Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Problem mit ein Trojaner TR/Crypt.XPACK.Gen3

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.02.2011, 09:41   #1
xlexusx
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



Mein Antivir zeigt ständig an, dass ein Trojaner namens TR/Crypt.XPACK.Gen3 gefunden wurde. Er wird dann jedes Mal von mir in Quaratäne geschoben , nachdem ich einige Antvir,Spybot, CC ausgeführt habe erscheint kein virus meldung mehr sondern da kommt jedesmal beim systemstart ein meldung "das profil konnte nicht geöffnet werden"
Ich bin mir 100% sicher das da hier noch an mein laptop noch was böses drinn steckt den das Systemstart hat sich auch verschlechtert

nach welche vorgang kann ich die probleme lösen ?
__________________
[Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz

Alt 25.02.2011, 10:34   #2
markusg
/// Malware-holic
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



bitte immer komplette fund meldungen posten.
also avira öffnen ereignisse, fundmeldungen posten.
falls es scan berichte mit funden gibt, unter avira reports, scan logs posten.

danach:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________

Alt 25.02.2011, 10:34   #3
xlexusx
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



Diese Meldung kommt nachdem ich das systemneustarte ImageShack® - Online Photo and Video Hosting

das System ist definitiv beschädigt aber wie es beschädigt ist weiß ich es nicht leider
__________________
__________________

Alt 25.02.2011, 10:37   #4
markusg
/// Malware-holic
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



nein ich will die meldungen als text.
und lies dann genau welche meldungen ich noch wollte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.02.2011, 22:51   #5
xlexusx
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



Hier das OTL EditorOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.02.2011 23:45:40 - Run 1
OTL by OldTimer - Version 3.2.21.0     Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,66 Gb Free Space | 86,30% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
PRC - [2010.12.10 18:28:22 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.12.09 09:06:36 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.13 12:56:32 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010.06.28 15:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.06.22 07:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.22 07:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.04.24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.04.24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 17:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2008.06.24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
MOD - [2011.01.04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.01.11 10:53:39 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.12.09 09:06:36 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.24 11:07:58 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.13 12:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.05.27 03:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.04.24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.12.17 14:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.11 14:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.12.09 11:17:47 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.12.08 11:53:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2010.12.05 09:23:24 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.08.02 16:09:46 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.07.09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.06.21 20:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.06.03 20:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.04.24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.04.24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.04.24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.04.24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.04.20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.13 11:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612109925l0454z145v47j22903
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612109925l0454z145v47j22903
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.3
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: stop-reload@design-noir.de:1.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?ie=UTF-8&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.02.10 11:27:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.20 19:13:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.12 23:10:56 | 000,000,000 | ---D | M]
 
[2010.10.12 15:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Extensions
[2011.02.25 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions
[2010.12.07 22:19:02 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.02.23 22:02:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011.02.10 20:19:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2011.01.08 11:33:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.12.24 01:09:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.01.26 06:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.12 15:12:58 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010.11.12 18:05:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.12.07 22:19:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.11.09 21:19:54 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\elemhidehelper@adblockplus.org
[2011.01.03 22:10:15 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\firegestures@xuldev.org
[2010.10.12 15:12:46 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\jyboy.yy@gmail.com
[2010.11.09 21:19:55 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\smarterwiki@wikiatic.com
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (Smart Stop/Reload) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\stop-reload@design-noir.de
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\translator@zoli.bod
[2011.02.22 01:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.06 23:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 00:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.10 11:27:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.22 00:14:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.25 02:53:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.25 23:44:16 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:14:55 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.25 23:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2011.02.25 23:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware
[2011.02.25 23:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2011.02.25 23:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haufe
[2011.02.25 22:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe
[2011.02.25 22:58:23 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:23 | 000,181,760 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:57:58 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.02.25 22:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011.02.25 22:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware
[2011.02.25 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Lexware
[2011.02.25 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Adobe
[2011.02.25 22:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011.02.25 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2011.02.25 21:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.02.25 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{EDE2EBB6-0BFC-491D-9E6E-D43627E994CD}
[2011.02.25 12:21:50 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\SoftGrid Client
[2011.02.25 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\eren\Documents\Nero Home
[2011.02.25 11:00:25 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Nero
[2011.02.25 10:25:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.02.25 10:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.25 10:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.25 10:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.25 10:16:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.25 10:14:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.25 10:14:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.25 02:53:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.02.25 01:34:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Nero
[2011.02.25 01:17:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{26A6F3DA-946C-435F-B80B-371EACEA3A92}
[2011.02.25 01:00:24 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Ahead
[2011.02.25 00:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011.02.25 00:52:22 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Nero_8_neu
[2011.02.24 23:51:49 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Windows Live Writer
[2011.02.24 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Diagnostics
[2011.02.24 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\EgisTec IPS
[2011.02.24 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Google
[2011.02.24 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\eren\Impostazioni locali
[2011.02.24 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.02.24 16:40:33 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Bewerbung als Einzelhandelskaufmann in ikea
[2011.02.23 10:57:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 10:57:36 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 10:57:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 10:57:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.22 00:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011.02.22 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.02.21 02:07:17 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\elsterformular
[2011.02.21 02:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.02.21 02:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2011.02.15 06:23:43 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.13 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.02.09 11:43:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.09 11:43:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.09 11:43:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.09 11:43:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.09 11:43:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.09 11:43:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.09 11:43:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.09 11:43:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.09 11:43:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.09 11:43:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.09 11:43:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.09 11:43:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.09 11:43:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.09 11:43:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.09 11:43:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.09 11:43:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.09 11:43:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.09 11:43:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.09 11:43:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.09 11:43:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.09 11:43:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.09 11:43:00 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.09 11:42:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.09 11:42:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.09 11:42:58 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.09 11:42:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.09 11:42:54 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.09 11:42:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.09 11:42:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.09 11:42:53 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.09 11:42:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.09 11:42:52 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.09 11:42:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.09 11:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.07 22:44:36 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2011.02.07 22:44:31 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys
[2011.02.05 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Generic UG_Acer_1.0_A_A
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.01.30 19:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011.01.30 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:40:15 | 000,076,834 | ---- | M] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 23:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.25 23:14:18 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:58:20 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:20 | 000,181,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:40:00 | 000,399,525 | ---- | M] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 22:10:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.25 22:10:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.25 22:02:57 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.25 22:02:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.25 22:02:28 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.25 21:21:07 | 381,786,452 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:55:07 | 002,612,534 | ---- | M] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 11:28:50 | 000,210,305 | ---- | M] () -- C:\Users\eren\Desktop\Profil kan nicht gefunden werden.PNG
[2011.02.25 11:00:25 | 000,001,024 | ---- | M] () -- C:\Users\eren\.rnd
[2011.02.25 11:00:22 | 000,007,867 | ---- | M] () -- C:\Windows\Irremote.ini
[2011.02.25 10:09:43 | 004,274,659 | R--- | M] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 02:53:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.02.25 00:59:51 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:51:39 | 200,371,185 | ---- | M] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.25 00:46:33 | 000,000,385 | ---- | M] () -- C:\Windows\wininit.ini
[2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 23:09:11 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2011.02.24 23:05:02 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | M] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.24 15:55:28 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.24 15:55:28 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.24 15:55:28 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.24 15:55:28 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.24 15:55:28 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.23 14:36:31 | 000,002,490 | ---- | M] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | M] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.14 09:33:08 | 000,276,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.02 23:38:52 | 000,451,939 | ---- | M] () -- C:\Users\eren\Desktop\4444.PNG
 
