| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes und OTL melden keinen FundWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.11.2010, 13:40
| #1 |
| |  Malwarebytes und OTL melden keinen Fund Hallo Allerseits, ich habe mir gestern einen Virus bzw. ein Trojanisches Pferd eingefangen. Plötzlich kam die Fehlermeldung "Critical Error: Windows can't find hard disk space. Hard drive error. Kurz darauf im Anschluss die Meldung von Avira AntiVir: "In der Datei "C:\Users\***\AppData\Local\Temp\974273.exe wurde ein Virus oder unerwünschtes Programm "TR\Ag.cfx" gefunden. Der Zugriff auf diese Datei wurde verweigert." Nun versuche ich unter dieser Fehlermeldung auf "Entfernen" oder "Details" zu klicken und es klappt nicht, der Post verschwindet. Nächste Fehlermeldung: "Windows detected a hard disk problem Scanning for hard drive errors Ask me again later --> If the disk fails before the next warning, you could lose all of the programs and documents on the disk" Und so ging es weiter: Critical Error Hard Drive not found. Missing hard drive. Critical Error RAM memory usage is critically high. RAM memory failure. Critical Error Windows can't find hard disk space. Hard drive error System Restore The system has been restored after a critical error. Data integrity and hard drive integrity verification required. (Der Laptop hatte sich kurz vorher selbst neu gestartet..) Jetzt habe ich versucht unter der angegebenen Datei erstmal diese 974273.exe zu finden, habe dies aber nicht geschafft. Also habe ich mich hier schlau gemacht und bin auf das folgende Thema gestoßen: http://www.trojaner-board.de/92857-u...entfernen.html Habe dann das System mit Malwarebytes und OTL überprüfen lassen, allerdings haben beide Programme keinen Fund gemeldet. Jetzt bin ich etwas ratlos, was ist der nächste gute Schritt? Ich kann ja nicht jedes Mal, bevor ich ins Internet gehe, "Tool: rkill.com Download Link (umbenannt: iExplore.exe) von Grinler herunterladen und mit doppelklick ausführen."? Bitte helft mir, ich möchte nicht tatsächlich alle Dateien auf meinem Laptop verlieren. Vielen Dank im Voraus! |
|
26.11.2010, 13:48
| #2 |
| /// Malware-holic   | Malwarebytes und OTL melden keinen Fund otl kann keinen fund melden, denn das ist nen analyse tool. poste die logs von otl und ich kann dir sagen ob und was gefunden wurde
__________________
__________________ |
|
26.11.2010, 16:14
| #3 |
| | Malwarebytes und OTL melden keinen Fund OTL Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 26.11.2010 14:49:18 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,88 Gb Total Space | 21,42 Gb Free Space | 9,40% Space Free | Partition Type: NTFS
Drive D: | 227,88 Gb Total Space | 224,72 Gb Free Space | 98,61% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [- Browse with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browse" "%1" (Giorgio Tani)
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8ACA36-3DBE-48C7-B0BF-851F0B67C794}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{618555C3-020E-44F8-8CED-9DEDCC450387}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6E8869E9-3E20-4D95-8653-D112DE79E4A1}" = lport=56319 | protocol=6 | dir=in | name=akamai netsession interface |
"{7AEA4705-4953-4904-9856-1ED1600CAF17}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{BD8D47A0-3A60-482F-87FC-82004D7908D0}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{D5D22A32-144C-48F1-8A8A-4AD175BE91D1}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062971CE-A44E-480B-99FE-883DE5BE0286}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{09DC08C8-F123-43F6-B7E5-058715089E23}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1630B411-1FFB-4CA3-8F77-1ACA359C3713}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{22D42F30-2CD9-4C8D-A570-A75AD8423C7A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{312706F7-F8EF-4734-A527-6F5D97E883FA}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{3C631CDB-50A5-4B50-B7AC-73BF77E51995}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{5B8AE0FD-7D10-41AB-A206-67F5E0371EFE}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{5EF385D4-9AE6-4F9E-8A15-9A1311C66C9B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6574DCB0-B89C-4EF4-A665-F88C5DCBA751}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{6CA95882-4846-4F17-B39C-84BED98015D2}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{7EF21924-9193-4E3B-9688-852C219BE422}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{8D6AA67D-1F14-4327-BE6E-6788FA3BBCD5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9606538F-08F2-4AE7-9672-517A43B17F88}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{A9BD22C5-8E25-4BF0-8478-E287D3268909}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B32691AF-D6F2-40A8-8085-9C32A3E4E883}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C438FD20-E622-4FE7-A458-66C9693BAF0E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFA13F71-A90D-483D-A954-E3E7164CEE73}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D7C85BB6-CD92-4B62-A248-F31C53846856}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D9793FEC-2A94-4F4A-90AA-6AAEA92FDCCA}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{EED86366-85EB-4F4B-8F78-743032A720C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF4E1F80-3DEC-49D8-8E1E-E14EE541D48A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F1231148-0FD4-489D-9CFD-79F8E802A87E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F394F59D-C258-4455-9735-DDF170167BE3}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"TCP