Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ukash BKA trojaner 2.0 hat meinen pc lahm gelegt (https://www.trojaner-board.de/106346-ukash-bka-trojaner-2-0-hat-meinen-pc-lahm-gelegt.html)

hellmchen 16.12.2011 16:23
Ukash BKA trojaner 2.0 hat meinen pc lahm gelegt
 
Hi habe mir irgendwie die BKA trojaner eingehandelt und werde ihn nicht mehr los
habe es schon mit dem avirus de cleaner versucht hat aber nichts gebracht
konnte ihn auch nicht im abgesicherten modus druchführen da mein laptop nach 10 min sich einfach abschaltet wenn ich im abgesicherten modus bin musste ihn mit einem normalen start ausführen ging aber nur weil ich schnell genug mit dem taskmanager wohl die richtigen exe dateien blockiert habe

jetzt bräuchte ich eure hilfe und ich bin ziemlicher laie
wäre schön wenn ihr mir die ganze sache mit OTL erklären könntet

mfg hellmchen

markusg 16.12.2011 16:33
hi falls du im moment arbeiten kannst folgendes:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

hellmchen 17.12.2011 00:13
OTL.txt OTL Logfile:
Code:
OTL logfile created on: 16.12.2011 16:52:01 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\chris\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,47 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 44,89% Memory free
5,15 Gb Paging File | 3,48 Gb Available in Paging File | 67,59% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 69,88 Gb Free Space | 48,52% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 125,93 Gb Free Space | 89,63% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.16 16:13:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
PRC - [2011.10.18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011.10.18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011.10.18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011.09.16 18:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.07.16 11:56:22 | 000,024,992 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2011.07.16 11:52:16 | 000,282,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\AllShare\AllShareAgent.exe
PRC - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.05.11 21:36:10 | 001,619,272 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Defrag\oodag.exe
PRC - [2010.05.11 21:35:58 | 002,528,584 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Defrag\oodtray.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.01.15 17:44:06 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\chris\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.17 14:54:38 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.10.09 10:48:21 | 003,438,592 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2008.10.09 10:48:12 | 003,521,024 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe
PRC - [2008.10.09 10:48:04 | 003,673,600 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2008.08.19 11:26:34 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.29 17:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.07.24 15:54:18 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.07.24 15:54:10 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.06.30 16:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.06.17 05:23:24 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.05.30 12:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.03.25 14:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe
PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.14 16:12:00 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\840f9b4d51622f9f29888aae168a196c\System.ServiceProcess.ni.dll
MOD - [2011.10.19 09:35:18 | 000,762,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8985ef7c12df01b25c53bd80f7103819\System.Runtime.Remoting.ni.dll
MOD - [2011.10.19 09:20:48 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.10.19 09:20:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.10.19 09:19:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.10.19 09:19:47 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011.10.19 09:09:13 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.10.19 09:07:50 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.10.19 09:07:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.10.19 08:55:45 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.10.19 08:54:10 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011.09.10 11:48:23 | 011,106,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
MOD - [2011.09.10 11:47:43 | 003,798,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
MOD - [2011.09.10 11:47:41 | 013,137,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
MOD - [2011.09.10 11:47:05 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
MOD - [2011.09.10 11:45:06 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
MOD - [2011.09.10 11:43:57 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll
MOD - [2011.09.10 11:43:54 | 009,085,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
MOD - [2011.09.10 11:24:06 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
MOD - [2009.09.05 00:54:38 | 000,180,224 | ---- | M] () -- C:\Programme\QuickTime\QTSystem\QTCF.dll
MOD - [2009.09.04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.09.04 22:14:56 | 000,120,096 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009.09.04 22:14:44 | 000,039,712 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2008.11.02 19:44:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.11.02 19:44:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.10.09 10:35:37 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3163.29525__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:37 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3163.29501__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:37 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3163.29527__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3163.29521__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3163.29512__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:36 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3163.29636__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:36 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3163.29612__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3163.29591__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3163.29575__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:22 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3163.29637__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:22 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3163.29509__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:21 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3163.29597__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:20 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3163.29571__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3163.29513__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3163.29590__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3163.29576__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3163.29532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:20 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3163.29527__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3163.29584__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Dashboard\2.0.3163.29579__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3163.29575__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3163.29583__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3163.29576__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3163.29590__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:19 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.10.09 10:35:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3119.30063__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3119.30065__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3119.30127__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.10.09 10:35:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3119.30092__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3119.30081__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3119.30117__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3119.30171__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3119.30128__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3119.30104__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3119.30177__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3119.30120__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3119.30176__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.10.09 10:35:18 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3119.30149__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3119.30067__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3119.30096__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3119.30118__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3119.30232__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.10.09 10:35:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3119.30122__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3119.30145__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.3119.30143__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3119.30100__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3119.30089__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3119.30082__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3119.30119__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.10.09 10:35:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3119.30094__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3119.30139__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3119.30129__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.10.09 10:35:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.10.09 10:35:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3119.30093__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.10.09 10:35:11 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3163.29498_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll
MOD - [2008.10.09 10:35:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3163.29648__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.10.09 10:35:10 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3163.29656__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008.10.09 10:35:09 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3163.29517__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.10.09 10:35:09 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3163.29629__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.10.09 10:35:09 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3163.29628__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.10.09 10:35:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3163.29498__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2008.10.09 10:35:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3163.29497__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.10.09 10:35:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3119.30123__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.10.09 10:35:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3119.30076__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3119.30085__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3119.30121__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.10.09 10:35:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3119.30121__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3119.30074__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2008.10.09 10:35:09 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2008.10.09 10:35:09 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3163.29495__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.10.09 10:35:08 | 000,999,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3163.29506__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.10.09 10:35:08 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3163.29497__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.10.09 10:35:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3163.29496__90ba9c70f846762e\APM.Server.dll
MOD - [2008.10.09 10:35:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3163.29495__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.10.09 10:35:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3119.30101__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.10.09 10:35:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.10.09 10:35:08 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3163.29629__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.10.09 10:35:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3119.30113__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.10.09 10:35:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3119.30150__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.07.29 17:52:38 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.07.27 19:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.24 15:54:20 | 000,757,760 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.07.24 15:54:16 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008.07.22 15:13:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.06.30 16:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2008.04.28 09:49:20 | 000,003,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011.10.18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011.10.18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011.10.18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.07.16 11:56:22 | 000,024,992 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2011.07.16 11:56:18 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010.05.11 21:36:10 | 001,619,272 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.10.09 10:48:12 | 003,521,024 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.10.15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011.10.15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.10.15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011.10.15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.10.15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.10.15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011.10.15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011.10.15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.03.10 23:21:32 | 000,103,744 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008.12.29 22:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.12.16 06:05:40 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.10.17 14:49:50 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/03/20 16:12:30] [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.10.09 10:48:07 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.07.22 15:58:00 | 003,885,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.07.18 02:09:00 | 000,148,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.05.28 16:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.05.28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.28 02:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.07.03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Winamp Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\chris\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011.11.14 15:47:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011.12.16 16:49:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.29 18:49:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.29 18:49:12 | 000,000,000 | ---D | M]
 