========== Files Created - No Company Name ==========
 
[2011.02.25 23:40:08 | 000,076,834 | ---- | C] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:14:18 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:31:30 | 000,399,525 | ---- | C] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 21:21:07 | 381,786,452 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:54:58 | 002,612,534 | ---- | C] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 11:28:50 | 000,210,305 | ---- | C] () -- C:\Users\eren\Desktop\Profil kan nicht gefunden werden.PNG
[2011.02.25 10:16:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.25 10:16:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.25 10:16:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.25 10:16:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.25 10:16:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.25 10:09:52 | 004,274,659 | R--- | C] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 00:59:51 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:58:36 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.25 00:58:28 | 000,001,024 | ---- | C] () -- C:\Users\eren\.rnd
[2011.02.25 00:25:48 | 200,371,185 | ---- | C] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.24 23:26:56 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | C] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.23 14:36:31 | 000,002,490 | ---- | C] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | C] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.15 06:23:46 | 000,001,058 | ---- | C] () -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2011.02.02 23:38:52 | 000,451,939 | ---- | C] () -- C:\Users\eren\Desktop\4444.PNG
[2010.12.07 17:24:26 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.06 19:30:51 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.13 12:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro
[2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite
[2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular
[2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON
[2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.25 23:14:55 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.25 16:41:18 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client
[2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak
[2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer
[2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall
[2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP
[2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client
[2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer
[2011.02.25 23:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 12:50:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7311BB85

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.02.2011 23:45:40 - Run 1
OTL by OldTimer - Version 3.2.21.0     Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,66 Gb Free Space | 86,30% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Scanner" = EPSON Scan
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Revo Uninstaller" = Revo Uninstaller 1.91
"SprayR" = SprayR 1.0 RC7b
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.02.2011 06:17:15 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: SSCORE.DLL,
 Version: 6.1.7600.16385, Zeitstempel: 0x4a5be092  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000000000000170d  ID des fehlerhaften Prozesses: 0x1e4  Startzeit der fehlerhaften
 Anwendung: 0x01cbc9d4b74b7460  Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\SSCORE.DLL  Berichtskennung: 18838011-35c8-11e0-bf1d-00ff01000001
 
Error - 13.02.2011 15:59:15 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1670    Startzeit:
 01cbcba6b3f6ed9c    Endzeit: 75    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 b7e88a74-37ab-11e0-9c43-88ae1d9948ab  
 
Error - 13.02.2011 16:02:24 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c2f29  Name des fehlerhaften Moduls: npdivx32.dll, Version: 1.5.0.52,
 Zeitstempel: 0x4a04abb0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067105  ID des fehlerhaften
 Prozesses: 0x145c  Startzeit der fehlerhaften Anwendung: 0x01cbcbb8ce3ec06a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
Berichtskennung:
 2c1ddc94-37ac-11e0-9c43-88ae1d9948ab
 
Error - 14.02.2011 07:17:07 | Computer Name = eren-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 17.02.2011 11:06:52 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0013257e  ID des fehlerhaften
 Prozesses: 0x13c8  Startzeit der fehlerhaften Anwendung: 0x01cbceae396fe9d7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires 
II\Empires2.Exe  Berichtskennung: 8cee0385-3aa7-11e0-ac96-88ae1d9948ab
 
Error - 18.02.2011 02:21:01 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7f0    Startzeit: 
01cbcf322c244817    Endzeit: 72    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
Error - 18.02.2011 07:52:30 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x13f4  Startzeit der fehlerhaften Anwendung: 0x01cbcf5fcaa6b6fd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 90121b49-3b55-11e0-b17c-88ae1d9948ab
 
Error - 18.02.2011 18:40:05 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00168bb0  ID des fehlerhaften
 Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01cbcfab8af1cfa0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires 
II\EMPIRES2.EXE  Berichtskennung: 076b91cd-3bb0-11e0-80cd-88ae1d9948ab
 
Error - 19.02.2011 20:08:52 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: cf0    Startzeit: 
01cbd0923d204fc4    Endzeit: 38    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
Error - 20.02.2011 14:40:39 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1494    Startzeit:
 01cbd12b2e8e8a5c    Endzeit: 68    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
[ System Events ]
Error - 08.01.2011 15:29:17 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 12.01.2011 04:48:09 | Computer Name = eren-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2011 08:16:26 | Computer Name = eren-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?01.?2011 um 13:14:53 unerwartet heruntergefahren.
 