Query User{276FB6FF-0EB8-4462-9C20-63F6054E96C6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{35EA0C29-FAB9-410E-B5D1-2E82454FE575}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{46764E6B-CBAC-4A25-9AED-A11184A887AF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{D7FD0C98-CCBF-412B-9CA0-9C0B2C15EF2A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EE622577-38B1-4002-B054-0B945F4C7947}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{4A9F13E8-F429-4504-8DE6-5CCD519635B4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{50142E64-6501-44EF-9D8E-57A83ACF786E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{72825B7D-50F9-42ED-BC72-E7FD5C4942C9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C4330C9E-F97E-4690-8AE4-2519A6EAE7A5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D6E52694-9156-438A-BAEF-5DEB7D67F981}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12DCDE3D-5C8E-4C5E-A7E4-CEF30F578179}" = Dogz 5
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.5
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{818FB39B-1A57-4F1B-A54D-391C33D6C586}" = Tropico
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Debut" = Debut Video Capture Software
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Picasa 3" = Picasa 3
"PIXO RESCUE_is1" = PIXO RESCUE Version 1.0
"S4Uninst" = Die Siedler IV
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 0.9.9
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.02.2010 21:23:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.02.2010 22:17:03 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.02.2010 07:29:31 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.02.2010 08:43:11 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2010 05:43:47 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2010 09:05:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.02.2010 13:23:57 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2010 04:58:46 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.02.2010 10:55:10 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.02.2010 10:59:58 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 09.03.2009 17:05:26 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 10.03.2009 10:19:05 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 10.03.2009 13:35:43 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.03.2009 um 18:22:46 unerwartet heruntergefahren.
Error - 10.03.2009 13:35:47 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 10.03.2009 21:57:36 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 11.03.2009 02:02:03 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 11.03.2009 05:08:46 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 11.03.2009 14:53:21 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 12.03.2009 13:37:08 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 12.03.2009 14:36:05 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
< End of report >
_________________________________________________________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.11.2010 14:49:18 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 227,88 Gb Total Space | 21,42 Gb Free Space | 9,40% Space Free | Partition Type: NTFS Drive D: | 227,88 Gb Total Space | 224,72 Gb Free Space | 98,61% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: ***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Cristina\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Cristina\Pictures\OTH.scr (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Verbindungsassistent\WTGService.exe () PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Windows\System32\igfxext.exe (Intel Corporation) PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\ACER\Mobility Center\MobilityService.exe () PRC - C:\Windows\PLFSetI.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll () SRV - (WTGService) -- C:\Program Files\Verbindungsassistent\WTGService.exe () SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe () SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated) DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730z IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730z IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll () IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Suchen" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de&source=iglk" FF - prefs.js..extensions.enabledItems: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB}:1.0.4 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {f274730f-db76-4942-97ba-7984ab94f854}:2.1d FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91 FF - prefs.js..keyword.URL: "hxxp://search.myheritage.com/?orig=ds&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.28 17:17:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.28 17:17:52 | 000,000,000 | ---D | M] [2009.01.25 16:13:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.11.25 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions [2010.06.13 03:05:02 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2010.04.27 03:59:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.16 06:43:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.06.23 21:21:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(277) [2010.08.04 00:48:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(406) [2010.08.11 18:14:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(439) [2010.02.21 01:12:51 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010.08.12 18:18:46 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.01.16 11:50:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(93) [2010.03.20 21:49:55 | 000,000,000 | ---D | M] (STOP! Hammertime!