Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen3

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.03.2011, 00:25   #1
Kay K.
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Moin Moin....

Habe auch ein Problem mit "TR/Crypt.XPACK.Gen3" mein Avira zeigt mir an das auch ich mir was eingefangen habe.

Kenn mich nicht so aus, aber habe mir mal die Zeit genommen und bisschen im Forum gelesen und gemerkt, hier bist du richtig

Ich habe schon das Malwarebytes Prog. und OLT Sys. Scan durchgeführt... man ich habe Kopfschmerzen

Hier die Meldung von Avira:

Die Datei 'C:\Users\Kay\AppData\Local\Temp\jkkheb.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48a8011d.qua' verschoben!

Hier die OLT Files:

OTL Extras logfile created on: 11.03.2011 23:45:51 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kay\Videos
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,19 Gb Total Space | 39,69 Gb Free Space | 36,35% Space Free | Partition Type: NTFS
Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS

Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1283713252-3167488077-3547314567-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0997051B-6242-4D29-8087-5DE5D075D267}" = rport=138 | protocol=17 | dir=out | app=system |
"{1F7B12D1-2CEB-4DC2-931D-A3E7F969BF48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{281568E5-2B01-4292-9E90-6ABE1DA3008A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2936B9F2-6421-45C4-A2CC-423CA8420590}" = lport=137 | protocol=17 | dir=in | app=system |
"{33772836-517D-4C04-A1D9-81C6D773F48F}" = rport=445 | protocol=6 | dir=out | app=system |
"{579C7702-C5DD-4454-A537-1487F4A4AD75}" = rport=139 | protocol=6 | dir=out | app=system |
"{674606E0-CF3B-4DFD-A5AC-FA49588B3A37}" = lport=138 | protocol=17 | dir=in | app=system |
"{6E27FB57-4D8E-4B6A-BEB8-BAAFA428F0C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7497BCA1-589A-438C-AD93-1726D6CFC71D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7CD0DB40-B06A-427F-9E77-CD0E5A052D3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FAA178D-98F8-4910-8B86-8B92368C78DD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{80943857-A802-4F43-9A43-CFCF35C9621E}" = lport=139 | protocol=6 | dir=in | app=system |
"{828057CE-05FE-42DE-99B1-A96A879BC26A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E23D99D-25F3-4C45-8D82-F1B60B95CC73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{962676DB-4B5D-4BAF-844F-90C254A79203}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D75D204-0005-41E5-B9E1-DA18EBC382D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B5601ACB-7977-4DFE-8695-DE1911492995}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C32ECFAE-0DD2-4A0C-A69D-A27DE246CC42}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C91111C3-92BD-4F84-B5E6-0544C8692E18}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CF8B5008-0900-4406-905B-B5C8BB9F82E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{F718E3FC-4D29-438E-B26E-2322440440E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F7E598CD-6538-4EA2-85F9-45D48F7562F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEDAE504-4D07-42E6-88FB-CE7581B42F99}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EE51B8-A735-4E6E-9F4D-B139B342B798}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{072723F4-9127-4452-8360-4BFEFF2DFF33}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{116A830A-D020-4D63-B666-D1E564510058}" = protocol=6 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe |
"{128D4230-8DC2-4758-8D6C-E85215EC84B6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{20098CB2-6EC4-4B2E-B1D6-296FE7D83060}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2AAB555C-9A68-4E69-AEC2-A96E2BB60D0F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3014177A-3449-47A0-BCCF-0D0592514ECF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{34DF5A76-F01E-4F0A-B29D-894DFF8A1A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37D1BFB5-86B2-4CBB-9919-BFC568051CF8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3DC450DA-B9FA-4764-B2EA-F55A95223A0E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3E14BB6E-3682-417F-84BF-E806DB3E1A44}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3FA88C91-F072-4FBC-B5EC-3B2DBD1FA7AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3FCB5AE7-09D0-4A8F-9E10-538F1E57BBAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4146681E-11E0-4177-8212-2D73E4A60A1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4491238A-3850-4FE0-8AB5-A098B19D43F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48837EC7-9128-417D-8130-D15FF6B97C40}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{56AB5851-47F2-4EAD-9B8B-F92A975109D7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5708650B-93B2-4EBB-A746-A511646E7818}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5A1B7D1F-95AD-46CD-AF7F-62399525E4CF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5B9F157B-FE41-420C-ACC4-80D0CA7EDAA8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5DD128C5-72CB-4214-BDAC-4A7569D0CBC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5EAAF6FC-E1A4-4CBD-82F6-E2BEE7ED9B64}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5F0D5E1E-CD2C-4FFF-AFFA-9A6E4AE20260}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6F1D632C-C842-4BCC-98DC-7B3BB698DFA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{82DAD9D6-4EBA-473E-8A68-BE7E19E0ED09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8AC253EF-2477-4127-B1E0-E91FB3B29919}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B63EF71-4AC9-4DC5-87DC-0FE02FC11B43}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{8BDD2911-7D6C-4B6E-A0B3-605AA6A12CCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C506EF2-2387-43E4-B91C-4D614776CF9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CBAF7FB-23BD-40E4-BF66-D4A94726DEA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9FCC3E62-7102-4CCA-A40B-A8A6FAC5C9E6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{A19FFC8F-3498-4565-BB75-7848280F52E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{A8A13160-70AE-446D-ACC9-500865B17514}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{AA018E60-B4E0-4056-A4CA-C0A2A7D7A8D0}" = protocol=17 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe |
"{B2129303-F439-43B7-A898-1DB92BFE13B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{C1537E89-F7BA-48BB-99AD-86A97C178555}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C308FE1E-F736-4D68-828C-47ADF5D2EC10}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C542A1B6-70ED-4EF4-8FC2-8EC1083083C6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{CC01D276-ABE9-4B32-A963-F2A809A4EBCB}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{CF8DFE59-ED84-4915-B625-A303B7DAFF8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D2F57522-ABB8-4CCD-92B4-9991D47ED470}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D634A6D0-087F-4BD0-A3C4-151AF8C01FCD}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{DBA9BC6D-4637-4393-8DE1-BD9CDA217E72}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{E0DCBF8A-8EE2-4454-949E-B9B8F5A955D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E2319906-F246-4CEE-966E-B00F6046F30C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{E2C30BB0-AF80-4AF1-A36F-717AB2FAE6E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2D217DF-0F16-4ABC-935D-38611FDF23BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3217537-631B-4280-80C0-678DBE62A61F}" = protocol=6 | dir=out | app=system |
"{FB7D267C-705E-4419-AC69-CAFCA109CFAF}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{4CCBEF83-A1BE-4B0E-AF1D-A77F065F3140}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{ED032D03-25AD-452A-A4FE-CC62129AEA71}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{235E349C-74FB-488D-933A-35311ACEAC81}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{BD7EDC30-EFBA-4D8B-8988-EB8E3E8E07C3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McDonald's Fairies " = McDonald's Fairies
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 6.0" = RealPlayer
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.4.7.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289
Description =

Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289
Description =

Error - 11.03.2011 16:54:54 | Computer Name = Kay-PC | Source = VSS | ID = 12289
Description =

Error - 11.03.2011 16:57:32 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 11.03.2011 16:57:33 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 57908

Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 57908

Error - 11.03.2011 18:36:57 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11.03.2011 09:33:54 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.03.2011 09:33:59 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.03.2011 09:34:18 | Computer Name = Kay-PC | Source = bowser | ID = 8003
Description =

Error - 11.03.2011 16:33:12 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.03.2011 16:33:22 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.03.2011 16:33:39 | Computer Name = Kay-PC | Source = bowser | ID = 8003
Description =

Error - 11.03.2011 16:57:36 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.03.2011 16:57:37 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.03.2011 18:37:01 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

__________
OTL logfile created on: 11.03.2011 23:45:50 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kay\Videos
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,19 Gb Total Space | 39,69 Gb Free Space | 36,35% Space Free | Partition Type: NTFS
Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS

Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kay\Videos\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()OTL Extras logfile created on: 11.03.2011 23:45:51 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kay\Videos
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,19 Gb Total Space | 39,69 Gb Free Space | 36,35% Space Free | Partition Type: NTFS
Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS

Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1283713252-3167488077-3547314567-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0997051B-6242-4D29-8087-5DE5D075D267}" = rport=138 | protocol=17 | dir=out | app=system |
"{1F7B12D1-2CEB-4DC2-931D-A3E7F969BF48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{281568E5-2B01-4292-9E90-6ABE1DA3008A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2936B9F2-6421-45C4-A2CC-423CA8420590}" = lport=137 | protocol=17 | dir=in | app=system |
"{33772836-517D-4C04-A1D9-81C6D773F48F}" = rport=445 | protocol=6 | dir=out | app=system |
"{579C7702-C5DD-4454-A537-1487F4A4AD75}" = rport=139 | protocol=6 | dir=out | app=system |
"{674606E0-CF3B-4DFD-A5AC-FA49588B3A37}" = lport=138 | protocol=17 | dir=in | app=system |
"{6E27FB57-4D8E-4B6A-BEB8-BAAFA428F0C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7497BCA1-589A-438C-AD93-1726D6CFC71D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7CD0DB40-B06A-427F-9E77-CD0E5A052D3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FAA178D-98F8-4910-8B86-8B92368C78DD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{80943857-A802-4F43-9A43-CFCF35C9621E}" = lport=139 | protocol=6 | dir=in | app=system |
"{828057CE-05FE-42DE-99B1-A96A879BC26A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E23D99D-25F3-4C45-8D82-F1B60B95CC73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{962676DB-4B5D-4BAF-844F-90C254A79203}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D75D204-0005-41E5-B9E1-DA18EBC382D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B5601ACB-7977-4DFE-8695-DE1911492995}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C32ECFAE-0DD2-4A0C-A69D-A27DE246CC42}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C91111C3-92BD-4F84-B5E6-0544C8692E18}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CF8B5008-0900-4406-905B-B5C8BB9F82E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{F718E3FC-4D29-438E-B26E-2322440440E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F7E598CD-6538-4EA2-85F9-45D48F7562F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEDAE504-4D07-42E6-88FB-CE7581B42F99}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EE51B8-A735-4E6E-9F4D-B139B342B798}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{072723F4-9127-4452-8360-4BFEFF2DFF33}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{116A830A-D020-4D63-B666-D1E564510058}" = protocol=6 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe |
"{128D4230-8DC2-4758-8D6C-E85215EC84B6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{20098CB2-6EC4-4B2E-B1D6-296FE7D83060}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2AAB555C-9A68-4E69-AEC2-A96E2BB60D0F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3014177A-3449-47A0-BCCF-0D0592514ECF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{34DF5A76-F01E-4F0A-B29D-894DFF8A1A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37D1BFB5-86B2-4CBB-9919-BFC568051CF8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3DC450DA-B9FA-4764-B2EA-F55A95223A0E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3E14BB6E-3682-417F-84BF-E806DB3E1A44}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3FA88C91-F072-4FBC-B5EC-3B2DBD1FA7AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3FCB5AE7-09D0-4A8F-9E10-538F1E57BBAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4146681E-11E0-4177-8212-2D73E4A60A1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4491238A-3850-4FE0-8AB5-A098B19D43F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48837EC7-9128-417D-8130-D15FF6B97C40}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{56AB5851-47F2-4EAD-9B8B-F92A975109D7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5708650B-93B2-4EBB-A746-A511646E7818}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5A1B7D1F-95AD-46CD-AF7F-62399525E4CF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5B9F157B-FE41-420C-ACC4-80D0CA7EDAA8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5DD128C5-72CB-4214-BDAC-4A7569D0CBC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5EAAF6FC-E1A4-4CBD-82F6-E2BEE7ED9B64}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5F0D5E1E-CD2C-4FFF-AFFA-9A6E4AE20260}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6F1D632C-C842-4BCC-98DC-7B3BB698DFA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{82DAD9D6-4EBA-473E-8A68-BE7E19E0ED09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8AC253EF-2477-4127-B1E0-E91FB3B29919}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B63EF71-4AC9-4DC5-87DC-0FE02FC11B43}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{8BDD2911-7D6C-4B6E-A0B3-605AA6A12CCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C506EF2-2387-43E4-B91C-4D614776CF9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CBAF7FB-23BD-40E4-BF66-D4A94726DEA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9FCC3E62-7102-4CCA-A40B-A8A6FAC5C9E6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{A19FFC8F-3498-4565-BB75-7848280F52E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{A8A13160-70AE-446D-ACC9-500865B17514}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{AA018E60-B4E0-4056-A4CA-C0A2A7D7A8D0}" = protocol=17 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe |
"{B2129303-F439-43B7-A898-1DB92BFE13B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{C1537E89-F7BA-48BB-99AD-86A97C178555}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C308FE1E-F736-4D68-828C-47ADF5D2EC10}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C542A1B6-70ED-4EF4-8FC2-8EC1083083C6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{CC01D276-ABE9-4B32-A963-F2A809A4EBCB}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{CF8DFE59-ED84-4915-B625-A303B7DAFF8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D2F57522-ABB8-4CCD-92B4-9991D47ED470}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D634A6D0-087F-4BD0-A3C4-151AF8C01FCD}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{DBA9BC6D-4637-4393-8DE1-BD9CDA217E72}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{E0DCBF8A-8EE2-4454-949E-B9B8F5A955D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E2319906-F246-4CEE-966E-B00F6046F30C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{E2C30BB0-AF80-4AF1-A36F-717AB2FAE6E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2D217DF-0F16-4ABC-935D-38611FDF23BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3217537-631B-4280-80C0-678DBE62A61F}" = protocol=6 | dir=out | app=system |
"{FB7D267C-705E-4419-AC69-CAFCA109CFAF}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{4CCBEF83-A1BE-4B0E-AF1D-A77F065F3140}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{ED032D03-25AD-452A-A4FE-CC62129AEA71}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{235E349C-74FB-488D-933A-35311ACEAC81}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{BD7EDC30-EFBA-4D8B-8988-EB8E3E8E07C3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McDonald's Fairies " = McDonald's Fairies
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 6.0" = RealPlayer
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.4.7.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289
Description =

Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289
Description =

Error - 11.03.2011 16:54:54 | Computer Name = Kay-PC | Source = VSS | ID = 12289
Description =

Error - 11.03.2011 16:57:32 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 11.03.2011 16:57:33 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 57908

Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 57908

Error - 11.03.2011 18:36:57 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11.03.2011 09:33:54 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.03.2011 09:33:59 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.03.2011 09:34:18 | Computer Name = Kay-PC | Source = bowser | ID = 8003
Description =

Error - 11.03.2011 16:33:12 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.03.2011 16:33:22 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.03.2011 16:33:39 | Computer Name = Kay-PC | Source = bowser | ID = 8003
Description =

Error - 11.03.2011 16:57:36 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.03.2011 16:57:37 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11.03.2011 18:37:01 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Users\Kay\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (SafeList) ==========

MOD - C:\Users\Kay\Videos\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.31 19:14:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.03 22:47:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.03 22:47:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 20:37:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 20:37:42 | 000,000,000 | ---D | M]

[2009.04.17 13:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Extensions
[2011.03.11 22:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions
[2010.04.27 15:03:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.09 13:51:05 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions\firefox@tvunetworks.com
[2011.03.11 14:51:06 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-1.xml
[2009.08.23 11:07:50 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-2.xml
[2009.09.14 16:50:20 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-3.xml
[2009.10.29 21:22:50 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-4.xml
[2010.02.04 09:42:20 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-5.xml
[2009.08.02 19:04:29 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin.xml
[2011.03.05 22:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.06.27 23:45:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.14 15:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.31 21:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.29 05:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.07 12:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 22:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.03 22:47:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.02.03 22:47:51 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.10.20 14:13:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.12.14 08:59:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.05 00:39:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.06.14 15:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.31 21:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.29 05:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.07 12:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 22:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll
[2010.10.09 12:30:50 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.09 12:30:50 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.06 19:15:49 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
[2010.10.09 12:30:50 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.09 12:30:50 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.09 12:30:50 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell - "" = AutoRun
O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun
O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun
O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell - "" = AutoRun
O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell - "" = AutoRun
O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.03.11 23:11:54 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Malwarebytes
[2011.03.11 23:11:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.11 23:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.11 23:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.11 23:11:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.11 23:11:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.10 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\vlc
[2011.03.10 21:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.03.09 14:51:47 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 14:51:47 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 14:51:47 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 14:51:47 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.03.05 22:05:34 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.03.05 22:04:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.05 22:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.05 22:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.05 21:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.05 21:33:17 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.05 21:33:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.05 21:28:44 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.02.27 13:13:08 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Musik neu
[2011.02.24 06:32:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.24 06:29:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.24 06:29:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.24 06:29:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.24 06:29:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.24 06:28:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.24 06:28:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.24 06:28:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.24 06:28:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.24 06:28:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.24 06:28:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.24 06:28:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.24 06:28:41 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.24 06:28:41 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.24 06:28:41 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.24 06:28:40 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.24 06:28:40 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.02.18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2011.02.16 20:50:14 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Musik
[2011.02.15 06:34:37 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\party
[2009.07.02 09:33:10 | 401,192,504 | ---- | C] (Nero AG) -- C:\Users\Kay\AppData\Roaming\Nero-9.4.13.2b_trial.exe
[2009.04.17 12:57:06 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2009.04.17 12:54:52 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.04.17 12:54:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008.03.25 21:59:55 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[1 C:\Users\Kay\Desktop\*.tmp files -> C:\Users\Kay\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.03.11 23:37:22 | 000,084,091 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\nvModes.001
[2011.03.11 23:36:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 23:36:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.11 23:36:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.11 23:36:34 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.11 23:34:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.11 23:33:41 | 000,002,631 | ---- | M] () -- C:\Users\Kay\Desktop\Microsoft Office Word 2007.lnk
[2011.03.11 23:11:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.11 22:55:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000UA.job
[2011.03.11 06:56:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.11 06:56:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.11 06:56:45 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.11 06:56:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.10 21:01:59 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.03.06 17:12:53 | 000,028,672 | ---- | M] () -- C:\Windows\System32\msxml6rd.dll
[2011.03.05 21:34:14 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.04 18:55:02 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000Core.job
[2011.02.22 00:41:08 | 000,007,592 | ---- | M] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat
[2011.02.20 18:20:42 | 000,137,216 | ---- | M] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2011.02.10 07:20:32 | 000,313,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Kay\Desktop\*.tmp files -> C:\Users\Kay\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.03.11 23:11:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.10 21:01:59 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.03.06 17:12:53 | 000,028,672 | ---- | C] () -- C:\Windows\System32\msxml6rd.dll
[2011.03.05 21:34:14 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.02.24 06:28:44 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.24 06:28:44 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.02.24 06:28:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.09.03 18:55:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.07.12 07:18:42 | 000,185,496 | ---- | C] () -- C:\Windows\hpoins29.dat.temp
[2010.07.12 07:18:42 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp
[2010.07.11 12:15:03 | 000,185,117 | ---- | C] () -- C:\Windows\hpoins29.dat
[2010.07.11 12:15:03 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2009.08.23 10:56:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.23 10:56:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 00:19:19 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.08.03 00:19:19 | 000,022,328 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\PnkBstrK.sys
[2009.08.03 00:19:05 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.08.03 00:19:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.08.03 00:19:03 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.06.27 23:28:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.06.08 15:07:58 | 000,007,592 | ---- | C] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat
[2009.06.01 12:13:31 | 000,000,334 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\wklnhst.dat
[2009.05.22 22:12:12 | 000,031,007 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\UserTile.png
[2009.04.23 07:22:20 | 000,000,376 | ---- | C] () -- C:\Windows\mozregistry.dat
[2009.04.18 09:26:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.17 14:20:57 | 000,137,216 | ---- | C] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.17 14:16:28 | 000,084,091 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\nvModes.001
[2009.04.17 14:16:26 | 000,084,091 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\nvModes.dat
[2009.04.17 13:43:55 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009.04.17 12:57:06 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2009.04.15 19:56:39 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2009.04.15 19:56:10 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2009.04.15 11:01:25 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009.04.15 11:01:25 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008.03.26 00:32:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008.03.25 22:00:11 | 000,000,144 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008.03.25 21:59:55 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.03.25 21:59:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.03.25 15:21:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.03.25 15:20:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,313,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009.06.18 20:42:03 | 000,000,000 | -HSD | M] -- C:\Users\Kay\AppData\Roaming\.#
[2009.04.17 14:27:34 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Acer
[2008.03.25 14:54:34 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Acer GameZone Console
[2010.08.31 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Bytemobile
[2009.04.21 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\FloodLightGames
[2009.05.12 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Gaijin Ent
[2011.01.29 14:36:36 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Gutscheinmieze
[2011.03.10 23:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\ICQ
[2009.04.20 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\iWin
[2011.01.29 10:58:16 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Local
[2009.10.20 14:17:01 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\OpenOffice.org
[2009.06.01 12:14:08 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Template
[2009.08.27 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Vodafone
[2010.08.31 21:16:38 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Vodafone Mobile Connect
[2011.03.11 23:34:56 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7

