Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Problem mit ein Trojaner TR/Crypt.XPACK.Gen3 (https://www.trojaner-board.de/96012-problem-trojaner-tr-crypt-xpack-gen3.html)

xlexusx 25.02.2011 10:41
Problem mit ein Trojaner TR/Crypt.XPACK.Gen3
 
Mein Antivir zeigt ständig an, dass ein Trojaner namens TR/Crypt.XPACK.Gen3 gefunden wurde. Er wird dann jedes Mal von mir in Quaratäne geschoben , nachdem ich einige Antvir,Spybot, CC ausgeführt habe erscheint kein virus meldung mehr sondern da kommt jedesmal beim systemstart ein meldung "das profil konnte nicht geöffnet werden"
Ich bin mir 100% sicher das da hier noch an mein laptop noch was böses drinn steckt den das Systemstart hat sich auch verschlechtert

nach welche vorgang kann ich die probleme lösen ?

markusg 25.02.2011 11:34
bitte immer komplette fund meldungen posten.
also avira öffnen ereignisse, fundmeldungen posten.
falls es scan berichte mit funden gibt, unter avira reports, scan logs posten.

danach:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

xlexusx 25.02.2011 11:34
Diese Meldung kommt nachdem ich das systemneustarte ImageShack® - Online Photo and Video Hosting

das System ist definitiv beschädigt aber wie es beschädigt ist weiß ich es nicht leider :(

markusg 25.02.2011 11:37
nein ich will die meldungen als text.
und lies dann genau welche meldungen ich noch wollte

xlexusx 25.02.2011 23:51
Hier das OTL EditorOTL Logfile:
Code:
OTL logfile created on: 25.02.2011 23:45:40 - Run 1
OTL by OldTimer - Version 3.2.21.0    Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,66 Gb Free Space | 86,30% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
PRC - [2010.12.10 18:28:22 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.12.09 09:06:36 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.13 12:56:32 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010.06.28 15:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.06.22 07:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.22 07:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.04.24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.04.24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 17:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2008.06.24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
MOD - [2011.01.04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.01.11 10:53:39 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.12.09 09:06:36 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.24 11:07:58 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.08.02 16:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.13 12:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.28 15:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.05.27 03:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.04.24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.12.17 14:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.11 14:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.12.09 11:17:47 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.12.08 11:53:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2010.12.05 09:23:24 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.08.02 16:09:46 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.07.09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.06.21 20:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.06.03 20:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.04.24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.04.24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.04.24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.04.24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.04.20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.13 11:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612109925l0454z145v47j22903
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612109925l0454z145v47j22903
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.3
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: stop-reload@design-noir.de:1.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?ie=UTF-8&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.02.10 11:27:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.20 19:13:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.12 23:10:56 | 000,000,000 | ---D | M]
 