[2009.01.16 20:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\mozilla\Extensions
[2011.12.13 14:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions
[2010.11.03 14:12:51 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.09.03 02:13:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.13 14:57:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.03 14:15:15 | 000,001,196 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\p4zr2t02.default\searchplugins\winamp-search.xml
[2011.11.29 18:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.16 16:49:26 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20111130133251.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [AllShareAgent] C:\Programme\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [avupdate] C:\Users\chris\AppData\Roaming\mahmud.exe (Packard Bell BV)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CD06D75-C533-4034-AF76-58210A84C053}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1F7E87-471E-44B8-84A0-57A07C532C06}: DhcpNameServer = 83.169.184.161 83.169.184.225
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\chris\Pictures\Bwin happy hour hintergrund.jpg
O24 - Desktop BackupWallPaper: C:\Users\chris\Pictures\Bwin happy hour hintergrund.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.16 16:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.12.16 16:47:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2011.12.15 21:12:44 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Malwarebytes
[2011.12.15 21:12:37 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.15 21:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.15 21:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.15 21:12:33 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.15 21:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.15 17:37:51 | 000,194,560 | ---- | C] (Packard Bell BV) -- C:\Users\chris\AppData\Roaming\mahmud.exe
[2011.11.29 02:55:32 | 000,000,000 | ---D | C] -- C:\Download
[2011.11.29 02:54:47 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\My Videos
[2011.11.29 02:52:29 | 000,000,000 | ---D | C] -- C:\AllSharePhotoSlide
[2011.11.29 02:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.11.29 02:45:54 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Downloaded Installations
[2008.11.03 03:43:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Users\chris\AppData\Local\*.tmp files -> C:\Users\chris\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.16 16:50:22 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011.12.16 16:50:01 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.16 16:50:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.16 16:50:01 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.16 16:50:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.16 16:45:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.12.16 16:45:07 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.16 16:44:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 16:44:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 16:44:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.16 16:44:17 | 2647,003,136 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.16 16:44:16 | 000,488,708 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2011.12.16 16:37:13 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.16 16:13:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2011.12.16 15:35:16 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2011.12.16 15:30:30 | 000,006,836 | ---- | M] () -- C:\Users\chris\AppData\Local\d3d9caps.dat
[2011.12.16 15:00:57 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.15 19:33:34 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{FB7A7CBD-6314-4D56-9F50-AD4469DCABAC}
[2011.12.15 17:37:51 | 000,194,560 | ---- | M] (Packard Bell BV) -- C:\Users\chris\AppData\Roaming\mahmud.exe
[2011.11.29 18:49:34 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.29 02:54:38 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2 C:\Users\chris\AppData\Local\*.tmp files -> C:\Users\chris\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.16 16:44:17 | 2647,003,136 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.15 21:12:37 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.15 19:33:34 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{FB7A7CBD-6314-4D56-9F50-AD4469DCABAC}
[2011.12.13 15:00:14 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011.11.29 18:49:34 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.29 02:54:38 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2010.03.16 22:20:35 | 000,000,586 | ---- | C] () -- C:\Windows\wininit.ini
[2009.03.20 16:07:54 | 000,006,836 | ---- | C] () -- C:\Users\chris\AppData\Local\d3d9caps.dat
[2009.03.20 04:01:56 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.02.12 20:06:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.02.12 20:02:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.01.29 01:52:20 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.01.29 01:52:14 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009.01.29 01:52:14 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.29 01:52:14 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.29 01:52:11 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.01.29 00:24:15 | 000,000,920 | ---- | C] () -- C:\Users\chris\AppData\Roaming\wklnhst.dat
[2009.01.16 20:28:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.01.15 21:08:36 | 000,038,400 | ---- | C] () -- C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.15 18:26:52 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.01.15 18:26:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.03 03:41:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.11.03 03:41:42 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2008.11.03 03:41:37 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.11.03 03:41:36 | 000,174,820 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.11.03 03:41:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.11.03 03:41:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.11.02 20:10:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.11.02 20:10:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.11.02 19:44:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.11.02 19:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2008.11.02 19:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.11.02 19:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.11.02 19:33:23 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.10.09 11:01:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.09 10:58:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.10.09 10:48:34 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.10.09 10:39:37 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.10.09 10:39:37 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.10.09 10:39:37 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,298,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.02.27 14:16:43 | 000,000,000 | -HSD | M] -- C:\Users\chris\AppData\Roaming\.#
[2008.11.02 20:07:45 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Acer GameZone Console
[2009.01.26 07:40:46 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\iWin
[2011.04.19 16:52:35 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Pyroxi
[2011.11.29 02:54:47 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Samsung
[2010.11.03 14:24:45 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\streamripper
[2009.01.29 00:24:24 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Template
[2011.04.01 16:07:34 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Zeeku
[2011.12.16 16:31:37 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.03.18 03:27:43 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.01.15 19:19:29 | 000,000,000 | ---D | M] -- C:\ACER
[2009.01.15 17:41:07 | 000,000,000 | ---D | M] -- C:\ACERSW
[2011.11.29 02:52:29 | 000,000,000 | ---D | M] -- C:\AllSharePhotoSlide
[2008.11.02 20:38:39 | 000,000,000 | ---D | M] -- C:\book
[2008.11.03 03:43:40 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.01.23 14:25:05 | 000,000,000 | ---D | M] -- C:\bwinPoker
[2008.10.09 10:46:36 | 000,000,000 | ---D | M] -- C:\CLSetup
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.01.15 17:35:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.29 02:55:32 | 000,000,000 | ---D | M] -- C:\Download
[2008.11.02 20:13:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.15 21:12:33 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.15 21:12:36 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.01.15 17:35:35 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.06.17 18:59:55 | 000,000,000 | ---D | M] -- C:\Skat 2095 Special Edition
[2011.12.16 17:06:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.09.07 00:09:58 | 000,000,000 | ---D | M] -- C:\TEMP
[2009.01.15 17:40:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.16 15:10:39 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.05.28 07:47:08 | 000,171,016 | R--- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\ACER\Preload\Autorun\DRV\AMD VGA Chip RS780MN M82ME-XT M86ME\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008.05.28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.05.28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_37966648\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.22 05:59:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.22 15:13:22 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
< %USERPROFILE%\*.* >
[2011.12.16 17:45:50 | 002,097,152 | -HS- | M] () -- C:\Users\chris\ntuser.dat
[2011.12.16 17:45:50 | 000,262,144 | -H-- | M] () -- C:\Users\chris\ntuser.dat.LOG1
[2011.12.15 19:06:22 | 000,262,144 | -H-- | M] () -- C:\Users\chris\ntuser.dat.LOG2
[2011.12.15 19:06:22 | 001,048,576 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2011.12.15 19:06:22 | 001,048,576 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2011.12.15 19:06:22 | 001,048,576 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2011.12.15 19:06:22 | 000,065,536 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2011.12.16 16:31:34 | 000,065,536 | -HS- | M] () -- C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.10.20 20:52:45 | 000,524,288 | -HS- | M] () -- C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011.12.16 16:31:34 | 000,524,288 | -HS- | M] () -- C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.01.15 17:40:48 | 000,000,020 | -HS- | M] () -- C:\Users\chris\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:533D8A6F8B270344
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:131C0EE9