Error - 13.01.2011 08:16:35 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 18.01.2011 07:12:16 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:18 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >
         
--- --- ---


Hier ist die 2. Log

__________________
[Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz

Alt 25.02.2011, 23:07   #6
xlexusx
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



Die Founds kan man leider nicht alle aufeinmal kopieren und einfügen kostet viel zeit gibt es kein befehl dafür oder ein stelle wo ich drücken muss damit sie alles kopieren tut ?

aber 5 davon werde ich hier reinposten


1.In der Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

2. In der Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

3.In der Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

4.Die Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49d17a84.qua' verschoben!

5.In der Datei 'C:\Users\eren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRDRITIO\jd9ifkqw9jf_ddttt29j[1].htm'
wurde ein Virus oder unerwünschtes Programm 'HTML/Revir.Gen' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern


So wen du sagst hier poste mir alle das kan ich das auch machen hab sie schonmal so reingefügt vielleicht kan man damit was anfangen.

Danke schonmal
__________________
--> Problem mit ein Trojaner TR/Crypt.XPACK.Gen3

Alt 25.02.2011, 23:53   #7
xlexusx
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 26. Februar 2011 00:00

Es wird nach 2433480 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : eren
Computername : EREN-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.611 Bytes 14.01.2011 13:28:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 09.12.2010 08:06:36
AVSCAN.DLL : 10.0.3.0 56168 Bytes 02.08.2010 15:09:45
LUKE.DLL : 10.0.3.2 104296 Bytes 09.12.2010 08:06:36
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:03:51
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 16:03:53
VBASE003.VDF : 7.11.3.1 2048 Bytes 09.02.2011 16:03:53
VBASE004.VDF : 7.11.3.2 2048 Bytes 09.02.2011 16:03:53
VBASE005.VDF : 7.11.3.3 2048 Bytes 09.02.2011 16:03:53
VBASE006.VDF : 7.11.3.4 2048 Bytes 09.02.2011 16:03:54
VBASE007.VDF : 7.11.3.5 2048 Bytes 09.02.2011 16:03:54
VBASE008.VDF : 7.11.3.6 2048 Bytes 09.02.2011 16:03:54
VBASE009.VDF : 7.11.3.7 2048 Bytes 09.02.2011 16:03:54
VBASE010.VDF : 7.11.3.8 2048 Bytes 09.02.2011 16:03:54
VBASE011.VDF : 7.11.3.9 2048 Bytes 09.02.2011 16:03:54
VBASE012.VDF : 7.11.3.10 2048 Bytes 09.02.2011 16:03:54
VBASE013.VDF : 7.11.3.59 157184 Bytes 14.02.2011 17:14:01
VBASE014.VDF : 7.11.3.97 120320 Bytes 16.02.2011 17:14:01
VBASE015.VDF : 7.11.3.148 128000 Bytes 19.02.2011 20:50:15
VBASE016.VDF : 7.11.3.183 140288 Bytes 22.02.2011 21:09:50
VBASE017.VDF : 7.11.3.216 124416 Bytes 24.02.2011 22:57:52
VBASE018.VDF : 7.11.3.217 2048 Bytes 24.02.2011 22:57:52
VBASE019.VDF : 7.11.3.218 2048 Bytes 24.02.2011 22:57:52
VBASE020.VDF : 7.11.3.219 2048 Bytes 24.02.2011 22:57:52
VBASE021.VDF : 7.11.3.220 2048 Bytes 24.02.2011 22:57:52
VBASE022.VDF : 7.11.3.221 2048 Bytes 24.02.2011 22:57:52
VBASE023.VDF : 7.11.3.222 2048 Bytes 24.02.2011 22:57:52
VBASE024.VDF : 7.11.3.223 2048 Bytes 24.02.2011 22:57:52
VBASE025.VDF : 7.11.3.224 2048 Bytes 24.02.2011 22:57:52
VBASE026.VDF : 7.11.3.225 2048 Bytes 24.02.2011 22:57:52
VBASE027.VDF : 7.11.3.226 2048 Bytes 24.02.2011 22:57:52
VBASE028.VDF : 7.11.3.227 2048 Bytes 24.02.2011 22:57:52
VBASE029.VDF : 7.11.3.228 2048 Bytes 24.02.2011 22:57:52
VBASE030.VDF : 7.11.3.229 2048 Bytes 24.02.2011 22:57:52
VBASE031.VDF : 7.11.3.230 2048 Bytes 24.02.2011 22:57:52
Engineversion : 8.2.4.176
AEVDF.DLL : 8.1.2.1 106868 Bytes 02.08.2010 15:09:30
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 24.02.2011 22:57:55
AESCN.DLL : 8.1.7.2 127349 Bytes 05.12.2010 08:23:23
AESBX.DLL : 8.1.3.2 254324 Bytes 05.12.2010 08:23:24
AERDL.DLL : 8.1.9.2 635252 Bytes 05.12.2010 08:23:23
AEPACK.DLL : 8.2.4.10 520567 Bytes 24.02.2011 22:57:55
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 01.02.2011 10:41:33
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 24.02.2011 22:57:54
AEHELP.DLL : 8.1.16.1 246134 Bytes 04.02.2011 11:30:11
AEGEN.DLL : 8.1.5.2 397683 Bytes 21.01.2011 15:48:50
AEEMU.DLL : 8.1.3.0 393589 Bytes 05.12.2010 08:23:21
AECORE.DLL : 8.1.19.2 196983 Bytes 21.01.2011 15:48:50
AEBB.DLL : 8.1.1.0 53618 Bytes 02.08.2010 15:09:25
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02.08.2010 15:09:33
AVPREF.DLL : 10.0.0.0 44904 Bytes 02.08.2010 15:09:33
AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 14:26:53
AVREG.DLL : 10.0.3.2 53096 Bytes 02.08.2010 15:09:33
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 09.12.2010 08:06:36
AVARKT.DLL : 10.0.22.6 231784 Bytes 09.12.2010 08:06:36
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02.08.2010 15:09:32
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 14:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02.08.2010 15:09:33
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 14:27:01
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 02.08.2010 15:09:45