[2010.10.12 15:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Extensions
[2011.02.25 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions
[2010.12.07 22:19:02 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.02.23 22:02:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011.02.10 20:19:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2011.01.08 11:33:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.12.24 01:09:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.01.26 06:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.12 15:12:58 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010.11.12 18:05:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.12.07 22:19:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.11.09 21:19:54 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\elemhidehelper@adblockplus.org
[2011.01.03 22:10:15 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\firegestures@xuldev.org
[2010.10.12 15:12:46 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\jyboy.yy@gmail.com
[2010.11.09 21:19:55 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\smarterwiki@wikiatic.com
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (Smart Stop/Reload) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\stop-reload@design-noir.de
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\translator@zoli.bod
[2011.02.22 01:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.06 23:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 00:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.10 11:27:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.22 00:14:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.25 02:53:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.25 23:44:16 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:14:55 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.25 23:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2011.02.25 23:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware
[2011.02.25 23:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2011.02.25 23:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haufe
[2011.02.25 22:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe
[2011.02.25 22:58:23 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:23 | 000,181,760 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:57:58 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.02.25 22:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011.02.25 22:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware
[2011.02.25 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Lexware
[2011.02.25 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Adobe
[2011.02.25 22:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011.02.25 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2011.02.25 21:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.02.25 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{EDE2EBB6-0BFC-491D-9E6E-D43627E994CD}
[2011.02.25 12:21:50 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\SoftGrid Client
[2011.02.25 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\eren\Documents\Nero Home
[2011.02.25 11:00:25 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Nero
[2011.02.25 10:25:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.02.25 10:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.25 10:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.25 10:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.25 10:16:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.25 10:14:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.25 10:14:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.25 02:53:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.02.25 01:34:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Nero
[2011.02.25 01:17:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{26A6F3DA-946C-435F-B80B-371EACEA3A92}
[2011.02.25 01:00:24 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Ahead
[2011.02.25 00:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011.02.25 00:52:22 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Nero_8_neu
[2011.02.24 23:51:49 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Windows Live Writer
[2011.02.24 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Diagnostics
[2011.02.24 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\EgisTec IPS
[2011.02.24 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Google
[2011.02.24 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\eren\Impostazioni locali
[2011.02.24 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.02.24 16:40:33 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Bewerbung als Einzelhandelskaufmann in ikea
[2011.02.23 10:57:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 10:57:36 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 10:57:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 10:57:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.22 00:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011.02.22 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.02.21 02:07:17 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\elsterformular
[2011.02.21 02:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.02.21 02:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2011.02.15 06:23:43 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.13 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.02.09 11:43:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.09 11:43:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.09 11:43:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.09 11:43:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.09 11:43:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.09 11:43:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.09 11:43:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.09 11:43:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.09 11:43:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.09 11:43:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.09 11:43:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.09 11:43:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.09 11:43:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.09 11:43:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.09 11:43:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.09 11:43:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.09 11:43:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.09 11:43:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.09 11:43:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.09 11:43:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.09 11:43:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.09 11:43:00 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.09 11:42:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.09 11:42:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.09 11:42:58 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.09 11:42:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.09 11:42:54 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.09 11:42:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.09 11:42:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.09 11:42:53 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.09 11:42:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.09 11:42:52 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.09 11:42:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.09 11:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.07 22:44:36 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2011.02.07 22:44:31 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys
[2011.02.05 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Generic UG_Acer_1.0_A_A
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.01.30 19:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011.01.30 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:40:15 | 000,076,834 | ---- | M] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 23:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.25 23:14:18 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:58:20 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:20 | 000,181,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:40:00 | 000,399,525 | ---- | M] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 22:10:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.25 22:10:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.25 22:02:57 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.25 22:02:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.25 22:02:28 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.25 21:21:07 | 381,786,452 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:55:07 | 002,612,534 | ---- | M] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 11:28:50 | 000,210,305 | ---- | M] () -- C:\Users\eren\Desktop\Profil kan nicht gefunden werden.PNG
[2011.02.25 11:00:25 | 000,001,024 | ---- | M] () -- C:\Users\eren\.rnd
[2011.02.25 11:00:22 | 000,007,867 | ---- | M] () -- C:\Windows\Irremote.ini
[2011.02.25 10:09:43 | 004,274,659 | R--- | M] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 02:53:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.02.25 00:59:51 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:51:39 | 200,371,185 | ---- | M] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.25 00:46:33 | 000,000,385 | ---- | M] () -- C:\Windows\wininit.ini
[2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 23:09:11 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2011.02.24 23:05:02 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | M] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.24 15:55:28 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.24 15:55:28 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.24 15:55:28 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.24 15:55:28 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.24 15:55:28 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.23 14:36:31 | 000,002,490 | ---- | M] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | M] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.14 09:33:08 | 000,276,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.02 23:38:52 | 000,451,939 | ---- | M] () -- C:\Users\eren\Desktop\4444.PNG
 
========== Files Created - No Company Name ==========
 
[2011.02.25 23:40:08 | 000,076,834 | ---- | C] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:14:18 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:31:30 | 000,399,525 | ---- | C] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 21:21:07 | 381,786,452 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:54:58 | 002,612,534 | ---- | C] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 11:28:50 | 000,210,305 | ---- | C] () -- C:\Users\eren\Desktop\Profil kan nicht gefunden werden.PNG
[2011.02.25 10:16:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.25 10:16:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.25 10:16:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.25 10:16:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.25 10:16:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.25 10:09:52 | 004,274,659 | R--- | C] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 00:59:51 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:58:36 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.25 00:58:28 | 000,001,024 | ---- | C] () -- C:\Users\eren\.rnd
[2011.02.25 00:25:48 | 200,371,185 | ---- | C] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.24 23:26:56 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | C] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.23 14:36:31 | 000,002,490 | ---- | C] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | C] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.15 06:23:46 | 000,001,058 | ---- | C] () -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2011.02.02 23:38:52 | 000,451,939 | ---- | C] () -- C:\Users\eren\Desktop\4444.PNG
[2010.12.07 17:24:26 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.06 19:30:51 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.13 12:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro
[2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite
[2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular
[2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON
[2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.25 23:14:55 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.25 16:41:18 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client
[2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak
[2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer
[2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall
[2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP
[2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client
[2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer
[2011.02.25 23:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 12:50:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7311BB85