< End of report >
--- --- ---

hellmchen 17.12.2011 00:16
Extra.txtOTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 16.12.2011 16:52:01 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\chris\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,47 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 44,89% Memory free
5,15 Gb Paging File | 3,48 Gb Available in Paging File | 67,59% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 69,88 Gb Free Space | 48,52% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 125,93 Gb Free Space | 89,63% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F630C2-C41B-4CBE-8C31-D2C7AED204A8}" = lport=54010 | protocol=6 | dir=in | name=samsung allshare slideshow service |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0225BC7C-83DB-4455-A264-5664B4BD3FA2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{17017371-A6DE-4828-A779-7D6DC76F87E5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{23A3C4BC-FF0A-4CC7-BC7C-F168164A21F8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{257B0777-3292-48CD-B611-B72990B75D9B}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{293AAD03-85F4-4F67-8F9F-4E8F8CA3787A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{2BA67EA2-19AD-44A6-95E2-3002B13B1269}" = protocol=17 | dir=in | app=c:\program files\pokerstars\pokerstarsupdate.exe |
"{47AF73F3-1151-4C96-9548-67F5C3BD01BA}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{48F1979D-619D-4AD2-BAA4-E99A787507B4}" = protocol=6 | dir=in | app=c:\program files\pokerstars\pokerstarsupdate.exe |
"{524F7873-BBA6-499F-84C2-0936032E8FE4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5F6B9371-EFFC-4207-8E89-BD35184C2146}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{640ACD16-57BC-400A-89C0-9FB41AE16147}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6E6747F2-64F2-4556-806C-747E507D275F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{726740F6-A330-461E-AE63-FB83E3D1DF07}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7D8D9EBA-D05E-47A8-8EBD-5F653F347B6F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{88EA6CF1-2E78-4687-902B-5FC3834CF00C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{89A6E70C-07DD-492D-8FB7-643941326A5B}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{930C6F60-8DD7-4AB3-998B-2E987A853CEB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9DBCC9A3-90F2-40C1-B04A-CF4B6FE2BF1C}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{AAAF2C78-63DF-4889-9441-46A0D6BE76C1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B340BBCB-3EC6-4461-9EF6-25B67D727AF9}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{B4A8A6E2-08B7-467D-B2B7-365D0C491EE9}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{B8512EFA-C65E-4602-A310-D483EA0F7660}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{E8A0A7B6-374F-4D15-9933-938A33DF6659}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{EB0CFD4D-9C3E-429D-B18A-206B90B305B3}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FA91417E-D4CE-40E6-9609-90B3212C772D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCED06DD-7466-47D2-A985-6EEDEFF33A63}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"TCP Query User{49E2777C-3188-4926-9006-96AC298307E7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8D6C2AEC-1E52-464C-80F3-B5F9DC91F1C4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{1FFA2FA5-DCD2-41F8-BBDF-083A2ED3202A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{763B339B-EAD3-40BC-BC08-602DE8F62626}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002097BB-4AFC-F885-A061-D674E5A7D586}" = Catalyst Control Center Localization Czech
"{02755AE5-6643-FF3B-E1B9-C35D88D1B519}" = Catalyst Control Center Core Implementation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D0E5A72-16E4-2976-1BB6-9B1588FD1688}" = CCC Help Danish
"{0D7B6373-8A37-A1FD-8AB0-43AAD69A4173}" = CCC Help Portuguese
"{0DED2BE4-B8D3-6422-613D-79619C997D03}" = CCC Help Czech
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{12F0F9AE-14C1-D9B2-3627-4E7B2E3FCC62}" = Catalyst Control Center Localization Swedish
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13EAEF04-7E24-F813-9F5E-588ABAB48DDF}" = Catalyst Control Center Localization Spanish
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3
"{1F9DFBC7-D9C5-2F90-EB8C-1BFAA992A264}" = CCC Help Spanish
"{223E1972-08A7-6232-B8BF-AEFB0D55F131}" = Catalyst Control Center Graphics Full New
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{28043791-BCD6-349E-1358-74E91F0CC056}" = CCC Help Japanese
"{28C0E907-7C72-7E55-C9D1-822635050011}" = Catalyst Control Center Localization Russian
"{29CF0734-CBA0-E24C-6CE4-CF8CCF65E9F1}" = Catalyst Control Center Localization French
"{29E9D72B-AFAB-5EDF-DF53-FE41147CDF44}" = CCC Help Greek
"{2E4AB89A-C177-40D5-B018-B0152D3F2305}" = Catalyst Control Center - Branding
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{31DC5AB6-0E15-97EF-F8C5-507D9A4254A2}" = Catalyst Control Center Localization Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C4DF11D-CDB9-9FC4-68B2-0639C35D12B3}" = CCC Help Turkish
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44353286-A029-E150-E0AC-D5A9A7354EDC}" = CCC Help French
"{4D5FE96A-7708-CD37-FF52-C7E00D9E4E4C}" = Catalyst Control Center Localization Hungarian
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5095E8BE-8C1F-EDDA-8E46-8EDA4ECCDC62}" = Catalyst Control Center Localization Dutch
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BD279D5-67E0-9088-1A3D-12F51671021D}" = Catalyst Control Center Localization Norwegian
"{5C77247B-F8B6-FAF4-1681-B5DAE7E62312}" = CCC Help Hungarian
"{6090F363-5D4F-E7D7-5ED7-031A753C3384}" = ccc-utility
"{6252C234-C8D0-5B4F-A142-AC50DBF48718}" = Catalyst Control Center Localization Korean
"{641BC1FD-F2A2-1A40-DAF7-F5A96A96D4CB}" = Catalyst Control Center Localization Polish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C55D7E5-F296-4352-CB18-D53443D26B45}" = Catalyst Control Center Localization Italian
"{7157B290-394E-30E1-3B1B-D46CB6913BC8}" = Catalyst Control Center Localization Thai
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A1D1C2B-0F70-1914-CE8D-6A1E6C928AE8}" = CCC Help Chinese Standard
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D36BA0E-75EC-51FB-A7B0-EB7BA6BE0A05}" = CCC Help Korean
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92894D89-0A51-C4B4-39B4-C5460544F788}" = CCC Help Russian
"{9346230F-C4A8-17D3-D096-7E8367676DD1}" = ATI Catalyst Install Manager
"{9451B7F2-1745-99D0-DEBB-D589EAD4E96C}" = CCC Help Polish
"{9E569D4E-7DB4-2EF9-4E14-786507F4415D}" = CCC Help Norwegian
"{9FB10BC7-66AF-74D8-730C-937D717D7179}" = CCC Help English
"{A15FA2C2-261B-EAB2-B966-8747ACC663BB}" = ccc-core-static
"{A2FAA089-E483-8F22-1EC4-DF063D35BC07}" = CCC Help German
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A73A8DFE-C038-771D-7E02-E10489D5FDE2}" = Catalyst Control Center InstallProxy
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12707C5-AC65-1931-DDB4-01BDF3E8199E}" = Catalyst Control Center Localization Chinese Standard
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7246337-1876-A73D-4BA1-F82580ECBEFB}" = Catalyst Control Center Localization German
"{BA4022C7-73DC-0475-66D5-42F848C8689C}" = Catalyst Control Center Localization Danish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3998FFF-D1A7-6EDA-A875-1E682FF97C8B}" = CCC Help Dutch
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C910E5DF-2963-E060-5788-60652960B779}" = CCC Help Chinese Traditional
"{C9AEF005-E9D0-5696-609B-223A1F5895F2}" = CCC Help Thai
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC9A7C19-5B95-738F-8874-CCBD3C953265}" = Catalyst Control Center Localization Turkish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D2951D23-EA51-8B7F-21A2-41F70CE18420}" = Catalyst Control Center Localization Finnish
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7CF461-F5F3-B13D-EB0F-D693E93732A8}" = Catalyst Control Center Localization Japanese
"{DDC3E8AB-3642-69AF-92FE-5AF21BC7674E}" = CCC Help Swedish
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7FDC74E-1212-26E7-F3D3-017B7EAF465D}" = Catalyst Control Center Graphics Light
"{E962C12D-980F-3FD1-4668-EFE380BAAD66}" = CCC Help Italian
"{EB1DFFCD-0910-800A-B11A-15AD9386E524}" = Catalyst Control Center Localization Greek
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD52F0AA-76EB-D838-EF16-BB157EE9351C}" = Catalyst Control Center Graphics Full Existing
"{FDBA1DEC-67ED-BC53-F667-C679FAC0B692}" = CCC Help Finnish
"{FE6C4A72-BB28-6E2D-3EE9-F0E37ECC7EFF}" = Catalyst Control Center Localization Chinese Traditional
"Acer Acer Bio Protection 6.0.00.16" = Acer Bio Protection

AAU 6.0.00.16
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AnyDVD" = AnyDVD
"bwin" = bwin Poker (remove only)
"bwin Poker_is1" = bwin Poker
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"EADM" = EA Download Manager
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.5.3
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MSC" = McAfee Internet Security Suite
"PokerReader" = PokerReader 0.9b85
"PokerStars" = PokerStars
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Skat 2095 Special Edition V2.0_is1" = Skat 2095 Special Edition V2.0
"SpeedFan" = SpeedFan (remove only)
"Streamripper" = Streamripper (Remove only)
"Sweepi_is1" = Sweepi 5.4.00
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

hellmchen 17.12.2011 00:18
ich hoffe mal das passt alles so weil ich wusste nicht ganz was du mit schließe alle programme meintest hab alle fenster die ofen waren geschlossen und dann gescannt wenn das falsch ist wäre es net wenn du mir einen tipp geben könntest wie ich alle programme schnell schließe wie gesagt ich bin pc laie

hellmchen 17.12.2011 12:42
bei mir ist grad von mc afee ne meldung gekommen das 1 trojaner entfernt wurde hat es anscheinend selbstständig gemacht
der trojaner befand sich in der mahmud datei appdata\roaming\mahmud
könnte es sein das mcafee mir den bka trojaner gerade entfernt hat und alles wieder funktioniert?
oder ist das eine verfrühte hoffnung?

markusg 17.12.2011 15:12
ja hat er.
öffne malwarebytes, logdateien poste alle logs

hellmchen 17.12.2011 15:56
meinst du damit ich soll malware jetzt einmal aktualisieren und dann durchlaufen lassen und dann das ergebniss posten?

markusg 17.12.2011 15:57
nein, ich sagte ja öffnen logdateien scan logs posten

hellmchen 17.12.2011 16:00
Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7035

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

15.12.2011 21:18:00
mbam-log-2011-12-15 (21-18-00).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158855
Laufzeit: 4 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{63159D34-4E82-B24A-DC44-21CC8852ADFA} (Trojan.ZbotR.Gen) -> Value: {63159D34-4E82-B24A-DC44-21CC8852ADFA} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


22:01:53 chris ERROR Scheduled update failed: No address found failed with error code 11004
22:02:10 chris MESSAGE Protection started successfully
22:09:40 chris MESSAGE Protection started successfully
22:09:52 chris MESSAGE IP Protection started successfully


05:30:40 chris MESSAGE Protection started successfully
05:30:47 chris MESSAGE IP Protection started successfully
15:00:05 chris MESSAGE Protection started successfully
15:00:16 chris MESSAGE IP Protection started successfully
15:00:25 chris MESSAGE IP Protection stopped
15:00:33 chris MESSAGE Database updated successfully
15:00:39 chris MESSAGE IP Protection started successfully
15:09:11 chris MESSAGE Protection started successfully
15:09:21 chris MESSAGE IP Protection started successfully
15:35:01 chris MESSAGE Protection started successfully
15:35:12 chris MESSAGE IP Protection started successfully
16:39:57 chris MESSAGE Protection started successfully
16:47:17 chris MESSAGE Protection started successfully
16:47:38 chris MESSAGE IP Protection started successfully



11:19:02 chris MESSAGE Scheduled update executed successfully
11:19:05 chris MESSAGE IP Protection stopped
11:19:16 chris MESSAGE Database updated successfully
11:19:22 chris MESSAGE IP Protection started successfully
11:42:40 chris MESSAGE IP Protection stopped
12:31:01 chris MESSAGE Protection started successfully
12:31:13 chris MESSAGE IP Protection started successfully
12:45:43 chris IP-BLOCK 68.168.114.219 (Type: outgoing, Port: 49320, Process: firefox.exe)

so das sind alle logs die drin waren

markusg 17.12.2011 16:03
öffne start suche tippe:
windows update
enter
einstellungen, updates automatisch instalieren, intervall täglich, uhrzeit wählen.
ansonsten alles anhaken außer detailierte anzeige.
ok klicken.
updates suchen, wichtige updates instalieren.
auch optionale.
es wird neustarts geben, dann musst du es noch mal aufrufen wieder auf suchen, bis es nichts mehr zu hohlen gibt

hellmchen 17.12.2011 16:15
ok ich mach das jetzt mal und melde mich wenn alles gemacht ist :)

hellmchen 17.12.2011 18:06
so updates habe ich probiert er hat mir auch das sevice paket 2 gefunden und installiert
jetzt habe ich aber größere probleme als vorher!!
sobald ich etwas anklicke egal was es ist friert anscheinend mein pc ein ich sehe nur noch den kleinen blauen kreis laufen mehr nicht mehr
und im abgesicherten modus kann ich ja wie bekannt nichts machen da sich mein laptop da ja nach spätestens 10 min abschaltet
kann also weder einen scan oder was anderes machen

ich hoffe du kannst mir helfen da pc plattmachen bei mir echt problematisch ist da ich ein vorinstalliertes vista habe und somit keine cd

mfg hellmchen

hellmchen 17.12.2011 19:09
nicht das du es falsch verstehst der blaue kreis läuft ewig mittlerweile schon 1h nur um eine infomeldung zu schließen den desktop sehe ich aber noch

markusg 17.12.2011 19:16
schon mal versucht neu zu starten?
falls dies klappt:
lade den CCleaner standard:
CCleaner Download - CCleaner 3.13.1600
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

hellmchen 17.12.2011 19:23
kann ich das mit dem ccleaner im abgesicherten modus machen? da ich da ja hoffe ich ein paar minunten zeit habe

ps : neustart habe ich schon 4-5 mal probiert klappt nicht

markusg 17.12.2011 19:34
misst.
hast du nen zweiten pc zur verfügung?
Download | Ubuntu
dann brenne mal ubuntu, und starte das infizierte gerät mit dieser cd und wähle probier modus sichere dann mal deine wichtigsten daten auf nen externen daten träger.
bilder musik filme dokumente.
wir werden evtl. das system komplett neu aufsetzen müssen und dann halt gleich von anfang an das system richtig absichern mit servicepacks etc.

