Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere


Plagegeister aller Art und deren Bekämpfung: TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.10.2010, 15:56   #1
Schinzer
 
TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Standard

TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere


Hallo zusammen!

Ich habe vor ein paar Tagen völlig unvermittelt ohne Vorwarnung auf einmal mehrere Virusmeldungen bekommen (War immer der gleiche Trojaner, habe leider nichts mitgeschrieben). Ab diesem Zeitpunkt stürzt der Windows Explorer immer wieder nach kurzer Zeit ab, der abgesicherte Modus läuft aber noch hervorrgand.
Ich habe natürlich probiert, die Datei zu löschen, aber direkt danach kam die Meldung von Antivir wieder.
Beim nächsten Mal im normalen Modus kamen noch zwei andere Virenmeldungen, die aus der Überschrift oben und Folgende: TR/FakeAV.n/v in C:/Users/***/AppData/Local/Temp/yjcmuyj.exe

Ich habe jetzt die Load.exe-Datei aus dem Tutorial ausgeführt und mit Malwarebytes und OTL einen Check ausgeführt.

Vielen Dank schonmal, unten Folgenden sind die Log-Dateien des Checks!

Gruß, Tim


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4974

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

28.10.2010 16:44:57
mbam-log-2010-10-28 (16-44-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 137034
Laufzeit: 5 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jveji (Trojan.Hiloti) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Tim\AppData\Local\I3atan.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Tim\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.



OTL (1)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.10.2010 17:32:20 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Tim\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 82,86 Gb Free Space | 57,42% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 127,63 Gb Free Space | 88,61% Space Free | Partition Type: NTFS
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tim\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Internet\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Tim\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\Windows\System32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "bild.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.8
FF - prefs.js..extensions.enabledItems: smoothlyclosetabs@gmail.com:1.3.2
FF - prefs.js..extensions.enabledItems: {1519200d-6633-40c9-a9a1-d60d8d1d0479}:1.0.2
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.12304
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.03.05 00:14:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 13:47:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox\components [2010.09.19 12:59:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox\plugins [2010.10.17 14:36:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Programme\Internet\Mozilla Thunderbird\plugins [2010.10.17 14:36:39 | 000,000,000 | ---D | M]
 
[2008.09.20 15:32:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions
[2010.10.28 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions
[2010.09.06 23:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.09.06 23:49:42 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.09.07 00:57:15 | 000,000,000 | ---D | M] (FaceTweak) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{1519200d-6633-40c9-a9a1-d60d8d1d0479}
[2010.06.24 23:50:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.07 00:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.09.06 23:34:22 | 000,000,000 | ---D | M] (AniWeather) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010.09.06 23:34:22 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010.09.11 01:26:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.06 22:58:03 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009.08.07 01:21:26 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\moveplayer@movenetworks.com
[2010.09.06 23:49:42 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\smoothlyclosetabs@gmail.com
[2010.10.13 22:48:27 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\if4ijrnv.default\extensions\toolbar@ask.com
[2010.10.28 16:33:00 | 000,000,950 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\FireFox\Profiles\if4ijrnv.default\searchplugins\icqplugin-1.xml
[2010.09.02 02:33:46 | 000,001,056 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\FireFox\Profiles\if4ijrnv.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tim\Pictures\♥\Unbenannt.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tim\Pictures\♥\Unbenannt.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{089c3af6-0c56-11dd-9f55-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{089c3af6-0c56-11dd-9f55-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- File not found
O33 - MountPoints2\{70def4b5-2d08-11df-a2d1-001e101fa6db}\Shell - "" = AutoRun
O33 - MountPoints2\{70def4b5-2d08-11df-a2d1-001e101fa6db}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{7bb606ba-287a-11df-a99b-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{7bb606ba-287a-11df-a99b-001e101f21c1}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{cbbcafa5-2a0a-11df-af5d-001b38dc6472}\Shell - "" = AutoRun
O33 - MountPoints2\{cbbcafa5-2a0a-11df-af5d-001b38dc6472}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d369dbca-222b-11df-b8c6-001b38dc6472}\Shell - "" = AutoRun
O33 - MountPoints2\{d369dbca-222b-11df-b8c6-001b38dc6472}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{d369dc09-222b-11df-b8c6-001e101f4ec0}\Shell - "" = AutoRun
O33 - MountPoints2\{d369dc09-222b-11df-b8c6-001e101f4ec0}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.28 16:32:24 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
[2010.10.28 16:32:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.28 16:32:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.28 16:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.10.28 16:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.28 16:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.10.28 16:31:20 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\MFTools
[2010.10.20 17:40:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DVDVideoSoft
[2010.10.19 00:42:21 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.10.19 00:42:09 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.10.17 14:36:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.13 22:57:13 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.13 22:56:56 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.13 22:56:46 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.13 22:56:45 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.13 22:56:45 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.13 22:56:41 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.13 22:56:40 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.13 22:56:39 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.13 22:56:32 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.13 22:56:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.13 22:56:30 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.10.13 22:56:30 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.13 22:56:30 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.10.13 18:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson USB
[2010.10.13 18:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010.10.13 18:33:06 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\MyPhoneExplorer
[2010.10.13 18:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
[2010.09.29 17:35:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008.04.17 10:25:54 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.04.17 10:25:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.28 17:33:06 | 000,001,356 | ---- | M] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat
[2010.10.28 16:54:27 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\degurenc.sys
[2010.10.28 16:32:20 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.28 16:31:51 | 000,286,404 | ---- | M] () -- C:\Users\Tim\Desktop\Gmer.zip
[2010.10.28 16:31:51 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\defogger.exe
[2010.10.28 16:26:36 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.28 16:26:36 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.28 16:26:36 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.28 16:26:36 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.28 16:21:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.24 02:20:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3E9B3653-6A42-4752-8B40-24CD622C6FEF}.job
[2010.10.24 02:00:02 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.10.24 01:44:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.24 01:40:12 | 000,027,649 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\nvModes.001
[2010.10.24 01:39:24 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.24 01:37:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.24 01:37:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.19 22:54:05 | 000,000,176 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\35649.bat
[2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.18 22:51:35 | 000,027,649 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\nvModes.dat
[2010.10.17 14:36:39 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.10.16 02:48:53 | 000,310,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.16 02:46:54 | 399,941,998 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.13 18:32:59 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
 