< End of report >
--- --- ---

OTL Logfile:
Code:
OTL Extras logfile created on: 25.02.2011 23:45:40 - Run 1
OTL by OldTimer - Version 3.2.21.0    Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,66 Gb Free Space | 86,30% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Scanner" = EPSON Scan
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Revo Uninstaller" = Revo Uninstaller 1.91
"SprayR" = SprayR 1.0 RC7b
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.02.2011 06:17:15 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: SSCORE.DLL,
 Version: 6.1.7600.16385, Zeitstempel: 0x4a5be092  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000000000000170d  ID des fehlerhaften Prozesses: 0x1e4  Startzeit der fehlerhaften
 Anwendung: 0x01cbc9d4b74b7460  Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\SSCORE.DLL  Berichtskennung: 18838011-35c8-11e0-bf1d-00ff01000001
 
Error - 13.02.2011 15:59:15 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1670    Startzeit:
 01cbcba6b3f6ed9c    Endzeit: 75    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 b7e88a74-37ab-11e0-9c43-88ae1d9948ab 
 
Error - 13.02.2011 16:02:24 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c2f29  Name des fehlerhaften Moduls: npdivx32.dll, Version: 1.5.0.52,
 Zeitstempel: 0x4a04abb0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067105  ID des fehlerhaften
 Prozesses: 0x145c  Startzeit der fehlerhaften Anwendung: 0x01cbcbb8ce3ec06a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
Berichtskennung:
 2c1ddc94-37ac-11e0-9c43-88ae1d9948ab
 
Error - 14.02.2011 07:17:07 | Computer Name = eren-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 17.02.2011 11:06:52 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0013257e  ID des fehlerhaften
 Prozesses: 0x13c8  Startzeit der fehlerhaften Anwendung: 0x01cbceae396fe9d7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires
II\Empires2.Exe  Berichtskennung: 8cee0385-3aa7-11e0-ac96-88ae1d9948ab
 
Error - 18.02.2011 02:21:01 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7f0    Startzeit:
01cbcf322c244817    Endzeit: 72    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID: 
 
Error - 18.02.2011 07:52:30 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x13f4  Startzeit der fehlerhaften Anwendung: 0x01cbcf5fcaa6b6fd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 90121b49-3b55-11e0-b17c-88ae1d9948ab
 
Error - 18.02.2011 18:40:05 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00168bb0  ID des fehlerhaften
 Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01cbcfab8af1cfa0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires
II\EMPIRES2.EXE  Berichtskennung: 076b91cd-3bb0-11e0-80cd-88ae1d9948ab
 
Error - 19.02.2011 20:08:52 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: cf0    Startzeit:
01cbd0923d204fc4    Endzeit: 38    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID: 
 
Error - 20.02.2011 14:40:39 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1494    Startzeit:
 01cbd12b2e8e8a5c    Endzeit: 68    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID: 
 
[ System Events ]
Error - 08.01.2011 15:29:17 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 12.01.2011 04:48:09 | Computer Name = eren-PC | Source = DCOM | ID = 10010
Description =
 
Error - 13.01.2011 08:16:26 | Computer Name = eren-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?01.?2011 um 13:14:53 unerwartet heruntergefahren.
 
Error - 13.01.2011 08:16:35 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 18.01.2011 07:12:16 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:18 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >
--- --- ---


Hier ist die 2. Log

xlexusx 26.02.2011 00:07
Die Founds kan man leider nicht alle aufeinmal kopieren und einfügen kostet viel zeit gibt es kein befehl dafür oder ein stelle wo ich drücken muss damit sie alles kopieren tut ?

aber 5 davon werde ich hier reinposten


1.In der Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

2. In der Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

3.In der Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

4.Die Datei 'C:\Users\eren\AppData\Local\Temp\Bqj.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Pirminay.clx' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49d17a84.qua' verschoben!

5.In der Datei 'C:\Users\eren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NRDRITIO\jd9ifkqw9jf_ddttt29j[1].htm'
wurde ein Virus oder unerwünschtes Programm 'HTML/Revir.Gen' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern


So wen du sagst hier poste mir alle das kan ich das auch machen hab sie schonmal so reingefügt vielleicht kan man damit was anfangen.