hellmchen 17.12.2011 19:39
ja bin am laptop meines vaters
und werde da es mal runterladen
da steht dann aber entweder speichern oder öffnen mit nero
soll ich es speichern oder mit nero öffen?
wenn ich es mit nero öffne brennt es mir das dann gleich auf die cs die ich einlege?
und kannst du mir sagen ob das problem mit dem service pack 2 zu tun hat?

markusg 17.12.2011 19:46
ja erst mal speichern und dann brennen.
evtl. hat sich ne software mit dem sp2 nicht vertragen, aber das sp2 ist wichtig.
deswegen werden wir vllt mal das system komplett neu instaliren, keine angst das geht einfach, und dann gleich schauen das es vernünftig abgesichert ist.

hellmchen 17.12.2011 19:49
ich habe es grad nochmal probiert bei meinem laptop nachdem ich den cleaner von meinem vater auf einen usb stick gezogen habe und habe es auch geschafft ihn bei mir zu installieren und werde die liste die du wolltest hoffentlich so erstellen können denn das komische ist auch das ich in der ersten minute während sich noch alles aufbaut auch was machen konnte und er dann erst hängen bleibt

hoffen wir mal das beste

hellmchen 17.12.2011 19:54
ich versuch jetzt noch die liste zu erstellen und ubuntu runterzuladen und dann bin ich für heute erstmal off da ich keine zeit mehr habe ich hoffe das geht in ordnung das ich dir morgen oder montag wann du zeit hast die liste geben kann und wir dann weiterschauen

ich wünsche dir schon mal einen schönen abend noch
mfg hellmchen

hellmchen 17.12.2011 20:24
50 FREE MP3s +1 Free Audiobook! eMusic.com Inc 02.11.2010 0,11MB 1.0.0.1 UNWICHIG
Acer Arcade Deluxe CyberLink Corp. 08.10.2008 83,0MB 2.0.5529 UNBEKANNT
Acer Bio Protection AAU 6.0.00.16 08.10.2008 182,9MB UNBEKANNT
Acer Crystal Eye Webcam 2.0.8.3 SuYin 08.10.2008 2,95MB 2.0.8.3 UNBEKANNT
Acer eAudio Management CyberLink Corp. 08.10.2008 4,71MB 3.0.3008 UNBEKANNT
Acer eDataSecurity Management Egis Inc. 02.11.2008 69,3MB 3.0.3065 UNBEKANNT
Acer Empowering Technology Acer Incorporated 01.11.2008 147,8MB 3.0.3009 UNBEKANNT
Acer ePower Management Acer Incorporated 01.11.2008 9,83MB 3.0.3014 UNBEKANNT
Acer eRecovery Management Acer Incorporated 08.10.2008 27,6MB 3.0.3014 UNBEKANNT
Acer eSettings Management Acer Incorporated 01.11.2008 27,4MB 3.0.3007 UNBEKANNT
Acer GameZone Console 2.0.1.1 Oberon Media, Inc. 01.11.2008 38,5MB UNWICHTIG
Acer GridVista 08.10.2008 1,51MB 2.72.317 UNBEKANNT
Acer Mobility Center Plug-In Acer Inc. 01.11.2008 4,13MB 3.0.3000 UNBEKANNT
Acer ScreenSaver Acer Incorporated 08.10.2008 1.11.0701 UNBEKANNT
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 08.10.2008 14,0MB UNBEKANNT
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.12.2011 WICHTIG 11.1.102.55
Adobe Flash Player ActiveX Adobe Systems Incorporated 08.10.2008 9.0.124.0 WICHTIG
Adobe Reader 8.1.0 Adobe Systems Incorporated 02.11.2008 87,9MB 8.1.0 WICHTIG
Adobe Shockwave Player 11 Adobe Systems, Inc. 04.03.2009 7,36MB 11 WICHTIG
Agatha Christie Death on the Nile Oberon Media 08.10.2008 160,8MB UNBEKANNT
Agere Systems HDA Modem Agere Systems 01.11.2008 UNBEKANNT
Alice Greenfingers Oberon Media 08.10.2008 13,3MB UNBEKANNT
AnyDVD SlySoft 19.03.2009 6,11MB UNWICHTG
Apple Application Support Apple Inc. 11.09.2009 32,2MB 1.0 UNBEKANNT
Apple Mobile Device Support Apple Inc. 11.09.2009 40,4MB 2.6.0.32UNBEKANNT
Apple Software Update Apple Inc. 11.09.2009 2,16MB 2.1.1.116 UNBEKANNT
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet UNBEKANNT
Driver Atheros Communications Inc. 01.11.2008 2,93MB 1.0.0.35 UNBEKANNT
ATI Catalyst Install Manager ATI Technologies, Inc. 09.10.2008 13,7MB 3.0.685.0 UNBEKANNT
Azada Oberon Media 08.10.2008 61,8MB UNBEKANNT
Backspin Billiards Oberon Media 08.10.2008 8,14MB UNBEKANNT
Big Kahuna Reef Oberon Media 08.10.2008 10,9MB UNBEKANNT
Bonjour Apple Inc. 11.09.2009 0,49MB 1.0.106 UNBEKANNT
Bricks of Egypt Oberon Media 08.10.2008 6,73MB UNBEKANNT
bwin Poker bwin 22.01.2011 17,9MB UNWICHTIG
bwin Poker (remove only) 04.03.2009 36,9MB UNWICHTIG
Cake Mania Oberon Media 08.10.2008 17,5MB UNBEKANNT
CCleaner Piriform 16.12.2011 4,20MB 3.13 ????
Chicken Invaders 3 Oberon Media 08.10.2008 53,4MB UNBEKANNT
Chuzzle Oberon Media 08.10.2008 10,3MB UUNBEKANNT
CyberLink PowerDirector CyberLink Corp. 01.11.2008 199,7MB 6.5.3023 UNBEKANNT
Die Sims™ 3 Electronic Arts 25.06.2009 5.618MB 1.2.7 UNWICHTIG
Diner Dash Flo on the Go Oberon Media 08.10.2008 17,2MB UNBEKANNT
DivX Codec DivX, Inc. 09.08.2009 1,31MB 6.8.5 UNWICHTIG
DivX Converter DivX, Inc. 09.08.2009 45,3MB 7.1.0 UNWICHTIG
DivX Player DivX, Inc. 09.08.2009 8,43MB 7.2.0 UNWICHTIG
DivX Plus DirectShow Filters DivX, Inc. 09.08.2009 1,58MB UNWICHTIG
DivX Web Player DivX,Inc. 09.08.2009 2,83MB 1.5.0 UNWICHTIG
DVD Shrink 3.2 DVD Shrink 19.03.2009 0,97MB UNWICHTIG
EA Download Manager Electronic Arts, Inc. 10.09.2009 7,99MB 5.1.0.4 UNWICHTIG
eSobi v2 esobi Inc. 01.11.2008 16,8MB 2.0.3.000201 UNBEKANNT
Free M4a to MP3 Converter 6.0 ManiacTools.com 11.02.2009 3,46MB WICHTIG
Google Desktop Google 30.07.2010 30,2MB 5.9.1005.12335 UNBEKANNT
Google Toolbar for Internet Explorer Google Inc. 30.11.2011 35,1MB 7.2.2308.2056 UNBEKANNT
iTunes Apple Inc. 11.09.2009 132,6MB 9.0.0.70 UNWICHTIG
Java(TM) 6 Update 13 Sun Microsystems, Inc. 16.01.2009 94,4MB 6.0.130 WICHTIG?
Jewel Quest Solitaire Oberon Media 08.10.2008 27,0MB UNBEKANNT
K-Lite Mega Codec Pack 4.5.3 28.01.2009 51,3MB 4.5.3 UNBEKANNT
Kick N Rush Oberon Media 08.10.2008 43,3MB UNBEKANNT
Launch Manager 08.10.2008 2,67MB UNBEKANNT
Mahjong Escape Ancient China Oberon Media 08.10.2008 13,6MB UNBEKANNT
Mahjongg Artifacts Oberon Media 08.10.2008 15,9MB UNBEKANNT
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 15.12.2011 6,77MB 1.51.2.1300 WICHTIG ?
McAfee Internet Security Suite McAfee, Inc. 30.11.2011 126,9MB 11.0.623 WICHTIG
McAfee Security Scan Plus McAfee, Inc. 04.08.2010 9,09MB 2.0.181.2 WICHTIG
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 09.08.2009 37,0MB UNBEKANNT
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 05.08.2009 37,0MB UNBEKANNT
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319 UNBEKANNT
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319 UNBEKANNT
Microsoft Office Home and Student 2007 Microsoft Corporation 01.11.2008 298MB 12.0.6215.1000 UNBEKANNT
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 02.11.2008 0,41MB 8.0.56336 UNBEKANNT
Microsoft Works Microsoft Corporation 02.11.2008 283MB 08.05.0822 UNWICHTIG?
Microsoft WSE 3.0 Runtime Microsoft Corp. 23.06.2009 0,92MB 3.0.5305.0 UNBEKANNT
Move Media Player Move Networks 15.03.2010 9,95MB UNBEKANNT
Mozilla Firefox 8.0.1 (x86 de) Mozilla 28.11.2011 40,0MB 8.0.1 WICHTIG
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 15.01.2009 1,28MB 4.20.9870.0 UNBEKANNT
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,34MB 4.20.9876.0 UNBEKANNT
Mystery Case Files - Huntsville Oberon Media 08.10.2008 24,4MB UNBEKANNT
Mystery Solitaire - Secret Island Oberon Media 08.10.2008 19,9MB UNBEKANNT
NTI Backup Now 5 NewTech Infosystems 01.11.2008 28,6MB 5.1.2.606 WICHTIG
NTI Media Maker 8 NewTech Infosystems 01.11.2008 187,0MB 8.0.2.6329 WICHTIG
O&O Defrag Professional O&O Software GmbH 04.08.2010 36,9MB 12.5.339 UNWICHTIG
Orion Convesoft 02.11.2008 12,2MB 2.0.1 UNBEKANNT
PhotoNow! CyberLink Corp. 08.10.2008 1,65MB 1.1.4619 UNBEKANNT
PokerReader 0.9b85 Sharktoolz 17.02.2011 23,5MB 0.9b85 UNWICHTIG
PokerStars PokerStars 09.02.2011 75,6MB UNWICHTIG
QuickTime Apple Inc. 11.09.2009 76,5MB 7.64.17.73 UNWICHTIG
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 08.10.2008 26,4MB 6.0.1.5688 UNBEKANNT
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 01.11.2008 4,00MB UNBEKANNT
Samsung AllShare Samsung Electronics Co., Ltd. 28.11.2011 80,0MB 2.1.0.11072_11 WICHTIG für TV-Gerät
SAMSUNG Mobile Composite Device Software 11.02.2009 UNBEKANNT
SAMSUNG Mobile Modem Driver Set 11.02.2009 UNBEKANNT
Samsung Mobile phone USB driver Software 11.02.2009 UNBEKANNT
SAMSUNG Mobile USB Modem 1.0 Software 11.02.2009 UNBEKANNT
SAMSUNG Mobile USB Modem Software 11.02.2009 UNBEKANNT
Samsung PC Studio 3 Samsung Electronics Co., Ltd. 22.09.2009 146,8MB 3.2.1.80206 UNWICHTIG
Samsung PC Studio 3 USB Driver Installer Samsung Electronics Co., Ltd. 11.02.2009 146,8MB 3.2.0.70701 UNWICHTIG
Samsung Samples Installer Samsung Electronics Co., Ltd. 22.09.2009 133,9MB 1.00.0000 UNWICHTIG
Skat 2095 Special Edition V2.0 16.06.2009 9,16MB UNWICHTIG
SPBA 5.8 UPEK Inc. 09.10.2008 20,1MB 5.8.2.4218 UNBEKANNT
SpeedFan (remove only) 16.07.2010 4,76MB UNWICHTIG
Streamripper (Remove only) 02.11.2010 6,30MB UNWICHTIG
Sweepi 5.4.00 YooApplications 03.08.2010 350MB 5.4.00 WICHTIG?
Synaptics Pointing Device Driver Synaptics 08.10.2008 14,4MB 11.1.4.0 UNBEKANNT
Turbo Pizza Oberon Media 08.10.2008 175,4MB UNBEKANNT
Winamp Nullsoft, Inc 02.11.2010 37,9MB 5.581 UNWICHTIG
Winamp Erkennungs-Plug-in Nullsoft, Inc 02.11.2010 0,13MB 1.0.0.1 UNWICHTIG
Winamp Toolbar 02.11.2010 2,20MB UNWICHTIG
Winbond CIR Device Drivers Winbond Electronics Corporation 02.11.2008 2,25MB 7.60.1012 UNBEKANNT
WinRAR 25.01.2009 3,73MB UNBEKANNT
Zuma Deluxe Oberon Media 08.10.2008 11,2MB UNBEKANNT