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Samstag, 26. Februar 2011 00:00

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeVirt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PmmUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexStoreSvr.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '136' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\Users\eren\Downloads\Steuer.Spar.Erklaerung.2011.German-RESTORE.7z.001.part
[WARNUNG] Die Datei konnte nicht gelesen werden!
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert


Ende des Suchlaufs: Samstag, 26. Februar 2011 00:53
Benötigte Zeit: 52:30 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

20415 Verzeichnisse wurden überprüft
384259 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
384259 Dateien ohne Befall
5295 Archive wurden durchsucht
1 Warnungen
0 Hinweise
__________________
[Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz

Alt 26.02.2011, 09:53   #8
markusg
/// Malware-holic
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



so da das mit dem lesen anscheinend wohl immernoch nicht klappt, üben wir das gleich noch mal.
führe otl aus wie beschrieben.
steht ja eindeutig da was zu tun ist.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2011, 13:21   #9
xlexusx
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



Ops sorry ich habe das mit Texbox vergessen aber bin grad dabei.
poste sofort wen es abgeschlossen ist.
__________________
[Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz

Alt 26.02.2011, 13:37   #10
xlexusx
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



Hallo ich bins nochmal,OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.02.2011 14:20:38 - Run 2
OTL by OldTimer - Version 3.2.21.0     Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Scanner" = EPSON Scan
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Revo Uninstaller" = Revo Uninstaller 1.91
"SprayR" = SprayR 1.0 RC7b
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2011 16:02:24 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c2f29  Name des fehlerhaften Moduls: npdivx32.dll, Version: 1.5.0.52,
 Zeitstempel: 0x4a04abb0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067105  ID des fehlerhaften
 Prozesses: 0x145c  Startzeit der fehlerhaften Anwendung: 0x01cbcbb8ce3ec06a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
Berichtskennung:
 2c1ddc94-37ac-11e0-9c43-88ae1d9948ab
 
Error - 14.02.2011 07:17:07 | Computer Name = eren-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 17.02.2011 11:06:52 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0013257e  ID des fehlerhaften
 Prozesses: 0x13c8  Startzeit der fehlerhaften Anwendung: 0x01cbceae396fe9d7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires 
II\Empires2.Exe  Berichtskennung: 8cee0385-3aa7-11e0-ac96-88ae1d9948ab
 
Error - 18.02.2011 02:21:01 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7f0    Startzeit: 
01cbcf322c244817    Endzeit: 72    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
Error - 18.02.2011 07:52:30 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x13f4  Startzeit der fehlerhaften Anwendung: 0x01cbcf5fcaa6b6fd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 90121b49-3b55-11e0-b17c-88ae1d9948ab
 
Error - 18.02.2011 18:40:05 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00168bb0  ID des fehlerhaften
 Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01cbcfab8af1cfa0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires 
II\EMPIRES2.EXE  Berichtskennung: 076b91cd-3bb0-11e0-80cd-88ae1d9948ab
 
Error - 19.02.2011 20:08:52 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: cf0    Startzeit: 
01cbd0923d204fc4    Endzeit: 38    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
Error - 20.02.2011 14:40:39 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1494    Startzeit:
 01cbd12b2e8e8a5c    Endzeit: 68    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
Error - 24.02.2011 18:21:21 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4c1b553a  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x1674  Startzeit der fehlerhaften Anwendung: 0x01cbd4710630fe08  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 68269c25-4064-11e0-895a-88ae1d9948ab
 
Error - 24.02.2011 18:22:01 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4c1b553a  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x638  Startzeit der fehlerhaften Anwendung: 0x01cbd47133f8ded4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 7fc42eca-4064-11e0-895a-88ae1d9948ab
 
[ System Events ]
Error - 08.01.2011 15:29:17 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 12.01.2011 04:48:09 | Computer Name = eren-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2011 08:16:26 | Computer Name = eren-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?01.?2011 um 13:14:53 unerwartet heruntergefahren.
 