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854} [2010.11.22 01:47:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} [2010.06.22 11:31:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\foxyproxy@eric.h(276).jung [2010.07.10 23:46:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\foxyproxy@eric.h(405).jung [2010.08.31 23:32:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\foxyproxy@eric.h.jung [2010.09.12 08:56:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\personas@christopher.beard [2010.06.13 03:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions [2010.11.03 23:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.05.21 05:19:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.13 18:38:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.03 23:20:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.05 22:56:19 | 000,000,000 | ---D | M] (Celebrity Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.09.18 02:02:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.18 02:02:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.18 02:02:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.18 02:02:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.18 02:02:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll () O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [iGGVWrEseC.exe] C:\Users\***\AppData\Local\Temp\iGGVWrEseC.exe () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Celebrity Toolbar\mhxpcomi.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{96dc570e-e050-11df-9fee-00238b3a291a}\Shell - "" = AutoRun O33 - MountPoints2\{96dc570e-e050-11df-9fee-00238b3a291a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{cb3474e5-df7b-11df-96bf-00238b3a291a}\Shell - "" = AutoRun O33 - MountPoints2\{cb3474e5-df7b-11df-96bf-00238b3a291a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{cb3474f8-df7b-11df-96bf-00238b3a291a}\Shell - "" = AutoRun O33 - MountPoints2\{cb3474f8-df7b-11df-96bf-00238b3a291a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{cb34758d-df7b-11df-96bf-00238b3a291a}\Shell - "" = AutoRun O33 - MountPoints2\{cb34758d-df7b-11df-96bf-00238b3a291a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{cb34758e-df7b-11df-96bf-00238b3a291a}\Shell - "" = AutoRun O33 - MountPoints2\{cb34758e-df7b-11df-96bf-00238b3a291a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{cb3475b1-df7b-11df-96bf-00238b3a291a}\Shell - "" = AutoRun O33 - MountPoints2\{cb3475b1-df7b-11df-96bf-00238b3a291a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{cb3475b2-df7b-11df-96bf-00238b3a291a}\Shell - "" = AutoRun O33 - MountPoints2\{cb3475b2-df7b-11df-96bf-00238b3a291a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{e2e7205a-e830-11df-9b71-00238b3a291a}\Shell - "" = AutoRun O33 - MountPoints2\{e2e7205a-e830-11df-9b71-00238b3a291a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{e2e7205c-e830-11df-9b71-00238b3a291a}\Shell - "" = AutoRun O33 - MountPoints2\{e2e7205c-e830-11df-9b71-00238b3a291a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.26 14:48:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.26 03:08:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.11.26 03:08:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.26 03:08:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.26 03:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.11.26 03:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.26 02:28:50 | 000,000,000 | ---D | C] -- C:\Users\***\Option [2010.11.15 22:50:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Girl Talk - All Day (IA123) [2010.11.13 23:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\*** [2010.11.13 21:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.11.03 23:20:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.03 23:20:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.03 23:20:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2008.07.22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.26 14:50:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{57BAC3B2-264A-4800-AE2D-4DC8DC5CA6E1}.job [2010.11.26 14:48:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.11.26 14:47:28 | 000,026,895 | ---- | M] () -- C:\Users\**\Desktop\85104-otl-otlogfile-oldtimer.html [2010.11.26 14:36:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.26 13:06:59 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.26 13:06:59 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.26 13:06:59 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.26 13:06:59 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.26 12:59:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.11.26 12:59:34 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.26 12:59:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.26 12:59:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.26 12:59:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.26 12:59:05 | 3146,641,408 | -HS- | M] () -- C:\hiberfil.sys [2010.11.26 03:08:45 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.26 01:54:31 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.26 01:54:31 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.25 