========== Files Created - No Company Name ==========
 
[2010.10.28 16:54:27 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\degurenc.sys
[2010.10.28 16:32:20 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.28 16:31:37 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\defogger.exe
[2010.10.28 16:31:27 | 000,286,404 | ---- | C] () -- C:\Users\Tim\Desktop\Gmer.zip
[2010.10.19 22:54:05 | 000,000,176 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\35649.bat
[2010.10.18 15:58:13 | 031,751,295 | ---- | C] () -- C:\Users\Tim\Desktop\Caught between Cultures - deutsche Interpretationshilfe.pdf
[2010.10.13 18:32:59 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2009.11.18 00:43:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.21 13:52:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.26 14:28:18 | 000,001,356 | ---- | C] () -- C:\Users\Tim\AppData\Local\d3d9caps.dat
[2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.05.06 12:11:40 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.10.15 17:37:28 | 000,017,089 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\UserTile.png
[2008.09.21 18:00:18 | 000,020,480 | ---- | C] () -- C:\Users\Tim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.20 16:17:37 | 000,000,590 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\wklnhst.dat
[2008.09.20 16:14:27 | 000,027,649 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\nvModes.001
[2008.09.20 16:10:18 | 000,027,649 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\nvModes.dat
[2008.04.17 19:56:22 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008.04.17 19:56:22 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008.04.17 10:25:54 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2008.04.17 10:25:54 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2008.04.17 10:25:53 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2008.04.17 10:25:06 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.04.04 04:59:21 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008.04.04 02:30:51 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.04.04 02:30:51 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.04.04 02:30:51 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2008.04.03 18:31:05 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.04.03 18:30:15 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008.04.03 18:04:40 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:96F344DB
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54

< End of report >
--- --- ---

OTL (2)OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.10.2010 17:32:20 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Tim\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 82,86 Gb Free Space | 57,42% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 127,63 Gb Free Space | 88,61% Space Free | Partition Type: NTFS
 
Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04424D3E-26DC-4100-BDC2-AB81181A02E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{127170F4-3212-44DE-8E9F-F91668AA79AD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2B8EEBE0-C5BF-4FBE-85CF-C7D92C5E6416}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2D7C85A2-93DE-4C68-8980-462827943E9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{34C2309C-9E84-4250-9860-D3A6E1B6C2C8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5025C82E-9504-41F8-9177-D38A84C747D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5F437FF0-1FFA-4409-8A14-57C916D3FD2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{617FF964-AF06-49CF-9ADF-33328D633BED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{86623BFA-7636-441C-8A3A-12EF55E8CDA0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8AC308E3-619C-4C5F-920D-05D99ED5A24A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8FF4AB6F-5183-4E6B-9DF8-7B2DDEB73B0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{91C67A50-7B7A-4901-AF42-FEF59E654876}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{98BF685D-21D2-4164-B29F-75FA9F84EE79}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99775CF4-B44D-4415-8F15-A066CCF0172C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A79EEAE7-5508-4717-A706-B474FACF3F55}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C9F05AA2-5677-4391-8E3C-0A1B768A2A38}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CC5F96FD-E52B-484F-ACED-BBE26C0BA8F2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DE4B0D92-CD41-440A-97DE-79A7FDE05C3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E5978E47-733F-4AAB-A96D-D1BF10E22AE5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E69DC94C-95E1-4049-8B89-8D6880240E4A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EF2481A1-9A59-4993-9832-5035FCF73401}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053D08E9-74EB-4DAC-A670-859A5C43C87F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{0E1B2322-6A6F-4317-9F65-876AAA655361}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{155E7525-7923-471F-BE0E-0ABFF4732E0B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1754F4CE-AB9C-44CF-ADFD-0B472D94A293}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{269B2AAA-6E7A-42C6-9238-CB52627AFF17}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{2761229A-A4E7-4BBE-8210-EF57D00B0208}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4306A98E-46FF-4B40-A1D5-667F18AE8C1F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{509CF9D2-06ED-4AEE-87BC-AE597887598D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{542089DA-11DE-40A7-B9F1-00EBADDBBF8C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{59524373-2A69-4D0F-B283-502B7C710B7C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5A2F9BB5-B60A-493A-A47E-F31CE977710D}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{62480488-6209-4DBA-8B9F-260EFD503E91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{66AC6430-61CE-430D-B2C6-E61C5AB10395}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{66D57415-973D-4A22-BD49-0101E455C3D0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{730131B2-0567-495E-B8F4-D77D301250CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7313303E-A7F6-4926-89B0-1B318AACEDB4}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"{7CDDE2CB-8380-4513-8CB9-14EDD8A325A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E016597-150C-4A00-900E-9F9E0C42B10A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{7EEB33DA-1EE3-486C-85C3-957861B88B0E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{807330B4-0CED-4D02-A17E-544E8F5D4C62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80DACF09-E089-4C2C-880A-2013E6A7B30B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8FD2664C-8968-4A6C-A619-442A225DBFBA}" = protocol=6 | dir=out | app=system | 
"{96336028-65F8-44A1-B498-D969985250B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{99A137CD-FB8D-41A7-8455-E9E34ADC43F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1C952DB-615F-4BB1-A6A4-0D594EEB10C4}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{A4BD15F6-DCFF-479E-BFBD-4B566227021F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AA7B8E2F-E2C5-4FC8-BA02-6EA913E70638}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B1C48CE5-AD61-464B-A57F-C2213B6ABBF7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B32838D0-6135-480C-AB86-6E4328055058}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B501C151-4ACE-4EB1-95A9-323A87664AD3}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{B9869C4F-EB32-4497-BA76-886AF670B58B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BB92EBFB-C25E-4940-851F-EF599F26D9A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BBE6FFD1-9404-43DC-AF05-93C8AB453BB9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{BC7C8535-1F24-45EA-8D98-CE923B97F5D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD62F6FA-544C-4441-8FD1-0725F2A63D37}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{CDA041B1-F8CE-4F23-9CF7-0B4C47F39413}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{D1770D8D-FCF1-48C6-B032-A862E8A9A19C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D3A3C939-2E6D-4ACF-9706-91945922BD5D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{D48214ED-B1FC-4051-8EF1-2663B89F7DDF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E3C5FCB3-1700-42AA-A1D3-C0F0FED9FBA5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F4D69C2D-786C-4014-A3D7-24F1D2B72A55}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F906BE4F-297F-446D-8929-E01C4CD243ED}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F9582830-238E-4271-B776-140BB1108A27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE3C59F8-58AF-4DBD-B817-AF20FA258532}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{02C3BCC8-1054-4B92-8691-797471C79552}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe | 
"TCP Query User{0F72E5D2-62E5-4513-8F55-A11F2D6E9578}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{93F42450-A328-48CD-8EBA-D83387A924D7}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{A1C0E194-D92F-4ED7-A355-9BE1F8BFD19F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{D0318364-D5ED-4DE7-9F13-BC9A6BF92DBC}D:\blobby.volley\volley.exe" = protocol=6 | dir=in | app=d:\blobby.volley\volley.exe | 
"UDP Query User{1C824040-32C7-4E2C-9444-ED45609814E3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{7CB619D1-27FC-422B-A94C-DE63052C18F1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{BA4249AB-D53C-4205-B397-9C449357D03B}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe | 
"UDP Query User{D3F3FEE6-FD62-4A81-B5FE-80F38AFCD138}D:\blobby.volley\volley.exe" = protocol=17 | dir=in | app=d:\blobby.volley\volley.exe | 
"UDP Query User{DA3E74DA-70BB-496B-9FDD-7A86C13653F7}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DFB5612F-AF7E-4CB3-00AB-3C0CD2520B29}" = FUSSBALL MANAGER 06
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Photo Commander 6_is1" = Ashampoo Photo Commander 6.40
"AutoHotkey" = AutoHotkey 1.0.47.06
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Disc Burner_is1" = Free Disc Burner version 2.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Tunatic" = Tunatic
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"dfe95292edf57fac" = MiniPLan
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.09.2010 11:54:13 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8315
 