< End of report >

Ich hoffe mir kann jemand helfen ich habe überhaupt kein Plan was das alles zu bedeuten hat können wohl nur Cracks..

Gruß
Kay
danke im voraus...

Alt 12.03.2011, 12:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Hi,

1. Bitte alle Logs von Malwarebytes posten
2. Das andere Log von OTL nachreichen, du hast nur die Extras gepostet.
__________________

__________________

Alt 13.03.2011, 14:17   #3
Kay K.
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Moin cosinus... Ich finde das ja richtig klasse das ich so schnell eine Antwort bekomme...

Zu 1.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6027

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11.03.2011 23:33:01
mbam-log-2011-03-11 (23-33-01).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 173068
Laufzeit: 7 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmllllaudio (Trojan.Agent) -> Value: pmllllaudio -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssromnsys (Trojan.Agent) -> Value: ssromnsys -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Kay\AppData\Local\Temp\jkkheb.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

Zu 2.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.03.2011 14:11:32 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Kay\Videos
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,19 Gb Total Space | 39,59 Gb Free Space | 36,26% Space Free | Partition Type: NTFS
Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS
 
Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.13 14:10:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kay\Videos\OTL(2).exe
PRC - [2011.03.05 20:37:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.01.17 12:34:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.17 12:34:39 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.17 12:34:39 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Programme\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.11 12:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.04.17 12:33:50 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Kay\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.12 16:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
PRC - [2008.03.24 18:37:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.02.25 17:53:24 | 000,518,656 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.02.25 17:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.01.24 03:29:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.24 03:28:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2008.01.22 10:14:24 | 000,200,704 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.09 18:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007.12.20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.11.27 18:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007.11.22 09:01:00 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.11.22 09:01:00 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.10.10 06:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007.10.01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.09.28 18:18:24 | 000,233,472 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2007.09.20 13:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.09.06 11:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007.05.16 08:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.05.16 08:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.13 14:10:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kay\Videos\OTL(2).exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.01.17 12:34:39 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.17 12:34:39 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.02.25 17:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.20 11:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.12.19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.11.27 18:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.11.22 09:01:00 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.10.01 16:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.09.28 18:18:24 | 000,233,472 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.09.20 13:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.12.14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.01.17 12:34:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.01.17 12:34:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.29 16:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 16:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.09 12:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008.03.11 03:11:00 | 008,240,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.15 16:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.01.24 03:29:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2008.01.24 03:29:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.04 16:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007.12.28 01:21:30 | 000,026,752 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerA310USB.sys -- (A310)
DRV - [2007.12.28 01:21:24 | 000,042,752 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerA310Cap.sys -- (BDASwCap)
DRV - [2007.10.31 03:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.03 09:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007.06.12 09:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.31 19:14:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.03 22:47:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.03 22:47:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 20:37:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 20:37:42 | 000,000,000 | ---D | M]
 