so liste habe ich noch geschafft
falls fragen sind zu der liste einfach fragen ^^

markusg 18.12.2011 16:54
deinstaliere:
50 FREE MP3s +
Acer Arcade
Acer Bio Protection
Acer Crystal Eye Webcam
Acer GameZone Console
Acer GridVista
Acer ScreenSaver
Agatha Christie
Alice Greenfingers
AnyDVD
Apple alle
Azada
Backspin
Big Kahuna
Bonjour
Bricks of Egypt
bwin Poker beide
Cake Mania
Chicken Invaders
Chuzzle
CyberLink PowerDirector
Die Sims™
Diner Dash
DivX alle
DVD Shrink
EA
eSobi
Google beide
iTunes
Java
Download der kostenlosen Java-Software
downloade java jre
deinstaliere:
Jewel
K-Lite
Kick N Rush
Launch Manager
Mahjong beide
Move Media
Mystery beide
OO Defrag
Orion Convesoft
PhotoNow
PokerReader
PokerStars
QuickTime
Skat 2095
SpeedFan
Turbo Pizza
Winamp alle
Winbond
Zuma
bereinige mit dem ccleaner, ne verbesserung?

hellmchen 18.12.2011 16:56
kann ich das deinstallieren im abgesicherten modus machen?

oder meinst du ich soll das mit der ubuntu cd machen?

und danach soll ich den ccleaner einmal durchlaufen lassen richig?

markusg 18.12.2011 17:01
im abgesicherten modus.
aber eig wäre wohl wie gesagt formatieren und neuinstalieren das beste aber versuchen kannst es ja mal

hellmchen 18.12.2011 17:02
ok ich probiere es mal formatieren is ja so ne sache da ich keine windows cd habe

aber ich probier es jetzt mal und melde mich dann wieder

markusg 18.12.2011 17:04
naja woher hast du denn windows? außerdem siehts so aus als hätte das gerät ne recovery funktion da benötigt man evtl. keine cd, sag mir mal wie das gerät heißt

hellmchen 18.12.2011 17:18
das ist ein aspire 6530g von acer und windows war vorinstalliert

hellmchen 18.12.2011 17:23
ich hab die ersten 2 dinge deinstalliert nur das acer acarde konnte ich nicht machen versuch es grad im normalen modus und er ist noch nicht eingefroren nach immerhin schon 5 min ^^ sieht doch schon mal gut aus

markusg 18.12.2011 17:41
dann deinstaliere alles was aufgelistet wurde und schreib mir was du nicht deinstalieren kannst.

hellmchen 18.12.2011 19:08
also hab alles deinstalliert ausser das K-lite da das der player ist den ich am meisten brauche da er alles abspielen kann
probleme gab es nur am ende bei winamp da stand es konnten nicht alle daten gelöscht werden
und bis jetzt hängt er nicht nach dem neustart
aber ich habe jetzt ne windows meldung
Neue hardware gefunden
Treibersoftware suchen und installieren (empfohlen)
später nachfragen
Diese Meldung nicht noch einmal für dieses gerät anzeigen

ich weis aber nicht welches gerät es sein soll das steht nicht da soll ich ihn suchen lassen ?

und wegen dem ccleaner muss ich da auf was aufpassen oder einfach starten und komplettscan machen?

markusg 18.12.2011 19:30
klite kannst runter haun, hohl dir lieber nen vernünftigen player
http://www.chip.de/downloads/VLC-med..._13005928.html
ist denn nen usb gerät oder nen drucker oder irgendwas anderes angeschlossen?

hellmchen 18.12.2011 19:32
ne nur meine funk maus aber die funktioniert auch

da steht treibersoftwäre für Unbekanntes Gerät muss installiert werden

markusg 18.12.2011 19:37
brich das mal ab und starte neu.

hellmchen 18.12.2011 19:41
die meldung kommt wieder

markusg 18.12.2011 19:59
ok instaliere mal, guck mal obs zwischendurch irgendwelche details gibt welches gerät es ist

hellmchen 18.12.2011 20:19
hat ewig gedauert aber jetzt ist die installation fertig
am ende sah man auch für was
winbond cir transceiver
microsoft ehome-inrarottransceiver

so wie geht es jetzt weiter ?
soll ich erstmal mit dem ccleaner durchgehen ? wenn ja wie
oder soll ich alle updates versuchen zu laden?