20:20:07 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2010.11.24 20:34:18 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.11.22 21:58:40 | 000,096,768 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.19 20:05:33 | 000,001,451 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.11.15 20:42:12 | 000,029,748 | ---- | M] () -- C:\Users\***\egrsgrsrg.jpg [2010.11.13 23:06:30 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\TubeBox! starten.lnk [2010.11.13 21:24:44 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.26 14:47:28 | 000,026,895 | ---- | C] () -- C:\Users\***\Desktop\85104-otl-otlogfile-oldtimer.html [2010.11.26 03:08:45 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.19 20:05:33 | 000,001,451 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.11.15 20:42:12 | 000,029,748 | ---- | C] () -- C:\Users\***\egrsgrsrg.jpg [2010.11.13 23:06:30 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\TubeBox! starten.lnk [2010.11.13 21:24:44 | 000,001,628 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2009.11.13 23:08:37 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.11.13 23:08:37 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2009.10.20 05:02:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.17 13:27:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.30 21:19:22 | 000,000,037 | ---- | C] () -- C:\Windows\QTW.INI [2009.07.30 21:13:54 | 000,000,137 | ---- | C] () -- C:\Windows\DAISYG.INI [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.05.03 16:25:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.01.22 17:16:34 | 000,096,768 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.22 05:35:03 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.11.22 23:42:47 | 000,005,669 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log [2008.11.22 23:39:34 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.11.22 23:39:34 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.09.02 08:09:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2008.02.06 00:45:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.05 16:55:33 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.02.05 16:55:33 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.02.05 16:36:07 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.02.05 16:32:08 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.02.05 16:25:25 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9E22BBE8 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60 < End of report > Hilft das? Danke nochmal! |
|
26.11.2010, 16:47
| #4 |
| /// Malware-holic | Malwarebytes und OTL melden keinen Fund • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKCU..\Run: [iGGVWrEseC.exe] C:\Users\***\AppData\Local\Temp\iGGVWrEseC.exe () :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne den arbeitsplatz, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.11.2010, 17:07
| #5 |
| | Malwarebytes und OTL melden keinen Fund So, ich habe jetzt versucht den Text wie beschrieben in die "Benutzerdefinierte Scans/Fixes" Box einzutragen, den User hab ich natürlich wieder in den eigentlichen umbenannt. Es fing auch an zu arbeiten, allerdings kam eine Fehlermeldung, dass das Programm aufgrund eines unbekannten Problems beendet werden musste. Der Pc wurde daraufhin neugestartet. Was nun? |
|
26.11.2010, 17:24
| #6 |
| /// Malware-holic | Malwarebytes und OTL melden keinen Fund lad mir das otl verzeichniss mal gepackt hoch, dann sehe ich obs geklappt hatt.
__________________ --> Malwarebytes und OTL melden keinen Fund |
|
26.11.2010, 17:27
| #7 |
| | Malwarebytes und OTL melden keinen Fund Sorry, aber so gut kenn ich mich mit PCs dann doch nicht aus..wie mach ich das denn? |
|
26.11.2010, 17:29
| #8 |
| /// Malware-holic | Malwarebytes und OTL melden keinen Fund steht doch oben, mein computer öffnen, c: öffnen _OTL öffnen rechtsklick und zu moved files.rar oder zip hinzufügen, vorher natürlich den ordner markieren mit nem klick drauf und dann in unserem upload channel hochladen, der link steht unterm otl script.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.11.2010, 17:35
| #9 |
| | Malwarebytes und OTL melden keinen Fund Huch, alles klar, das hatte ich übersehen, danke. Hab's hochgeladen. Geändert von memoriesfade (26.11.2010 um 17:41 Uhr) |
|
26.11.2010, 17:42
| #10 |
| /// Malware-holic | Malwarebytes und OTL melden keinen Fund dann instaliere mal 7zip: http://filepony.de/download-7-zip/ dann rechtsklick auf moved files, 7zip und hinzufügen zu moved files.7z fählen. und das archiv hochladen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.11.2010, 17:48
| #11 |
| | Malwarebytes und OTL melden keinen Fund Müsste jetzt eigentlich geklappt haben.. |
|
26.11.2010, 17:53
| #12 |
| /// Malware-holic | Malwarebytes und OTL melden keinen Fund bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.11.2010, 18:30
| #13 |
| | Malwarebytes und OTL melden keinen Fund Combofix Logfile: Code:
ATTFilter ComboFix 10-11-25.06 - *** 26.11.2010 18:10:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3000.1915 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\***\AppData\Roaming\.#
c:\users\***\Desktop\Internet Explorer.lnk
c:\users\***\videos\auxsetup.exe
c:\users\***\videos\vdub.exe
c:\users\***\videos\VirtualDub.exe
c:\users\***\vlc-1.0.2-win32.exe
c:\users\***\vlc-1.0.5-win32.exe
D:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-26 bis 2010-11-26 ))))))))))))))))))))))))))))))
.