[2009.04.17 13:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Extensions
[2011.03.11 22:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions
[2010.04.27 15:03:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.09 13:51:05 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions\firefox@tvunetworks.com
[2011.03.11 14:51:06 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-1.xml
[2009.08.23 11:07:50 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-2.xml
[2009.09.14 16:50:20 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-3.xml
[2009.10.29 21:22:50 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-4.xml
[2010.02.04 09:42:20 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-5.xml
[2009.08.02 19:04:29 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin.xml
[2011.03.05 22:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.06.27 23:45:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.14 15:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.31 21:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.29 05:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.07 12:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 22:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.03 22:47:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.02.03 22:47:51 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.10.20 14:13:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.12.14 08:59:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.05 00:39:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.06.14 15:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.31 21:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.29 05:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.07 12:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.05 22:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll
[2010.10.09 12:30:50 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.09 12:30:50 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.06 19:15:49 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
[2010.10.09 12:30:50 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.09 12:30:50 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.09 12:30:50 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel]  File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell - "" = AutoRun
O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun
O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun
O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell - "" = AutoRun
O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell - "" = AutoRun
O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.11 23:11:54 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Malwarebytes
[2011.03.11 23:11:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.11 23:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.11 23:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.11 23:11:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.11 23:11:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.10 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\vlc
[2011.03.10 21:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.03.09 14:51:47 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 14:51:47 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 14:51:47 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 14:51:47 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.03.05 22:05:34 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.03.05 22:04:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.05 22:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.05 22:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.05 21:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.05 21:33:17 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.05 21:33:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.05 21:28:44 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.02.27 13:13:08 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Musik neu
[2011.02.24 06:32:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.24 06:29:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.24 06:29:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.24 06:29:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.24 06:29:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.24 06:28:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.24 06:28:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.24 06:28:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.24 06:28:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.24 06:28:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.24 06:28:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.24 06:28:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.24 06:28:41 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.24 06:28:41 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.24 06:28:41 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.24 06:28:40 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.24 06:28:40 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.02.18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2011.02.16 20:50:14 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Musik
[2011.02.15 06:34:37 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\party
[2009.07.02 09:33:10 | 401,192,504 | ---- | C] (Nero AG) -- C:\Users\Kay\AppData\Roaming\Nero-9.4.13.2b_trial.exe
[2009.04.17 12:57:06 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2009.04.17 12:54:52 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.04.17 12:54:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008.03.25 21:59:55 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[1 C:\Users\Kay\Desktop\*.tmp files -> C:\Users\Kay\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.13 13:55:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000UA.job
[2011.03.13 13:18:25 | 000,084,091 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\nvModes.001
[2011.03.13 13:18:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.13 13:18:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.13 13:18:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.13 13:17:57 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.12 22:30:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.12 18:55:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000Core.job
[2011.03.11 23:33:41 | 000,002,631 | ---- | M] () -- C:\Users\Kay\Desktop\Microsoft Office Word 2007.lnk
[2011.03.11 23:11:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.11 06:56:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.11 06:56:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.11 06:56:45 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.11 06:56:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.10 21:01:59 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.03.06 17:12:53 | 000,028,672 | ---- | M] () -- C:\Windows\System32\msxml6rd.dll
[2011.03.05 21:34:14 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.02.22 00:41:08 | 000,007,592 | ---- | M] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat
[2011.02.20 18:20:42 | 000,137,216 | ---- | M] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[1 C:\Users\Kay\Desktop\*.tmp files -> C:\Users\Kay\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.11 23:11:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.10 21:01:59 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.03.06 17:12:53 | 000,028,672 | ---- | C] () -- C:\Windows\System32\msxml6rd.dll
[2011.03.05 21:34:14 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.02.24 06:28:44 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.24 06:28:44 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.02.24 06:28:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.09.03 18:55:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.07.12 07:18:42 | 000,185,496 | ---- | C] () -- C:\Windows\hpoins29.dat.temp
[2010.07.12 07:18:42 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp
[2010.07.11 12:15:03 | 000,185,117 | ---- | C] () -- C:\Windows\hpoins29.dat
[2010.07.11 12:15:03 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2009.08.23 10:56:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.23 10:56:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 00:19:19 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.08.03 00:19:19 | 000,022,328 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\PnkBstrK.sys
[2009.08.03 00:19:05 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.08.03 00:19:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.08.03 00:19:03 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.06.27 23:28:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.06.08 15:07:58 | 000,007,592 | ---- | C] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat
[2009.06.01 12:13:31 | 000,000,334 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\wklnhst.dat
[2009.05.22 22:12:12 | 000,031,007 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\UserTile.png
[2009.04.23 07:22:20 | 000,000,376 | ---- | C] () -- C:\Windows\mozregistry.dat
[2009.04.18 09:26:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.17 14:20:57 | 000,137,216 | ---- | C] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.17 14:16:28 | 000,084,091 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\nvModes.001
[2009.04.17 14:16:26 | 000,084,091 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\nvModes.dat
[2009.04.17 13:43:55 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009.04.17 12:57:06 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2009.04.15 19:56:39 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2009.04.15 19:56:10 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2009.04.15 11:01:25 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009.04.15 11:01:25 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008.03.26 00:32:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008.03.25 22:00:11 | 000,000,144 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008.03.25 21:59:55 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.03.25 21:59:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.03.25 15:21:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.03.25 15:20:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,313,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.06.18 20:42:03 | 000,000,000 | -HSD | M] -- C:\Users\Kay\AppData\Roaming\.#
[2009.04.17 14:27:34 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Acer
[2008.03.25 14:54:34 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Acer GameZone Console
[2010.08.31 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Bytemobile
[2009.04.21 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\FloodLightGames
[2009.05.12 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Gaijin Ent
[2011.01.29 14:36:36 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Gutscheinmieze
[2011.03.10 23:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\ICQ
[2009.04.20 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\iWin
[2011.01.29 10:58:16 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Local
[2009.10.20 14:17:01 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\OpenOffice.org
[2009.06.01 12:14:08 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Template
[2009.08.27 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Vodafone
[2010.08.31 21:16:38 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Vodafone Mobile Connect
[2011.03.12 22:30:16 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.03.2011 14:11:32 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Kay\Videos
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,19 Gb Total Space | 39,59 Gb Free Space | 36,26% Space Free | Partition Type: NTFS
Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS
 
Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1283713252-3167488077-3547314567-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0997051B-6242-4D29-8087-5DE5D075D267}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F7B12D1-2CEB-4DC2-931D-A3E7F969BF48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{281568E5-2B01-4292-9E90-6ABE1DA3008A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2936B9F2-6421-45C4-A2CC-423CA8420590}" = lport=137 | protocol=17 | dir=in | app=system | 
"{33772836-517D-4C04-A1D9-81C6D773F48F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{579C7702-C5DD-4454-A537-1487F4A4AD75}" = rport=139 | protocol=6 | dir=out | app=system | 
"{674606E0-CF3B-4DFD-A5AC-FA49588B3A37}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6E27FB57-4D8E-4B6A-BEB8-BAAFA428F0C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7497BCA1-589A-438C-AD93-1726D6CFC71D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7CD0DB40-B06A-427F-9E77-CD0E5A052D3A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7FAA178D-98F8-4910-8B86-8B92368C78DD}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{80943857-A802-4F43-9A43-CFCF35C9621E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{828057CE-05FE-42DE-99B1-A96A879BC26A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8E23D99D-25F3-4C45-8D82-F1B60B95CC73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{962676DB-4B5D-4BAF-844F-90C254A79203}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9D75D204-0005-41E5-B9E1-DA18EBC382D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B5601ACB-7977-4DFE-8695-DE1911492995}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C32ECFAE-0DD2-4A0C-A69D-A27DE246CC42}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C91111C3-92BD-4F84-B5E6-0544C8692E18}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CF8B5008-0900-4406-905B-B5C8BB9F82E6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F718E3FC-4D29-438E-B26E-2322440440E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7E598CD-6538-4EA2-85F9-45D48F7562F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FEDAE504-4D07-42E6-88FB-CE7581B42F99}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EE51B8-A735-4E6E-9F4D-B139B342B798}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{072723F4-9127-4452-8360-4BFEFF2DFF33}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{116A830A-D020-4D63-B666-D1E564510058}" = protocol=6 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe | 
"{128D4230-8DC2-4758-8D6C-E85215EC84B6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{20098CB2-6EC4-4B2E-B1D6-296FE7D83060}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2AAB555C-9A68-4E69-AEC2-A96E2BB60D0F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{3014177A-3449-47A0-BCCF-0D0592514ECF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{34DF5A76-F01E-4F0A-B29D-894DFF8A1A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{37D1BFB5-86B2-4CBB-9919-BFC568051CF8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{3DC450DA-B9FA-4764-B2EA-F55A95223A0E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{3E14BB6E-3682-417F-84BF-E806DB3E1A44}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{3FA88C91-F072-4FBC-B5EC-3B2DBD1FA7AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{3FCB5AE7-09D0-4A8F-9E10-538F1E57BBAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4146681E-11E0-4177-8212-2D73E4A60A1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4491238A-3850-4FE0-8AB5-A098B19D43F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{48837EC7-9128-417D-8130-D15FF6B97C40}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{56AB5851-47F2-4EAD-9B8B-F92A975109D7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{5708650B-93B2-4EBB-A746-A511646E7818}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5A1B7D1F-95AD-46CD-AF7F-62399525E4CF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5B9F157B-FE41-420C-ACC4-80D0CA7EDAA8}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{5DD128C5-72CB-4214-BDAC-4A7569D0CBC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5EAAF6FC-E1A4-4CBD-82F6-E2BEE7ED9B64}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5F0D5E1E-CD2C-4FFF-AFFA-9A6E4AE20260}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6F1D632C-C842-4BCC-98DC-7B3BB698DFA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{82DAD9D6-4EBA-473E-8A68-BE7E19E0ED09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8AC253EF-2477-4127-B1E0-E91FB3B29919}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B63EF71-4AC9-4DC5-87DC-0FE02FC11B43}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{8BDD2911-7D6C-4B6E-A0B3-605AA6A12CCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9C506EF2-2387-43E4-B91C-4D614776CF9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9CBAF7FB-23BD-40E4-BF66-D4A94726DEA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9FCC3E62-7102-4CCA-A40B-A8A6FAC5C9E6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{A19FFC8F-3498-4565-BB75-7848280F52E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{A8A13160-70AE-446D-ACC9-500865B17514}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{AA018E60-B4E0-4056-A4CA-C0A2A7D7A8D0}" = protocol=17 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe | 
"{B2129303-F439-43B7-A898-1DB92BFE13B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{C1537E89-F7BA-48BB-99AD-86A97C178555}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{C308FE1E-F736-4D68-828C-47ADF5D2EC10}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{C542A1B6-70ED-4EF4-8FC2-8EC1083083C6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{CC01D276-ABE9-4B32-A963-F2A809A4EBCB}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{CF8DFE59-ED84-4915-B625-A303B7DAFF8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2F57522-ABB8-4CCD-92B4-9991D47ED470}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D634A6D0-087F-4BD0-A3C4-151AF8C01FCD}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"{DBA9BC6D-4637-4393-8DE1-BD9CDA217E72}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{E0DCBF8A-8EE2-4454-949E-B9B8F5A955D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E2319906-F246-4CEE-966E-B00F6046F30C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{E2C30BB0-AF80-4AF1-A36F-717AB2FAE6E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E2D217DF-0F16-4ABC-935D-38611FDF23BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E3217537-631B-4280-80C0-678DBE62A61F}" = protocol=6 | dir=out | app=system | 
"{FB7D267C-705E-4419-AC69-CAFCA109CFAF}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{4CCBEF83-A1BE-4B0E-AF1D-A77F065F3140}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{ED032D03-25AD-452A-A4FE-CC62129AEA71}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{235E349C-74FB-488D-933A-35311ACEAC81}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{BD7EDC30-EFBA-4D8B-8988-EB8E3E8E07C3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McDonald's Fairies " = McDonald's Fairies
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 6.0" = RealPlayer
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.4.7.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.03.2011 11:42:32 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 501059
 
Error - 12.03.2011 13:47:42 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12.03.2011 13:47:43 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2011 15:37:32 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12.03.2011 15:37:33 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.03.2011 16:08:57 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
 
Error - 12.03.2011 16:40:46 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12.03.2011 16:40:47 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2011 08:18:54 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.03.2011 08:19:03 | Computer Name = Kay-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 12.03.2011 13:47:45 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.03.2011 15:37:33 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.03.2011 15:37:34 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.03.2011 15:37:42 | Computer Name = Kay-PC | Source = bowser | ID = 8003
Description = 
 
Error - 12.03.2011 16:40:47 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.03.2011 16:40:47 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 12.03.2011 16:40:48 | Computer Name = Kay-PC | Source = bowser | ID = 8003
Description = 
 
Error - 13.03.2011 08:18:54 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.03.2011 08:19:04 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 13.03.2011 08:23:15 | Computer Name = Kay-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
--- --- ---

Ich hoffe du kannst mir da weiter helfen.......