markusg 18.12.2011 20:23
du hast alles deinstaliert was ich aufgezehlt hab?
bitte öffne dann ccleaner, analysieren, wenn fertig bereinigen.

hellmchen 18.12.2011 20:33
ok gemacht 2665 mb wurden gelöscht

und nun?

markusg 18.12.2011 20:50
gibts noch henger?

hellmchen 18.12.2011 20:50
bis jetzt nicht pc läuft friert auch nichts ein

markusg 18.12.2011 20:54
das klingt gut, und du solltest ordendlich speicher gewonnen haben so viel zeug wie wir runter geschmissen haben.
sind alle windows updates drauf?

hellmchen 18.12.2011 20:58
ne bis jetzt denke ich net nach dem service pack 2 konnte ich ja nix mehr machen
also werde ich jetzt mal alle updates machen die möglich sind und mich dann wieder melden ich denke aber das wird länger dauern somit wünsche ich dir schon mal eine gute nacht und vielen dank für die hilfe bist jetzt

also bis morgen :)

markusg 18.12.2011 21:00
bis morgen :-)

hellmchen 19.12.2011 15:07
also updates sind jetzt alle drauf

markusg 19.12.2011 15:51
ok dann erstelle mir noch mal ein neues otl log bitte

hellmchen 20.12.2011 15:29
OTL Logfile:
Code:
OTL logfile created on: 20.12.2011 00:13:52 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,47 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 72,08% Memory free
5,15 Gb Paging File | 3,84 Gb Available in Paging File | 74,54% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 81,18 Gb Free Space | 56,36% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 125,94 Gb Free Space | 89,64% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.16 16:13:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
PRC - [2011.10.18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011.10.18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011.10.18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011.09.16 18:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.07.16 11:56:22 | 000,024,992 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
PRC - [2011.07.16 11:52:16 | 000,282,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareAgent.exe
PRC - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.15 17:44:06 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\chris\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.08.19 11:26:34 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.07.29 17:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.05.30 12:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.03.25 14:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.19 03:11:51 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\aab1c287bc73a03c51b55fb3f102c27e\System.ServiceProcess.ni.dll
MOD - [2011.12.19 03:05:27 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll
MOD - [2011.12.19 02:41:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011.12.19 02:40:58 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011.12.19 02:40:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011.12.19 02:40:39 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011.12.19 02:36:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.12.19 02:35:19 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.12.19 02:32:57 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.12.19 02:32:20 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.12.19 02:28:54 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.12.19 02:28:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.12.19 01:22:23 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll
MOD - [2011.12.19 01:21:18 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll
MOD - [2011.12.19 01:21:16 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll
MOD - [2011.12.19 01:20:55 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\4844dd28e0611d1ebd1e449fe822c2a5\System.Configuration.ni.dll
MOD - [2011.12.19 01:20:38 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll
MOD - [2011.12.19 01:20:27 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll
MOD - [2011.12.19 01:20:12 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll
MOD - [2011.12.19 01:19:53 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.11.02 19:44:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.11.02 19:44:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.11.02 19:44:28 | 000,009,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008.10.09 10:35:37 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3163.29525__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:37 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3163.29501__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:37 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3163.29527__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3163.29521__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3163.29512__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:36 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3163.29636__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:36 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3163.29612__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3163.29591__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3163.29575__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:22 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3163.29637__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:22 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3163.29509__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:21 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3163.29597__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:20 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3163.29571__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3163.29513__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3163.29590__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3163.29576__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3163.29532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.10.09 10:35:20 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3163.29527__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Dashboard\2.0.3163.29584__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Dashboard\2.0.3163.29579__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Dashboard.dll
MOD - [2008.10.09 10:35:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3163.29575__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Runtime\2.0.3163.29583__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3163.29576__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3163.29590__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.10.09 10:35:19 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.10.09 10:35:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3119.30063__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3119.30065__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3119.30127__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.10.09 10:35:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3119.30092__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3119.30081__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3119.30117__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3119.30171__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3119.30128__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3119.30104__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3119.30177__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3119.30120__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3119.30176__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.10.09 10:35:19 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.10.09 10:35:18 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3119.30149__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3119.30067__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3119.30096__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3119.30118__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3119.30232__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.10.09 10:35:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3119.30122__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.3119.30145__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU.Graphics.Shared\2.0.3119.30143__90ba9c70f846762e\CLI.Aspect.MultiVPU.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3119.30100__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3119.30089__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3119.30082__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3119.30119__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.10.09 10:35:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3119.30094__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3119.30139__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.10.09 10:35:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3119.30129__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.10.09 10:35:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.10.09 10:35:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3119.30093__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.10.09 10:35:11 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3163.29498_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll
MOD - [2008.10.09 10:35:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3163.29648__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.10.09 10:35:10 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3163.29656__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008.10.09 10:35:09 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3163.29517__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.10.09 10:35:09 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3163.29629__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.10.09 10:35:09 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3163.29628__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.10.09 10:35:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3163.29498__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2008.10.09 10:35:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3163.29497__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.10.09 10:35:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3119.30123__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.10.09 10:35:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3119.30076__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3119.30085__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3119.30121__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.10.09 10:35:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3119.30121__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3119.30074__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.10.09 10:35:09 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2008.10.09 10:35:09 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2008.10.09 10:35:09 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3163.29495__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.10.09 10:35:08 | 000,999,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3163.29506__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.10.09 10:35:08 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3163.29497__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.10.09 10:35:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3163.29496__90ba9c70f846762e\APM.Server.dll
MOD - [2008.10.09 10:35:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3163.29495__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.10.09 10:35:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3119.30101__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.10.09 10:35:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.10.09 10:35:08 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3163.29629__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.10.09 10:35:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3119.30113__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.10.09 10:35:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3119.30150__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.07.29 17:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.07.22 15:13:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.04.28 09:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011.10.18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011.10.18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011.10.18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.07.16 11:56:22 | 000,024,992 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)
SRV - [2011.07.16 11:56:18 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.10.15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011.10.15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.10.15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011.10.15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.10.15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.10.15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011.10.15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011.10.15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.08.05 06:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.12.29 22:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.22 15:58:00 | 003,885,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.07.18 02:09:00 | 000,148,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.05.28 16:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.05.28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.28 02:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.07.03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007.07.03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007.07.03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.01.26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Winamp Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011.11.14 15:47:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011.12.19 23:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.18 20:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.18 20:25:50 | 000,000,000 | ---D | M]
 