2010-11-26 17:21 . 2010-11-26 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-26 15:58 . 2010-11-26 16:40 -------- d-----w- C:\_OTL
2010-11-26 13:01 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A8EE48C-20EC-429B-A996-17302C6D9D1D}\mpengine.dll
2010-11-26 02:08 . 2010-11-26 02:08 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-11-26 02:08 . 2010-04-29 11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-26 02:08 . 2010-11-26 02:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-26 02:08 . 2010-11-26 02:08 -------- d-----w- c:\programdata\Malwarebytes
2010-11-26 02:08 . 2010-04-29 11:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-26 01:28 . 2010-11-26 01:28 -------- d-----w- c:\users\***\Option
2010-11-23 18:34 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-13 22:06 . 2010-11-13 22:06 -------- d-----w- c:\users\***\AppData\Roaming\TubeBox
2010-11-13 22:06 . 2010-11-13 22:06 -------- d-----w- c:\program files\Jens Lorek
2010-11-13 20:23 . 2010-11-13 20:23 -------- d-----w- c:\program files\iPod
2010-11-10 12:37 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-26 00:54 . 2009-07-03 11:16 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-26 00:54 . 2009-07-03 11:16 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-24 14:40 . 2010-10-24 14:40 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-10-24 14:40 . 2010-10-24 14:40 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-10-19 09:41 . 2009-10-03 01:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 03:50 . 2010-05-21 04:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-14 16:45 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01 . 2010-10-14 16:44 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 16:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 16:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 16:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-14 16:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-14 16:44 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 16:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 16:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20 . 2010-10-14 16:44 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 16:44 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 16:44 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 16:44 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 16:44 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 16:43 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 16:43 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 16:43 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 16:43 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-13 06:00 . 2009-11-25 20:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2010-02-18 07:37 221184 ----a-w- c:\program files\Celebrity Toolbar\mhxpcomi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-21 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 145944]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-29 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-29 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-26 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-09 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-13 30192]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-26 135336]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\wtgservice.exe [2010-10-24 329168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-09 13:04]
2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-09 13:04]
2010-11-26 c:\windows\Tasks\User_Feed_Synchronization-{57BAC3B2-264A-4800-AE2D-4DC8DC5CA6E1}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.myheritage.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Celebrity Toolbar\mhxpcomi.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4fk47tm9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Suchen
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}\components\mhxpcom.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4fk47tm9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-eRecoveryService - (no file)
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-26 18:21
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-11-26 18:25:50
ComboFix-quarantined-files.txt 2010-11-26 17:25
Vor Suchlauf: 14 Verzeichnis(se), 22.997.852.160 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 28.819.382.272 Bytes frei
- - End Of File - - 3601CC4B2F0F56C5CB0D32B37C2F3223
Geändert von memoriesfade (26.11.2010 um 18:44 Uhr) |
|
| Themen zu Malwarebytes und OTL melden keinen Fund |
| anschluss, antivir, avira, datei, dateien, detected, download, entfernen, error, fehlermeldung, folge, grinler, hard disk, iexplore.exe, internet, laptop, link, malwarebytes, neu, programm, programme, ratlos, rkill.com, temp, trojanisches pferd, tr\ag.cfx, virus, warning, windows |