Error - 13.01.2011 08:16:35 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 18.01.2011 07:12:16 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:18 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.02.2011 14:20:38 - Run 2
OTL by OldTimer - Version 3.2.21.0     Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.3
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: stop-reload@design-noir.de:1.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?ie=UTF-8&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.02.10 11:27:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.20 19:13:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.12 23:10:56 | 000,000,000 | ---D | M]
 
[2010.10.12 15:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Extensions
[2011.02.25 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions
[2010.12.07 22:19:02 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.02.23 22:02:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011.02.10 20:19:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2011.01.08 11:33:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.12.24 01:09:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.01.26 06:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.12 15:12:58 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010.11.12 18:05:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.12.07 22:19:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.11.09 21:19:54 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\elemhidehelper@adblockplus.org
[2011.01.03 22:10:15 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\firegestures@xuldev.org
[2010.10.12 15:12:46 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\jyboy.yy@gmail.com
[2010.11.09 21:19:55 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\smarterwiki@wikiatic.com
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (Smart Stop/Reload) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\stop-reload@design-noir.de
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\translator@zoli.bod
[2011.02.22 01:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.06 23:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 00:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.10 11:27:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.22 00:14:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.25 02:53:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EPSON BX300F Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIEJE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {324EF666-6162-EB7C-CCD9-902E7CAFF8A8} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A1555D05-7B30-E6D9-A36F-989C041808E7} - Internet Explorer
ActiveX: {BE610BFB-BAC9-D822-8375-CEF48B492AAD} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.26 09:06:11 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{FC480404-759B-4582-8CD2-C9B0A8E1BD49}
[2011.02.25 23:44:16 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:14:55 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.25 23:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2011.02.25 23:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware
[2011.02.25 23:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2011.02.25 23:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haufe
[2011.02.25 22:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe
[2011.02.25 22:58:23 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:23 | 000,181,760 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:57:58 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.02.25 22:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011.02.25 22:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware
[2011.02.25 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Lexware
[2011.02.25 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Adobe
[2011.02.25 22:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011.02.25 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2011.02.25 21:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.02.25 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{EDE2EBB6-0BFC-491D-9E6E-D43627E994CD}
[2011.02.25 12:21:50 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\SoftGrid Client
[2011.02.25 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\eren\Documents\Nero Home
[2011.02.25 11:00:25 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Nero
[2011.02.25 10:25:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.02.25 10:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.25 10:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.25 10:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.25 10:16:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.25 10:14:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.25 10:14:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.25 02:53:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.02.25 01:34:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Nero
[2011.02.25 01:17:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{26A6F3DA-946C-435F-B80B-371EACEA3A92}
[2011.02.25 01:00:24 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Ahead
[2011.02.25 00:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011.02.25 00:52:22 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Nero_8_neu
[2011.02.24 23:51:49 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Windows Live Writer
[2011.02.24 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Diagnostics
[2011.02.24 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\EgisTec IPS
[2011.02.24 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Google
[2011.02.24 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\eren\Impostazioni locali
[2011.02.24 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.02.24 16:40:33 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Bewerbung als Einzelhandelskaufmann in ikea
[2011.02.23 10:57:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 10:57:36 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 10:57:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 10:57:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.22 00:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011.02.22 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.02.21 02:07:17 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\elsterformular
[2011.02.21 02:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.02.21 02:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2011.02.15 06:23:43 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.13 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.02.09 11:43:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.09 11:43:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.09 11:43:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.09 11:43:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.09 11:43:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.09 11:43:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.09 11:43:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.09 11:43:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.09 11:43:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.09 11:43:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.09 11:43:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.09 11:43:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.09 11:43:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.09 11:43:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.09 11:43:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.09 11:43:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.09 11:43:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.09 11:43:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.09 11:43:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.09 11:43:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.09 11:43:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.09 11:43:00 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.09 11:42:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.09 11:42:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.09 11:42:58 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.09 11:42:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.09 11:42:54 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.09 11:42:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.09 11:42:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.09 11:42:53 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.09 11:42:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.09 11:42:52 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.09 11:42:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.09 11:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.07 22:44:36 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2011.02.07 22:44:31 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys
[2011.02.05 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Generic UG_Acer_1.0_A_A
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.01.30 19:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011.01.30 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.26 14:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.26 14:15:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.26 14:15:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.26 14:14:59 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:40:15 | 000,076,834 | ---- | M] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:14:18 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:58:20 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:20 | 000,181,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:40:00 | 000,399,525 | ---- | M] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 21:21:07 | 381,786,452 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:55:07 | 002,612,534 | ---- | M] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 11:00:25 | 000,001,024 | ---- | M] () -- C:\Users\eren\.rnd
[2011.02.25 11:00:22 | 000,007,867 | ---- | M] () -- C:\Windows\Irremote.ini
[2011.02.25 10:09:43 | 004,274,659 | R--- | M] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 02:53:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.02.25 00:59:51 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:51:39 | 200,371,185 | ---- | M] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.25 00:46:33 | 000,000,385 | ---- | M] () -- C:\Windows\wininit.ini
[2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 23:09:11 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2011.02.24 23:05:02 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | M] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.24 15:55:28 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.24 15:55:28 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.24 15:55:28 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.24 15:55:28 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.24 15:55:28 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.23 14:36:31 | 000,002,490 | ---- | M] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | M] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.14 09:33:08 | 000,276,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.02 23:38:52 | 000,451,939 | ---- | M] () -- C:\Users\eren\Desktop\4444.PNG
 