[2009.01.16 20:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\mozilla\Extensions
[2011.12.13 14:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions
[2010.11.03 14:12:51 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.09.03 02:13:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.13 14:57:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\p4zr2t02.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.03 14:15:15 | 000,001,196 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\p4zr2t02.default\searchplugins\winamp-search.xml
[2011.11.29 18:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.12.19 23:10:05 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111219231005.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [avupdate] C:\Users\chris\AppData\Roaming\mahmud.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CD06D75-C533-4034-AF76-58210A84C053}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\chris\Pictures\Bwin happy hour hintergrund.jpg
O24 - Desktop BackupWallPaper: C:\Users\chris\Pictures\Bwin happy hour hintergrund.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.19 21:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.12.19 02:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011.12.19 01:17:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.18 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\Avira-DE-Cleaner
[2011.12.17 19:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.17 19:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.17 17:09:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.12.17 17:09:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.12.17 17:09:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.12.17 16:11:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.12.16 16:47:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2011.12.15 21:12:44 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Malwarebytes
[2011.12.15 21:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.15 21:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.15 21:12:33 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.15 21:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.29 02:55:32 | 000,000,000 | ---D | C] -- C:\Download
[2011.11.29 02:54:47 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\My Videos
[2011.11.29 02:52:29 | 000,000,000 | ---D | C] -- C:\AllSharePhotoSlide
[2011.11.29 02:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.11.29 02:45:54 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Downloaded Installations
[2008.11.03 03:43:05 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Users\chris\AppData\Local\*.tmp files -> C:\Users\chris\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.20 00:31:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.19 22:52:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 22:52:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.19 21:24:06 | 000,001,699 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011.12.19 20:53:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.12.19 20:53:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.19 20:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.19 20:52:32 | 2649,079,808 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.19 03:04:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.12.19 03:04:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.12.19 03:04:36 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.12.19 02:32:06 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.19 02:32:06 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.19 02:32:06 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.19 02:32:06 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.19 02:25:10 | 000,297,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.19 02:19:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.12.19 02:19:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.12.18 18:39:33 | 000,000,794 | ---- | M] () -- C:\Windows\wininit.ini
[2011.12.18 17:39:37 | 000,512,952 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2011.12.17 20:01:47 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{C1EE97AB-909F-4E6D-B763-428FB6C19851}
[2011.12.17 19:46:11 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.17 18:41:31 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{B1517E3E-6456-4DCB-9383-42888131285A}
[2011.12.17 17:56:17 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{1D73DC51-B105-4AEE-A92A-90BE72198FA2}
[2011.12.17 17:35:56 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{A13090DE-3365-4171-87F2-4C2CD8112A03}
[2011.12.17 17:35:18 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{0AF0EEA2-F7EE-4B88-BC46-60E070D89C5A}
[2011.12.16 16:13:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2011.12.16 15:35:16 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2011.12.16 15:30:30 | 000,006,836 | ---- | M] () -- C:\Users\chris\AppData\Local\d3d9caps.dat
[2011.12.16 15:00:57 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.15 20:23:12 | 000,066,216 | ---- | M] () -- C:\Users\chris\Desktop\Avira-DE-Cleaner-starten.exe
[2011.12.15 19:33:34 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Local\{FB7A7CBD-6314-4D56-9F50-AD4469DCABAC}
[2011.11.29 18:49:34 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.29 02:54:38 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2 C:\Users\chris\AppData\Local\*.tmp files -> C:\Users\chris\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.19 03:04:36 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.12.19 02:19:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.12.19 02:19:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.12.18 22:29:16 | 000,066,216 | ---- | C] () -- C:\Users\chris\Desktop\Avira-DE-Cleaner-starten.exe
[2011.12.18 17:10:48 | 2649,079,808 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.17 20:01:47 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{C1EE97AB-909F-4E6D-B763-428FB6C19851}
[2011.12.17 19:46:10 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.17 18:41:31 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{B1517E3E-6456-4DCB-9383-42888131285A}
[2011.12.17 17:56:17 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{1D73DC51-B105-4AEE-A92A-90BE72198FA2}
[2011.12.17 17:35:56 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{A13090DE-3365-4171-87F2-4C2CD8112A03}
[2011.12.17 17:35:18 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{0AF0EEA2-F7EE-4B88-BC46-60E070D89C5A}
[2011.12.15 21:12:37 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.15 19:33:34 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{FB7A7CBD-6314-4D56-9F50-AD4469DCABAC}
[2011.12.13 15:00:14 | 000,001,699 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011.11.29 18:49:34 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.29 02:54:38 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\Samsung AllShare.lnk
[2010.03.16 22:20:35 | 000,000,794 | ---- | C] () -- C:\Windows\wininit.ini
[2009.08.01 08:16:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.01 08:16:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.20 16:07:54 | 000,006,836 | ---- | C] () -- C:\Users\chris\AppData\Local\d3d9caps.dat
[2009.03.20 04:01:56 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.02.12 20:06:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.02.12 20:02:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.01.29 00:24:15 | 000,000,920 | ---- | C] () -- C:\Users\chris\AppData\Roaming\wklnhst.dat
[2009.01.16 20:28:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.01.15 21:08:36 | 000,038,400 | ---- | C] () -- C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.15 18:26:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.03 03:41:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.11.03 03:41:42 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2008.11.03 03:41:37 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.11.03 03:41:36 | 000,174,820 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.11.03 03:41:36 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.11.03 03:41:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.11.02 20:10:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.11.02 20:10:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.11.02 19:44:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.11.02 19:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2008.11.02 19:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.11.02 19:33:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.11.02 19:33:23 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.10.09 11:01:15 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.09 10:58:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,297,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.02.27 14:16:43 | 000,000,000 | -HSD | M] -- C:\Users\chris\AppData\Roaming\.#
[2008.11.02 20:07:45 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Acer GameZone Console
[2009.01.26 07:40:46 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\iWin
[2011.04.19 16:52:35 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Pyroxi
[2011.11.29 02:54:47 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Samsung
[2010.11.03 14:24:45 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\streamripper
[2009.01.29 00:24:24 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Template
[2011.04.01 16:07:34 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Zeeku
[2011.12.19 15:08:23 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.03.18 03:27:43 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.01.15 19:19:29 | 000,000,000 | ---D | M] -- C:\ACER
[2009.01.15 17:41:07 | 000,000,000 | ---D | M] -- C:\ACERSW
[2011.11.29 02:52:29 | 000,000,000 | ---D | M] -- C:\AllSharePhotoSlide
[2008.11.02 20:38:39 | 000,000,000 | ---D | M] -- C:\book
[2011.12.17 17:24:17 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.18 17:55:28 | 000,000,000 | ---D | M] -- C:\bwinPoker
[2008.10.09 10:46:36 | 000,000,000 | ---D | M] -- C:\CLSetup
[2011.12.19 02:22:35 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.01.15 17:35:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.29 02:55:32 | 000,000,000 | ---D | M] -- C:\Download
[2008.11.02 20:13:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.19 02:20:34 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.12.18 20:25:51 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.01.15 17:35:35 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.20 00:27:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.09.07 00:09:58 | 000,000,000 | ---D | M] -- C:\TEMP
[2009.01.15 17:40:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.19 04:00:48 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2008.05.28 07:47:08 | 000,171,016 | R--- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\ACER\Preload\Autorun\DRV\AMD VGA Chip RS780MN M82ME-XT M86ME\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008.05.28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008.05.28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_37966648\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.22 05:59:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys
[2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.22 15:13:22 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
 
< %USERPROFILE%\*.* >
[2011.12.20 00:13:30 | 002,359,296 | -HS- | M] () -- C:\Users\chris\ntuser.dat
[2011.12.20 00:13:30 | 000,262,144 | -H-- | M] () -- C:\Users\chris\ntuser.dat.LOG1
[2011.12.15 19:06:22 | 000,262,144 | -H-- | M] () -- C:\Users\chris\ntuser.dat.LOG2
[2011.12.15 19:06:22 | 001,048,576 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2011.12.15 19:06:22 | 001,048,576 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2011.12.15 19:06:22 | 001,048,576 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2011.12.15 19:06:22 | 000,065,536 | -HS- | M] () -- C:\Users\chris\ntuser.dat{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2011.12.19 15:08:18 | 000,065,536 | -HS- | M] () -- C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.10.20 20:52:45 | 000,524,288 | -HS- | M] () -- C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011.12.19 15:08:18 | 000,524,288 | -HS- | M] () -- C:\Users\chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.01.15 17:40:48 | 000,000,020 | -HS- | M] () -- C:\Users\chris\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:533D8A6F8B270344
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:131C0EE9

< End of report >
--- --- ---

hellmchen 20.12.2011 17:42
ich hab nur diese datei bekommen eine zweite war dieses mal nicht dabei

markusg 20.12.2011 17:53
hi

achtung!

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [avupdate] C:\Users\chris\AppData\Roaming\mahmud.exe File not found

:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]



• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

autostart aufräumen
gehe auf start ausführen tippe:
msconfig
enter
systemstart
dort alle haken raus außer windows defender und mcui_exe
(mcafee)
ok klicken
pc neustarten
falls was wichtiges fehlt kann man es wieder anhaken.

hellmchen 20.12.2011 18:33
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: chris
->Flash cache emptied: 3093026 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 3,00 mb


[EMPTYTEMP]

User: All Users

User: chris
->Temp folder emptied: 20838413 bytes
->Temporary Internet Files folder emptied: 30574343 bytes
->Java cache emptied: 350454841 bytes
->FireFox cache emptied: 253833279 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4951998 bytes
RecycleBin emptied: 411648 bytes

Total Files Cleaned = 630,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12202011_180308

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


autostart hab ich alles raus und nur den windows defender ein gemacht
die mcui_exe steht da aber nicht
habe noch die beiden mcafee teile ein gemacht das Security center und den Security scanner
ist das richtig so?
wenn du sagst das passt starte ich wie von dir beschrieben neu

markusg 20.12.2011 18:35
genau mcafee muss drinnen bleiben.
starte neu und gucke ob alles läuft.
falls ja sichern wir noh das system ab

hellmchen 20.12.2011 18:39
ok dann starte ich gleich mal neu eine frage habe ich aber noch mit einem anderen problem bei meinem laptop vielleicht kannst du mir sagen ob es ein hardware oder software problem ist
ich habe bei diesem laptop eine touchliste wo ich wireless lan zuschalten kann lauter und leiser machen usw
manchmal passiert es das der pc automatisch die lautstärke bis auf 0 macht tue ich sie dann wieder manuell hoch mit dem regler unten rechts bei der uhr geht die lautstärke wieder in gleichmässig bis auf 0
dieses problem kommt immer mal wieder und verschwindet dann auch wieder weist du ob das hardware oder software bedingt ist?

markusg 20.12.2011 18:44
führe mal folgendes aus log dann posten:
http://ad13.geekstogo.com/MBRCheck.exe
downloaden doppelklicken log sollte geöffnet werden

hellmchen 20.12.2011 18:55
ok neustart gemacht scheint alles zu funktionieren hängen tut nichts laptop läuft normal

die datei habe ich ausgeführt
da kamm
found non-standart or infected MBR

dann kam da was mit y or no
ich hab y gedrückt for more options
jetzt habe ich 3 auswahlmöglichkeiten
1 Dumb the MBR of a physical disk to file
2 Restore the MBR of a physical disk with a standart boot code
3 EXIT

soll ich da was machen?

markusg 20.12.2011 18:57
ich will erst das log sehen

hellmchen 20.12.2011 18:57
wie bekomm ich das das ist im dos modus hab da keine text datei bekommen

markusg 20.12.2011 18:58
müsste eig automatisch aufgehen oder guck mal ob im selben ordner eines gespeichert wurde.

hellmchen 20.12.2011 19:01
ne in dem ordner wo die exe ist steht nichts ich kann dir aber alles schreiben was auf dem dos bildschirm steht das ist fast nichts

hellmchen 20.12.2011 19:02
upps sorry gefunden das hat sich auf dem desktop hinter dem dos bildschirm versteckt ich poste es gleich mal