Danke schonmal

xlexusx 26.02.2011 00:53
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 26. Februar 2011 00:00

Es wird nach 2433480 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : eren
Computername : EREN-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.611 Bytes 14.01.2011 13:28:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 09.12.2010 08:06:36
AVSCAN.DLL : 10.0.3.0 56168 Bytes 02.08.2010 15:09:45
LUKE.DLL : 10.0.3.2 104296 Bytes 09.12.2010 08:06:36
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:03:51
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 16:03:53
VBASE003.VDF : 7.11.3.1 2048 Bytes 09.02.2011 16:03:53
VBASE004.VDF : 7.11.3.2 2048 Bytes 09.02.2011 16:03:53
VBASE005.VDF : 7.11.3.3 2048 Bytes 09.02.2011 16:03:53
VBASE006.VDF : 7.11.3.4 2048 Bytes 09.02.2011 16:03:54
VBASE007.VDF : 7.11.3.5 2048 Bytes 09.02.2011 16:03:54
VBASE008.VDF : 7.11.3.6 2048 Bytes 09.02.2011 16:03:54
VBASE009.VDF : 7.11.3.7 2048 Bytes 09.02.2011 16:03:54
VBASE010.VDF : 7.11.3.8 2048 Bytes 09.02.2011 16:03:54
VBASE011.VDF : 7.11.3.9 2048 Bytes 09.02.2011 16:03:54
VBASE012.VDF : 7.11.3.10 2048 Bytes 09.02.2011 16:03:54
VBASE013.VDF : 7.11.3.59 157184 Bytes 14.02.2011 17:14:01
VBASE014.VDF : 7.11.3.97 120320 Bytes 16.02.2011 17:14:01
VBASE015.VDF : 7.11.3.148 128000 Bytes 19.02.2011 20:50:15
VBASE016.VDF : 7.11.3.183 140288 Bytes 22.02.2011 21:09:50
VBASE017.VDF : 7.11.3.216 124416 Bytes 24.02.2011 22:57:52
VBASE018.VDF : 7.11.3.217 2048 Bytes 24.02.2011 22:57:52
VBASE019.VDF : 7.11.3.218 2048 Bytes 24.02.2011 22:57:52
VBASE020.VDF : 7.11.3.219 2048 Bytes 24.02.2011 22:57:52
VBASE021.VDF : 7.11.3.220 2048 Bytes 24.02.2011 22:57:52
VBASE022.VDF : 7.11.3.221 2048 Bytes 24.02.2011 22:57:52
VBASE023.VDF : 7.11.3.222 2048 Bytes 24.02.2011 22:57:52
VBASE024.VDF : 7.11.3.223 2048 Bytes 24.02.2011 22:57:52
VBASE025.VDF : 7.11.3.224 2048 Bytes 24.02.2011 22:57:52
VBASE026.VDF : 7.11.3.225 2048 Bytes 24.02.2011 22:57:52
VBASE027.VDF : 7.11.3.226 2048 Bytes 24.02.2011 22:57:52
VBASE028.VDF : 7.11.3.227 2048 Bytes 24.02.2011 22:57:52
VBASE029.VDF : 7.11.3.228 2048 Bytes 24.02.2011 22:57:52
VBASE030.VDF : 7.11.3.229 2048 Bytes 24.02.2011 22:57:52
VBASE031.VDF : 7.11.3.230 2048 Bytes 24.02.2011 22:57:52
Engineversion : 8.2.4.176
AEVDF.DLL : 8.1.2.1 106868 Bytes 02.08.2010 15:09:30
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 24.02.2011 22:57:55
AESCN.DLL : 8.1.7.2 127349 Bytes 05.12.2010 08:23:23
AESBX.DLL : 8.1.3.2 254324 Bytes 05.12.2010 08:23:24
AERDL.DLL : 8.1.9.2 635252 Bytes 05.12.2010 08:23:23
AEPACK.DLL : 8.2.4.10 520567 Bytes 24.02.2011 22:57:55
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 01.02.2011 10:41:33
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 24.02.2011 22:57:54
AEHELP.DLL : 8.1.16.1 246134 Bytes 04.02.2011 11:30:11
AEGEN.DLL : 8.1.5.2 397683 Bytes 21.01.2011 15:48:50
AEEMU.DLL : 8.1.3.0 393589 Bytes 05.12.2010 08:23:21
AECORE.DLL : 8.1.19.2 196983 Bytes 21.01.2011 15:48:50
AEBB.DLL : 8.1.1.0 53618 Bytes 02.08.2010 15:09:25
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02.08.2010 15:09:33
AVPREF.DLL : 10.0.0.0 44904 Bytes 02.08.2010 15:09:33
AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 14:26:53
AVREG.DLL : 10.0.3.2 53096 Bytes 02.08.2010 15:09:33
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 09.12.2010 08:06:36
AVARKT.DLL : 10.0.22.6 231784 Bytes 09.12.2010 08:06:36
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02.08.2010 15:09:32
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 14:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02.08.2010 15:09:33
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 14:27:01
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 02.08.2010 15:09:45