========== Files Created - No Company Name ==========
 
[2011.02.25 23:40:08 | 000,076,834 | ---- | C] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:14:18 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:31:30 | 000,399,525 | ---- | C] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 21:21:07 | 381,786,452 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:54:58 | 002,612,534 | ---- | C] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 10:16:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.25 10:16:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.25 10:16:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.25 10:16:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.25 10:16:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.25 10:09:52 | 004,274,659 | R--- | C] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 00:59:51 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:58:36 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.25 00:58:28 | 000,001,024 | ---- | C] () -- C:\Users\eren\.rnd
[2011.02.25 00:25:48 | 200,371,185 | ---- | C] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.24 23:26:56 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | C] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.23 14:36:31 | 000,002,490 | ---- | C] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | C] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.15 06:23:46 | 000,001,058 | ---- | C] () -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2011.02.02 23:38:52 | 000,451,939 | ---- | C] () -- C:\Users\eren\Desktop\4444.PNG
[2010.12.07 17:24:26 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.06 19:30:51 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.13 12:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro
[2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite
[2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular
[2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON
[2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client
[2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak
[2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer
[2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall
[2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP
[2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client
[2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer
[2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 12:50:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.06 22:12:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Adobe
[2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro
[2010.12.05 09:24:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Avira
[2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite
[2010.12.14 08:59:28 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DivX
[2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular
[2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON
[2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger
[2010.12.05 01:54:27 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Google
[2010.12.05 01:34:01 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Identities
[2010.12.05 01:34:42 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Intel Corporation
[2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware
[2010.12.05 01:34:30 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Macromedia
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Media Center Programs
[2011.02.24 16:45:33 | 000,000,000 | --SD | M] -- C:\Users\eren\AppData\Roaming\Microsoft
[2010.10.12 15:12:45 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Mozilla
[2011.02.25 01:34:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Nero
[2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client
[2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak
[2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer
[2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall
[2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP
[2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client
[2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer
[2010.12.09 10:50:19 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.01.28 01:43:22 | 001,257,184 | ---- | M] (GameRanger Technologies) -- C:\Users\eren\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
[2010.12.09 10:50:27 | 000,016,384 | ---- | M] () -- C:\Users\eren\AppData\Roaming\Thinstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\SKEL\27b3fd671cb277ea9c2f48308c7d4839f58bcc5b.Console.EXE
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.04.13 02:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010.04.13 02:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_20285Z.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7311BB85

< End of report >
         
--- --- ---
__________________
[Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz

Alt 26.02.2011, 13:37   #11
xlexusx
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



Hallo ich bins nochmal,OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.02.2011 14:20:38 - Run 2
OTL by OldTimer - Version 3.2.21.0     Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Scanner" = EPSON Scan
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Revo Uninstaller" = Revo Uninstaller 1.91
"SprayR" = SprayR 1.0 RC7b
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2011 16:02:24 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c2f29  Name des fehlerhaften Moduls: npdivx32.dll, Version: 1.5.0.52,
 Zeitstempel: 0x4a04abb0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067105  ID des fehlerhaften
 Prozesses: 0x145c  Startzeit der fehlerhaften Anwendung: 0x01cbcbb8ce3ec06a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
Berichtskennung:
 2c1ddc94-37ac-11e0-9c43-88ae1d9948ab
 
Error - 14.02.2011 07:17:07 | Computer Name = eren-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 17.02.2011 11:06:52 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0013257e  ID des fehlerhaften
 Prozesses: 0x13c8  Startzeit der fehlerhaften Anwendung: 0x01cbceae396fe9d7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires 
II\Empires2.Exe  Berichtskennung: 8cee0385-3aa7-11e0-ac96-88ae1d9948ab
 
Error - 18.02.2011 02:21:01 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7f0    Startzeit: 
01cbcf322c244817    Endzeit: 72    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
Error - 18.02.2011 07:52:30 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x13f4  Startzeit der fehlerhaften Anwendung: 0x01cbcf5fcaa6b6fd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 90121b49-3b55-11e0-b17c-88ae1d9948ab
 
Error - 18.02.2011 18:40:05 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00168bb0  ID des fehlerhaften
 Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01cbcfab8af1cfa0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires 
II\EMPIRES2.EXE  Berichtskennung: 076b91cd-3bb0-11e0-80cd-88ae1d9948ab
 
Error - 19.02.2011 20:08:52 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: cf0    Startzeit: 
01cbd0923d204fc4    Endzeit: 38    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
Error - 20.02.2011 14:40:39 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1494    Startzeit:
 01cbd12b2e8e8a5c    Endzeit: 68    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID:   
 
Error - 24.02.2011 18:21:21 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4c1b553a  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x1674  Startzeit der fehlerhaften Anwendung: 0x01cbd4710630fe08  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 68269c25-4064-11e0-895a-88ae1d9948ab
 
Error - 24.02.2011 18:22:01 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4c1b553a  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x638  Startzeit der fehlerhaften Anwendung: 0x01cbd47133f8ded4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 7fc42eca-4064-11e0-895a-88ae1d9948ab
 
[ System Events ]
Error - 08.01.2011 15:29:17 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 12.01.2011 04:48:09 | Computer Name = eren-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.01.2011 08:16:26 | Computer Name = eren-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?01.?2011 um 13:14:53 unerwartet heruntergefahren.
 