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 6530G
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 163):
0x82A0F000 \SystemRoot\system32\ntkrnlpa.exe
0x82DC9000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\PSHED.dll
0x80427000 \SystemRoot\system32\BOOTVID.dll
0x8042F000 \SystemRoot\system32\CLFS.SYS
0x80470000 \SystemRoot\system32\CI.dll
0x80550000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805CC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060A000 \SystemRoot\system32\drivers\acpi.sys
0x80650000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80659000 \SystemRoot\system32\drivers\msisadrv.sys
0x80661000 \SystemRoot\system32\drivers\pci.sys
0x80688000 \SystemRoot\System32\drivers\partmgr.sys
0x80697000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8069A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A4000 \SystemRoot\system32\drivers\volmgr.sys
0x806B3000 \SystemRoot\System32\drivers\volmgrx.sys
0x806FD000 \SystemRoot\system32\drivers\pciide.sys
0x80704000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80712000 \SystemRoot\System32\drivers\mountmgr.sys
0x80722000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8072A000 \SystemRoot\system32\drivers\atapi.sys
0x80732000 \SystemRoot\system32\drivers\ataport.SYS
0x80750000 \SystemRoot\system32\drivers\msahci.sys
0x8075A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8078C000 \SystemRoot\system32\drivers\fileinfo.sys
0x89609000 \SystemRoot\system32\drivers\mfehidk.sys
0x89678000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x89681000 \SystemRoot\System32\Drivers\ksecdd.sys
0x896F2000 \SystemRoot\system32\drivers\ndis.sys
0x8079C000 \SystemRoot\system32\drivers\msrpc.sys
0x89809000 \SystemRoot\system32\drivers\NETIO.SYS
0x89844000 \SystemRoot\System32\drivers\tcpip.sys
0x8992E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89A00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89B10000 \SystemRoot\system32\drivers\volsnap.sys
0x89B49000 \SystemRoot\System32\Drivers\spldr.sys
0x89B51000 \SystemRoot\System32\Drivers\mup.sys
0x89B60000 \SystemRoot\System32\drivers\ecache.sys
0x89B87000 \SystemRoot\system32\drivers\disk.sys
0x89B98000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89BB9000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x89BC1000 \SystemRoot\system32\drivers\crcdisk.sys
0x89949000 \SystemRoot\system32\DRIVERS\ahcix86s.sys
0x89989000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D240000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8D24B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8D254000 \SystemRoot\system32\DRIVERS\processr.sys
0x8DA0C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8D263000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DFAD000 \SystemRoot\System32\drivers\watchdog.sys
0x8D303000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D606000 \SystemRoot\system32\DRIVERS\athr.sys
0x8D6F6000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
0x8D707000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8D711000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8D74F000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x8D758000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D75A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D769000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D781000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8D789000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D79C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D7A7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D7D7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D7E2000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8D7F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8DFB9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8DFC2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DFF1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D390000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DA00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D3A7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D3CA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D3D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89BE1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D3ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D7FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x899CA000 \SystemRoot\system32\DRIVERS\ks.sys
0x807C7000 \SystemRoot\system32\DRIVERS\circlass.sys
0x89BF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x807D5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E607000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E63C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E64D000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x8E670000 \SystemRoot\system32\drivers\portcls.sys
0x8E69D000 \SystemRoot\system32\drivers\drmk.sys
0x8E80E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EA1D000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8EB43000 \SystemRoot\system32\drivers\modem.sys
0x8EB50000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8EB5B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8EB6B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EB72000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8EB7B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8EB83000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EB8C000 \SystemRoot\System32\Drivers\Null.SYS
0x8EB93000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EB9A000 \SystemRoot\System32\drivers\vga.sys
0x8EBA6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EBC7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EBCF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EBD7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EBE2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EBF0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E6C2000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8E6E9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E6FF000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E713000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E745000 \SystemRoot\system32\drivers\afd.sys
0x8E78D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E7A3000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8E800000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EBF9000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x8E7B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EE09000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EE45000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8EE4F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EE66000 \SystemRoot\system32\drivers\mfeavfk.sys
0x8EE91000 \SystemRoot\system32\drivers\mfefirek.sys
0x8EEE2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EEEF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8EEF9000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
0x8EF39000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8EF4C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EF63000 \SystemRoot\System32\Drivers\tcusb.sys
0x8EF6E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x97C00000 \SystemRoot\System32\win32k.sys
0x8EF77000 \SystemRoot\System32\drivers\Dxapi.sys
0x8EF81000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8EFA2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97E20000 \SystemRoot\System32\TSDDD.dll
0x97E40000 \SystemRoot\System32\cdd.dll
0x8EFB1000 \SystemRoot\system32\drivers\luafv.sys
0x9A20E000 \SystemRoot\system32\drivers\spsys.sys
0x9A2BE000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9A2D0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A2E0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A30A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A314000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A327000 \SystemRoot\system32\drivers\HTTP.sys
0x9A394000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A3B1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A3CA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A3DF000 \SystemRoot\system32\drivers\mrxdav.sys
0x8EFCC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8E7C5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8D200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8D218000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9AE08000 \SystemRoot\System32\DRIVERS\srv.sys
0x9AE57000 \??\C:\Windows\system32\drivers\int15.sys
0x9AE68000 \SystemRoot\system32\drivers\peauth.sys
0x9AF46000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0x9AF4F000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0x9AF61000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9AF6B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9AFA2000 \SystemRoot\system32\drivers\mfeapfk.sys
0x9AFBE000 \SystemRoot\system32\drivers\mfebopk.sys
0x9AFCB000 \SystemRoot\system32\drivers\cfwids.sys
0x9AFD8000 \??\C:\Windows\system32\drivers\mbam.sys
0x9AFDC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77AB0000 \Windows\System32\ntdll.dll

Processes (total 60):
0 System Idle Process
4 System
588 C:\Windows\System32\smss.exe
664 csrss.exe
740 C:\Windows\System32\wininit.exe
752 csrss.exe
784 C:\Windows\System32\services.exe
796 C:\Windows\System32\lsass.exe
804 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\winlogon.exe
988 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\Ati2evxx.exe
1168 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\audiodg.exe
1396 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\SLsvc.exe
1464 C:\Windows\System32\svchost.exe
1556 C:\Windows\System32\Ati2evxx.exe
1664 C:\Windows\System32\svchost.exe
1776 C:\Program Files\Common Files\SPBA\upeksvr.exe
1944 C:\Windows\System32\spoolsv.exe
2004 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\agrsmsvc.exe
800 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1188 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
1456 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
1048 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2084 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
2112 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
2156 C:\ACER\Mobility Center\MobilityService.exe
2208 C:\Windows\System32\rundll32.exe
2256 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2296 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2320 C:\Windows\System32\svchost.exe
2368 C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
2472 C:\Windows\System32\svchost.exe
2504 C:\Windows\System32\svchost.exe
2556 C:\Windows\System32\SearchIndexer.exe
2624 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2688 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2744 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
3044 C:\Windows\System32\taskeng.exe
3240 C:\Windows\System32\svchost.exe
2132 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
1612 C:\Windows\servicing\TrustedInstaller.exe
908 C:\Windows\System32\dwm.exe
2032 C:\Windows\explorer.exe
2964 C:\Windows\System32\taskeng.exe
2312 C:\Program Files\McAfee.com\Agent\mcagent.exe
1756 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
1740 C:\Program Files\Windows Media Player\wmpnscfg.exe
2248 C:\Program Files\Windows Media Player\wmpnetwk.exe
4408 C:\Program Files\Mozilla Firefox\firefox.exe
5332 C:\Windows\System32\SearchProtocolHost.exe
5404 C:\Windows\System32\SearchFilterHost.exe
5660 C:\Users\chris\Desktop\Lieder & Videos\MBRCheck.exe
5676 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200BEVT-22ZCT0, Rev: 11.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

markusg 20.12.2011 19:18
hi windows cd zur hand?

hellmchen 20.12.2011 19:28
no hab doch keine aber ein freund von mir hat ne vista cd die könnte ich heute noch besorgen das wir morgen was machen können einen windows code habe ich ja unten bei meinem laptop glaube ich dran
ist das in ordnung?

markusg 20.12.2011 19:31
ja, das passt
den code brauchen wir zwar nicht aber die dvd :-)

hellmchen 21.12.2011 23:55
also cd habe ich jetzt soll ich jetzt erstmal alle wichtigen daten auf dvd brennen oder brauchen wir das nicht?

markusg 22.12.2011 11:47
na das sind deine daten, ich brauch die nicht und kann nicht entscheiden ob du die benötigst...
falls ja, brenne sie oder auf ne externe festplatte damit.

hellmchen 22.12.2011 20:39
ich hab noch ne frage
ein freund von mir sagte ich soll wegen meinem mcafee aufpassen da soll angeblich irgendwo einen ordner geben wo wichtige treiber usw für mich sind damit ich danach nicht alles suchen muss und das ich meine mcafee lizenz noch habe
weist du was ich meine?
und wenn ja weist du welcher ordner das sein könnte?

markusg 22.12.2011 20:41
puh das weis ich leider nicht, evtl. mal im mcafee selbst gucken ob man dort die lizenz sichern kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:02 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24