Error - 09.09.2010 11:54:14 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.09.2010 11:54:14 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9360
 
Error - 09.09.2010 11:54:14 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9360
 
Error - 09.09.2010 11:54:15 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.09.2010 11:54:15 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10374
 
Error - 09.09.2010 11:54:15 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10374
 
Error - 09.09.2010 11:54:16 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.09.2010 11:54:16 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11373
 
Error - 09.09.2010 11:54:16 | Computer Name = Tim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11373
 
[ System Events ]
Error - 21.10.2010 11:07:13 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.10.2010 19:37:36 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2010 20:03:31 | Computer Name = Tim-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.10.2010 10:21:38 | Computer Name = Tim-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 24.10.2010 um 02:23:08 unerwartet heruntergefahren.
 
Error - 28.10.2010 10:22:10 | Computer Name = Tim-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.10.2010 10:22:17 | Computer Name = Tim-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.10.2010 10:22:20 | Computer Name = Tim-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.10.2010 10:22:21 | Computer Name = Tim-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.10.2010 10:22:26 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 28.10.2010 10:22:26 | Computer Name = Tim-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
--- --- ---
Geändert von Schinzer (28.10.2010 um 16:35 Uhr)

 

Themen zu TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere
.dll, 0 bytes, adblock, alternate, anti-malware, antivir, avgntflt.sys, check, components, corp./icp, datei, dateien, explorer, firefox.exe, folge, grand theft auto, hallo zusammen, home premium, install.exe, location, löschen, malwarebytes, microsoft, modus, mozilla thunderbird, need for speed, nichts, nvlddmkm.sys, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, programdata, roaming, safer networking, saver, sched.exe, searchplugins, server, service, service pack 2, shell32.dll, skype.exe, software, trojan.fakealert, trojaner, tutorial, version, vodafone, windows, windows explorer


« Alle Web-Browser funktionieren nicht mehr (Internet Explorer, Google Chrome etc.) auser Firefox | Virenbefall, wird nicht von avira antivir und avast gefunden, xp neuinstallation nicht erfolgreich »


Ähnliche Themen: TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere


  1. Public-box.ru entfernen
    Anleitungen, FAQs & Links - 06.11.2015 (2)
  2. Public Preview von Application Insights
    Nachrichten - 15.05.2015 (0)
  3. Windows 7: Trojaner z.B. in C:\Users\Admin\AppData\Local
    Log-Analyse und Auswertung - 14.02.2015 (20)
  4. Avast gibt Alarm URL: hxxps://securityguard1.net/public/AddOn2/static/gc.js
    Log-Analyse und Auswertung - 28.11.2014 (9)
  5. Windows 8: Verdacht auf Virus, c:\users\*******\appdata\roaming\newnext.me\nenginge.dll
    Log-Analyse und Auswertung - 07.04.2014 (9)
  6. Malwarebytes findet einen Rougelink : C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (10)
  7. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  8. Wieder Da! Trojaner chydo in c:/user/public
    Log-Analyse und Auswertung - 14.11.2012 (9)
  9. Trojan.chydo in C:\Users\Public
    Log-Analyse und Auswertung - 30.10.2012 (11)
  10. Fanmeile: Public Viewing der Build-Keynote
    Nachrichten - 24.10.2012 (0)
  11. AVG findet Trojaner generic_r.tt in C:\Users\Public
    Log-Analyse und Auswertung - 21.10.2012 (1)
  12. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)
  13. akhdfiusdf.exe+TR/Oficla.AV
    Plagegeister aller Art und deren Bekämpfung - 18.11.2010 (4)
  14. Winhelp.exe System jetzt sauber?
    Log-Analyse und Auswertung - 13.11.2010 (1)
  15. Backdoor:Win32/IRCbot.gen!M und Win32/Oficla.V
    Plagegeister aller Art und deren Bekämpfung - 27.10.2010 (1)
  16. winhelp.exe Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.08.2010 (9)
  17. Winhelp legal spinnt unter win 98II
    Alles rund um Windows - 23.09.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere - Hallo zusammen! Ich habe vor ein paar Tagen völlig unvermittelt ohne Vorwarnung auf einmal mehrere Virusmeldungen bekommen (War immer der gleiche Trojaner, habe leider nichts mitgeschrieben). Ab diesem Zeitpunkt stürzt - TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere...
Archiv
Du betrachtest: TR/Oficla.AV.11 in C:/Users/Public/Windows/winhelp.exe und andere auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130