Error - 13.01.2011 08:16:35 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 18.01.2011 07:12:16 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:18 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.02.2011 14:20:38 - Run 2
OTL by OldTimer - Version 3.2.21.0     Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.3
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: stop-reload@design-noir.de:1.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?ie=UTF-8&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.02.10 11:27:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.20 19:13:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.12 23:10:56 | 000,000,000 | ---D | M]
 
[2010.10.12 15:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Extensions
[2011.02.25 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions
[2010.12.07 22:19:02 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.02.23 22:02:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011.02.10 20:19:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2011.01.08 11:33:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.12.24 01:09:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.01.26 06:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.12 15:12:58 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010.11.12 18:05:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.12.07 22:19:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.11.09 21:19:54 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\elemhidehelper@adblockplus.org
[2011.01.03 22:10:15 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\firegestures@xuldev.org
[2010.10.12 15:12:46 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\jyboy.yy@gmail.com
[2010.11.09 21:19:55 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\smarterwiki@wikiatic.com
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (Smart Stop/Reload) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\stop-reload@design-noir.de
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\translator@zoli.bod
[2011.02.22 01:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.06 23:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 00:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.10 11:27:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.22 00:14:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.25 02:53:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EPSON BX300F Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIEJE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {324EF666-6162-EB7C-CCD9-902E7CAFF8A8} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A1555D05-7B30-E6D9-A36F-989C041808E7} - Internet Explorer
ActiveX: {BE610BFB-BAC9-D822-8375-CEF48B492AAD} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.26 09:06:11 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{FC480404-759B-4582-8CD2-C9B0A8E1BD49}
[2011.02.25 23:44:16 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:14:55 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.25 23:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2011.02.25 23:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware
[2011.02.25 23:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2011.02.25 23:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haufe
[2011.02.25 22:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe
[2011.02.25 22:58:23 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:23 | 000,181,760 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:57:58 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.02.25 22:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011.02.25 22:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware
[2011.02.25 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Lexware
[2011.02.25 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Adobe
[2011.02.25 22:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011.02.25 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2011.02.25 21:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.02.25 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{EDE2EBB6-0BFC-491D-9E6E-D43627E994CD}
[2011.02.25 12:21:50 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\SoftGrid Client
[2011.02.25 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\eren\Documents\Nero Home
[2011.02.25 11:00:25 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Nero
[2011.02.25 10:25:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.02.25 10:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.25 10:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.25 10:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.25 10:16:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.25 10:14:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.25 10:14:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.25 02:53:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.02.25 01:34:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Nero
[2011.02.25 01:17:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{26A6F3DA-946C-435F-B80B-371EACEA3A92}
[2011.02.25 01:00:24 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Ahead
[2011.02.25 00:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011.02.25 00:52:22 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Nero_8_neu
[2011.02.24 23:51:49 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Windows Live Writer
[2011.02.24 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Diagnostics
[2011.02.24 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\EgisTec IPS
[2011.02.24 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Google
[2011.02.24 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\eren\Impostazioni locali
[2011.02.24 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.02.24 16:40:33 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Bewerbung als Einzelhandelskaufmann in ikea
[2011.02.23 10:57:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 10:57:36 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 10:57:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 10:57:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.22 00:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011.02.22 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.02.21 02:07:17 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\elsterformular
[2011.02.21 02:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.02.21 02:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2011.02.15 06:23:43 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.13 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.02.09 11:43:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.09 11:43:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.09 11:43:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.09 11:43:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.09 11:43:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.09 11:43:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.09 11:43:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.09 11:43:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.09 11:43:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.09 11:43:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.09 11:43:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.09 11:43:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.09 11:43:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.09 11:43:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.09 11:43:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.09 11:43:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.09 11:43:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.09 11:43:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.09 11:43:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.09 11:43:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.09 11:43:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.09 11:43:00 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.09 11:42:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.09 11:42:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.09 11:42:58 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.09 11:42:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.09 11:42:54 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.09 11:42:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.09 11:42:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.09 11:42:53 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.09 11:42:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.09 11:42:52 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.09 11:42:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.09 11:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.07 22:44:36 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2011.02.07 22:44:31 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys
[2011.02.05 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Generic UG_Acer_1.0_A_A
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.01.30 19:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011.01.30 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.26 14:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.26 14:15:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.26 14:15:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.26 14:14:59 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:40:15 | 000,076,834 | ---- | M] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:14:18 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:58:20 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:20 | 000,181,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:40:00 | 000,399,525 | ---- | M] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 21:21:07 | 381,786,452 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:55:07 | 002,612,534 | ---- | M] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 11:00:25 | 000,001,024 | ---- | M] () -- C:\Users\eren\.rnd
[2011.02.25 11:00:22 | 000,007,867 | ---- | M] () -- C:\Windows\Irremote.ini
[2011.02.25 10:09:43 | 004,274,659 | R--- | M] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 02:53:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.02.25 00:59:51 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:51:39 | 200,371,185 | ---- | M] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.25 00:46:33 | 000,000,385 | ---- | M] () -- C:\Windows\wininit.ini
[2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 23:09:11 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2011.02.24 23:05:02 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | M] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.24 15:55:28 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.24 15:55:28 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.24 15:55:28 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.24 15:55:28 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.24 15:55:28 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.23 14:36:31 | 000,002,490 | ---- | M] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | M] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.14 09:33:08 | 000,276,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.02 23:38:52 | 000,451,939 | ---- | M] () -- C:\Users\eren\Desktop\4444.PNG
 
