung - 11.03.2009 (2)
  14. Generic 4B / 5 / 11
    Log-Analyse und Auswertung - 23.06.2007 (3)
  15. HiJackLogFile, Generic 3 und Back Door, Generic 6 laut AVG gefunden
    Log-Analyse und Auswertung - 21.06.2007 (4)
  16. Generic Win Process
    Plagegeister aller Art und deren Bekämpfung - 11.06.2007 (1)
  17. Lop.AQ & Generic
    Log-Analyse und Auswertung - 24.11.2006 (2)

Zum Thema Generic PUP.i - Hallo ihr Lieben, heute meldet sich mein McAfee nach einer Systemprüfung und zeigt "Generic PUP.i" als potenziell unerwünschtes Programm an und zwar im Element: C:\Program files (x86)\PSCS\datasymserv.exe Ich habe schon - Generic PUP.i...
Archiv
Du betrachtest: Generic PUP.i auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.