Gruß Kay
__________________

Alt 13.03.2011, 14:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Alt 13.03.2011, 19:20   #5
Kay K.
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Hey Arne...
hier der Vollscan Bericht...
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6042

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

13.03.2011 17:53:05
mbam-log-2011-03-13 (17-53-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 327169
Laufzeit: 1 Stunde(n), 14 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Frage: Heißt das ich habe keine Infizierten Objekte und alles ist gut bei mir?

Gruß Kay


Alt 13.03.2011, 19:25   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________
--> TR/Crypt.XPACK.Gen3

Alt 13.03.2011, 19:50   #7
Kay K.
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Hey Arne...
hier der Vollscan Bericht...
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6042

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

13.03.2011 17:53:05
mbam-log-2011-03-13 (17-53-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 327169
Laufzeit: 1 Stunde(n), 14 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Frage: Heißt das ich habe keine Infizierten Objekte und alles ist gut bei mir?

Gruß Kay

Alt 14.03.2011, 09:21   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell - "" = AutoRun
O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun
O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun
O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell - "" = AutoRun
O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun
O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell - "" = AutoRun
O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun
O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
[2011.03.06 17:12:53 | 000,028,672 | ---- | C] () -- C:\Windows\System32\msxml6rd.dll
[2009.06.18 20:42:03 | 000,000,000 | -HSD | M] -- C:\Users\Kay\AppData\Roaming\.#
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Alt 14.03.2011, 14:10   #9
Kay K.
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Moin Arne...
alles wie beschrieben geklappt...
Hier das File...

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878e8805-4af7-11de-a086-001b24d1914f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878e8805-4af7-11de-a086-001b24d1914f}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53db-b535-11df-b337-be93d59fd303}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53db-b535-11df-b337-be93d59fd303}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e6-b535-11df-b337-be93d59fd303}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e6-b535-11df-b337-be93d59fd303}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e7-b535-11df-b337-be93d59fd303}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e7-b535-11df-b337-be93d59fd303}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bdd18867-f71a-11df-ae4d-001e101f8924}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bdd18867-f71a-11df-ae4d-001e101f8924}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9755bac-cfbd-11df-941b-001e101f2500}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9755bac-cfbd-11df-941b-001e101f2500}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf529b9f-4150-11de-8649-ff49163a8588}\ not found.
File .\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf529b9f-4150-11de-8649-ff49163a8588}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
C:\Windows\System32\msxml6rd.dll moved successfully.
C:\Users\Kay\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
ADS C:\ProgramData\TEMP:8173A019 deleted successfully.
ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:131C0EE9 deleted successfully.
ADS C:\ProgramData\TEMP:FC420CE6 deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Journal

User: Kay
->Temp folder emptied: 5693458152 bytes
->Java cache emptied: 58219663 bytes
->FireFox cache emptied: 70657779 bytes
->Google Chrome cache emptied: 8331582 bytes
->Apple Safari cache emptied: 3681280 bytes
->Flash cache emptied: 189538 bytes

User: Public

User: RegBack

User: systemprofile

User: TxR

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36184601 bytes
RecycleBin emptied: 230069 bytes

Total Files Cleaned = 5.599,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03142011_140320

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


ich hoffe das ist was du meinst...

Gruß Kay

Alt 14.03.2011, 14:13   #10
Kay K.
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



ist jetzt noch was zu tun???

Alt 14.03.2011, 14:22   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Alt 18.03.2011, 07:01   #12
Kay K.
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Hallo Cosinus

also das Problem ist bis jetzt nicht wieder aufgetreten... habe nochmal eine Prüfung gemacht und jetzt sagt mir Avira..."keine Funde" hmmm... ich glaube das problem hat sich beim Fixen mit Malwarebytes geklärt....

ich danke dir aber trotzdem für deine Hilfe..super das es alles so schnell ging...
kann ich nur weiter empfehlen

>Gruß kay

Alt 18.03.2011, 12:11   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Bitte führe CF aus!!

Alt 18.03.2011, 15:06   #14
Kay K.
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



hey Cosinus..
hier der Text von CF:

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-03-17.02 - Kay 18.03.2011  14:45:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.990 [GMT 1:00]
ausgeführt von:: c:\users\Kay\Videos\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kay\AppData\Roaming\Local
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\82b659de07fb7dab5cd24ccbef0ec5a8.avi.ddr
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\e200708b58a32d8f446a58ce5ee0d17e.avi.ddr
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\82b659de07fb7dab5cd24ccbef0ec5a8.avi
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\e200708b58a32d8f446a58ce5ee0d17e.avi.ddp
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Kay\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\users\Kay\videos\avira_antivir_personal_de.exe
c:\users\Kay\videos\AVSVideoConverter71.exe
c:\users\Kay\videos\BitTorrent-7.0.exe
c:\users\Kay\videos\ComboFix.exe
c:\users\Kay\videos\DivXInstaller.exe
c:\users\Kay\videos\DivXInstaller812.exe
c:\users\Kay\videos\DVDShrink_3.2_Deutsch-Setup.exe
c:\users\Kay\videos\eMule0.50a-Installer.exe
c:\users\Kay\videos\FreeYouTubeToMP3Converter32.exe
c:\users\Kay\videos\install_flash_player.exe
c:\users\Kay\videos\install_icq7.exe
c:\users\Kay\videos\iTunesSetup(2).exe
c:\users\Kay\videos\iTunesSetup.exe
c:\users\Kay\videos\Kids Art Emoticons Setup.exe
c:\users\Kay\videos\l33t.exe
c:\users\Kay\videos\mbam-setup.exe
c:\users\Kay\videos\OOo_3.1.1_Win32Intel_install_wJRE_de.exe
c:\users\Kay\videos\OTL(2).exe
c:\users\Kay\videos\OTL.exe
c:\users\Kay\videos\PS_AIO_03_C4400_NonNet_Basic_Win_deu_110_175_NB.exe
c:\users\Kay\videos\ratDVDSetup-0.78.1444.exe
c:\users\Kay\videos\SUPERsetup38.exe
c:\users\Kay\videos\SweetImSetup.exe
c:\users\Kay\videos\Utorrent3.0Alpha.exe
c:\users\Kay\videos\wlsetup-web.exe
c:\users\Kay\videos\wlsetup-web_8064.exe
c:\users\Kay\videos\wrar380d.exe
c:\users\Kay\videos\youtube_music_downloader.exe
c:\users\Kay\videos\YouTubeDownloaderSetup257.exe
c:\users\Kay\videos\YouTubeDownloaderSetup265.exe
c:\windows\ST6UNST.000
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-18 bis 2011-03-18  ))))))))))))))))))))))))))))))
.
.
2011-03-18 13:23 . 2011-02-11 06:54	5943120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5ED4D6A-9799-4E18-8C12-284D3D4D4034}\mpengine.dll
2011-03-17 21:39 . 2011-03-17 21:39	--------	d-----w-	c:\program files\iPod
2011-03-14 13:03 . 2011-03-14 13:03	--------	d-----w-	C:\_OTL
2011-03-11 22:11 . 2011-03-11 22:11	--------	d-----w-	c:\users\Kay\AppData\Roaming\Malwarebytes
2011-03-11 22:11 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 22:11 . 2011-03-11 22:11	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-11 22:11 . 2011-03-11 22:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-03-11 22:11 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-10 20:03 . 2011-03-10 20:03	--------	d-----w-	c:\users\Kay\AppData\Roaming\vlc
2011-03-09 13:51 . 2010-12-29 18:28	322560	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 13:51 . 2010-12-29 18:28	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-09 13:51 . 2010-12-29 18:28	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 13:51 . 2010-12-29 18:26	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 13:51 . 2010-12-17 15:45	2067968	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 13:51 . 2010-12-17 13:54	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-03-05 21:05 . 2011-03-05 21:05	--------	d-----w-	c:\program files\Common Files\Java
2011-03-05 20:33 . 2011-03-17 21:40	--------	d-----w-	c:\program files\iTunes
2011-03-05 20:28 . 2011-03-05 20:28	--------	d-----w-	c:\program files\Bonjour
2011-02-24 05:29 . 2009-10-09 21:56	2048	----a-w-	c:\windows\system32\winrsmgr.dll
2011-02-24 05:29 . 2009-10-09 21:56	12800	----a-w-	c:\windows\system32\wsmprovhost.exe
2011-02-24 05:29 . 2009-10-09 21:56	20480	----a-w-	c:\windows\system32\winrshost.exe
2011-02-24 05:29 . 2009-10-09 21:56	40448	----a-w-	c:\windows\system32\winrs.exe
2011-02-18 15:36 . 2011-02-18 15:36	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 13:44 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 20:40 . 2010-06-14 14:03	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-08 19:06	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 14:04	638336	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 14:04	478720	----a-w-	c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 14:04	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 14:04	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 14:04	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 14:04	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 14:04	37376	----a-w-	c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 14:04	258048	----a-w-	c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 14:04	586240	----a-w-	c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 14:04	2873344	----a-w-	c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 14:04	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 14:04	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 14:04	98816	----a-w-	c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 14:04	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 14:04	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 14:04	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 14:04	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 14:04	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 14:04	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 14:04	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 14:04	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 14:04	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 14:04	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 14:04	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 14:04	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 14:04	683008	----a-w-	c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 14:04	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 14:04	797184	----a-w-	c:\windows\system32\FntCache.dll
2011-01-17 11:34 . 2009-06-27 19:55	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-01-17 11:34 . 2009-06-27 19:55	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-01-08 08:47 . 2011-02-09 14:01	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 14:01	292352	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 14:04	2039808	----a-w-	c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-11 18:14	413696	----a-w-	c:\windows\system32\odbc32.dll
2010-12-23 19:02 . 2010-12-23 19:02	1222408	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-20 16:36 . 2011-02-09 14:03	834048	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 15:37 . 2011-02-09 14:03	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-12-20 14:55 . 2011-02-09 14:03	389632	----a-w-	c:\windows\system32\html.iec
2006-05-03 09:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00	39472	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Kay\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-28 133104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-17 281768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-01-02 13:17	707080	----a-w-	c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 18:24	32768	----a-w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-04-18 08:32	198160	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1283713252-3167488077-3547314567-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-17 135336]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2007-12-28 26752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2007-12-28 42752]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000Core.job
- c:\users\Kay\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-28 09:40]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000UA.job
- c:\users\Kay\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-28 09:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: bmnet.dll
FF - ProfilePath - c:\users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-18 14:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'Explorer.exe'(3788)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-18  15:04:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-18 14:04
.
Vor Suchlauf: 15 Verzeichnis(se), 50.738.139.136 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 50.243.518.464 Bytes frei
.
- - End Of File - - 3E1DA62550FE76C98F4EBE1BB921BDC0
         
--- --- ---

kein plan was du damit machst...aber ich frage auch gar nicht mehr

Gruß kay

Alt 18.03.2011, 15:19   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen3 - Standard

TR/Crypt.XPACK.Gen3



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Antwort

Themen zu TR/Crypt.XPACK.Gen3
32 bit, alternate, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, desktop, diner dash, error, excel, excel.exe, flash player, google, helper, home, install.exe, launch, location, logfile, microsoft office word, mozilla, nvlddmkm.sys, office 2007, oldtimer, otl.exe, popup, problem, programdata, programm, realtek, registry, saver, scan, sched.exe, searchplugins, security, security update, server, shell32.dll, shortcut, software, start menu, super, svchost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen3, virus, vista, vodafone, {dfefcdee-cf1a-4fc8-88ad-48514e463b27}



Ähnliche Themen: TR/Crypt.XPACK.Gen3


  1. TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 14.06.2014 (13)
  2. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (24)
  3. TR/CRYPT.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (1)
  4. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  5. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 07.01.2012 (4)
  6. Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 08.10.2011 (1)
  7. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 17.03.2011 (3)
  8. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 25.02.2011 (24)
  9. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  10. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 12.11.2010 (6)
  11. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (14)
  12. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (3)
  13. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  14. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 14.10.2010 (11)
  15. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (4)
  16. Massenweise Viren werden in Windows/Temp erstellt (Tr/Crypt.xpack.Gen3+TR/Crypt.Pepn.Gen und andere)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (6)
  17. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)

Zum Thema TR/Crypt.XPACK.Gen3 - Moin Moin.... Habe auch ein Problem mit "TR/Crypt.XPACK.Gen3" mein Avira zeigt mir an das auch ich mir was eingefangen habe. Kenn mich nicht so aus, aber habe mir mal die - TR/Crypt.XPACK.Gen3...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.