========== Files Created - No Company Name ==========
 
[2011.02.25 23:40:08 | 000,076,834 | ---- | C] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:14:18 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:31:30 | 000,399,525 | ---- | C] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 21:21:07 | 381,786,452 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:54:58 | 002,612,534 | ---- | C] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 10:16:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.25 10:16:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.25 10:16:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.25 10:16:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.25 10:16:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.25 10:09:52 | 004,274,659 | R--- | C] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 00:59:51 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:58:36 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.25 00:58:28 | 000,001,024 | ---- | C] () -- C:\Users\eren\.rnd
[2011.02.25 00:25:48 | 200,371,185 | ---- | C] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.24 23:26:56 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | C] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.23 14:36:31 | 000,002,490 | ---- | C] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | C] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.15 06:23:46 | 000,001,058 | ---- | C] () -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2011.02.02 23:38:52 | 000,451,939 | ---- | C] () -- C:\Users\eren\Desktop\4444.PNG
[2010.12.07 17:24:26 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.06 19:30:51 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.13 12:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro
[2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite
[2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular
[2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON
[2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client
[2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak
[2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer
[2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall
[2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP
[2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client
[2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer
[2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 12:50:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.06 22:12:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Adobe
[2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro
[2010.12.05 09:24:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Avira
[2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite
[2010.12.14 08:59:28 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DivX
[2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular
[2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON
[2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger
[2010.12.05 01:54:27 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Google
[2010.12.05 01:34:01 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Identities
[2010.12.05 01:34:42 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Intel Corporation
[2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware
[2010.12.05 01:34:30 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Macromedia
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Media Center Programs
[2011.02.24 16:45:33 | 000,000,000 | --SD | M] -- C:\Users\eren\AppData\Roaming\Microsoft
[2010.10.12 15:12:45 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Mozilla
[2011.02.25 01:34:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Nero
[2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client
[2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak
[2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer
[2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall
[2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP
[2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client
[2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer
[2010.12.09 10:50:19 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.01.28 01:43:22 | 001,257,184 | ---- | M] (GameRanger Technologies) -- C:\Users\eren\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
[2010.12.09 10:50:27 | 000,016,384 | ---- | M] () -- C:\Users\eren\AppData\Roaming\Thinstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\SKEL\27b3fd671cb277ea9c2f48308c7d4839f58bcc5b.Console.EXE
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.04.13 02:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010.04.13 02:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_20285Z.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7311BB85

< End of report >
         
--- --- ---
__________________
[Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz

Alt 26.02.2011, 13:58   #12
markusg
/// Malware-holic
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



wunderbar.

download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2011, 14:18   #13
xlexusx
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



du sagtest eben wunderbar darf vielleicht auch wissen was eigentlich passiert ist ?

*alderdings mach ich das mit Malwarebytes komme gleich cucu"
__________________
[Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz

Alt 26.02.2011, 14:35   #14
markusg
/// Malware-holic
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



ich meinte wunderbar das es mit dem log geklappt hatt
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.02.2011, 14:56   #15
xlexusx
 
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Standard

Problem mit ein Trojaner TR/Crypt.XPACK.Gen3



Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5883

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.02.2011 15:56:18
mbam-log-2011-02-26 (15-56-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 281527
Laufzeit: 35 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und entfernt.
__________________
[Acer - Aspire,5742G] -> Arbeitspeicher 4,00 GB -> Systemtyp 64Bit-Betriebssystem -> Prozessor Intel (R) Core (TM) i3 CPU M370 @ 2.40 GHz 2.40 GHz

Antwort

Themen zu Problem mit ein Trojaner TR/Crypt.XPACK.Gen3
100%, antivir, antvir, ausgeführt, böses, erschein, gefunde, html/revir.gen, jedesmal, konnte, laptop, meldung, problem, spybot, systems, systemstart, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen3, tr/pirminay.clx, trojan.fakealert, trojaner, trojaner tr/crypt.xpack.gen, virus, virus meldung, vorgang



Ähnliche Themen: Problem mit ein Trojaner TR/Crypt.XPACK.Gen3


  1. Trojaner tr/crypt.xpack.gen3, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (13)
  2. Trojaner tr/crypt.xpack.gen3, Windows Vista
    Alles rund um Windows - 16.06.2015 (1)
  3. Trojaner TR/Crypt.XPACK.Gen3 auf meinem Computer
    Log-Analyse und Auswertung - 08.09.2014 (8)
  4. TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 14.06.2014 (13)
  5. Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen?
    Log-Analyse und Auswertung - 18.06.2013 (78)
  6. TR/Crypt.XPACK.Gen3 - Trojaner - DSL viel zu langsam
    Log-Analyse und Auswertung - 17.06.2013 (19)
  7. TR/Crypt.XPACK.Gen3 Trojaner
    Log-Analyse und Auswertung - 13.12.2011 (10)
  8. Problem mit TR/Crypt.XPack.Gen3
    Plagegeister aller Art und deren Bekämpfung - 04.11.2011 (45)
  9. TR/Crypt.XPACK.Gen3 Trojaner gefunden!
    Log-Analyse und Auswertung - 26.06.2011 (1)
  10. Trojaner TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (3)
  11. Trojaner TR/Crypt.XPACK.Gen3
    Log-Analyse und Auswertung - 09.06.2011 (17)
  12. Problem mit TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 16.11.2010 (17)
  13. Virus + Trojaner ( TR/Crypt.XPACK.Gen3 ?)
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (0)
  14. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  15. Problem mit TR/Crypt.XPACK.Gen3 auf Windows-XP !
    Plagegeister aller Art und deren Bekämpfung - 07.10.2010 (14)
  16. hi bin neu und hab dieses problem tr/crypt.Xpack.Gen3
    Plagegeister aller Art und deren Bekämpfung - 28.09.2010 (1)
  17. hi bin neu und hab dieses problem tr/crypt.Xpack.Gen3
    Plagegeister aller Art und deren Bekämpfung - 28.09.2010 (1)

Zum Thema Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 - Mein Antivir zeigt ständig an, dass ein Trojaner namens TR/Crypt.XPACK.Gen3 gefunden wurde. Er wird dann jedes Mal von mir in Quaratäne geschoben , nachdem ich einige Antvir,Spybot, CC ausgeführt habe - Problem mit ein Trojaner TR/Crypt.XPACK.Gen3...
Archiv
Du betrachtest: Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.