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Samstag, 26. Februar 2011 00:00

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeVirt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PmmUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexStoreSvr.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '136' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\Users\eren\Downloads\Steuer.Spar.Erklaerung.2011.German-RESTORE.7z.001.part
[WARNUNG] Die Datei konnte nicht gelesen werden!
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert


Ende des Suchlaufs: Samstag, 26. Februar 2011 00:53
Benötigte Zeit: 52:30 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

20415 Verzeichnisse wurden überprüft
384259 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
384259 Dateien ohne Befall
5295 Archive wurden durchsucht
1 Warnungen
0 Hinweise

markusg 26.02.2011 10:53
so da das mit dem lesen anscheinend wohl immernoch nicht klappt, üben wir das gleich noch mal.
führe otl aus wie beschrieben.
steht ja eindeutig da was zu tun ist.

xlexusx 26.02.2011 14:21
Ops sorry ich habe das mit Texbox vergessen aber bin grad dabei.
poste sofort wen es abgeschlossen ist.

xlexusx 26.02.2011 14:37
Hallo ich bins nochmal,OTL Logfile:
Code:
OTL Extras logfile created on: 26.02.2011 14:20:38 - Run 2
OTL by OldTimer - Version 3.2.21.0    Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Scanner" = EPSON Scan
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Revo Uninstaller" = Revo Uninstaller 1.91
"SprayR" = SprayR 1.0 RC7b
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2011 16:02:24 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c2f29  Name des fehlerhaften Moduls: npdivx32.dll, Version: 1.5.0.52,
 Zeitstempel: 0x4a04abb0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067105  ID des fehlerhaften
 Prozesses: 0x145c  Startzeit der fehlerhaften Anwendung: 0x01cbcbb8ce3ec06a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
Berichtskennung:
 2c1ddc94-37ac-11e0-9c43-88ae1d9948ab
 
Error - 14.02.2011 07:17:07 | Computer Name = eren-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 17.02.2011 11:06:52 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0013257e  ID des fehlerhaften
 Prozesses: 0x13c8  Startzeit der fehlerhaften Anwendung: 0x01cbceae396fe9d7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires
II\Empires2.Exe  Berichtskennung: 8cee0385-3aa7-11e0-ac96-88ae1d9948ab
 
Error - 18.02.2011 02:21:01 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7f0    Startzeit:
01cbcf322c244817    Endzeit: 72    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID: 
 
Error - 18.02.2011 07:52:30 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x13f4  Startzeit der fehlerhaften Anwendung: 0x01cbcf5fcaa6b6fd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 90121b49-3b55-11e0-b17c-88ae1d9948ab
 
Error - 18.02.2011 18:40:05 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00168bb0  ID des fehlerhaften
 Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01cbcfab8af1cfa0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires
II\EMPIRES2.EXE  Berichtskennung: 076b91cd-3bb0-11e0-80cd-88ae1d9948ab
 
Error - 19.02.2011 20:08:52 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: cf0    Startzeit:
01cbd0923d204fc4    Endzeit: 38    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID: 
 
Error - 20.02.2011 14:40:39 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1494    Startzeit:
 01cbd12b2e8e8a5c    Endzeit: 68    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID: 
 
Error - 24.02.2011 18:21:21 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4c1b553a  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x1674  Startzeit der fehlerhaften Anwendung: 0x01cbd4710630fe08  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 68269c25-4064-11e0-895a-88ae1d9948ab
 
Error - 24.02.2011 18:22:01 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4c1b553a  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x638  Startzeit der fehlerhaften Anwendung: 0x01cbd47133f8ded4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 7fc42eca-4064-11e0-895a-88ae1d9948ab
 
[ System Events ]
Error - 08.01.2011 15:29:17 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 12.01.2011 04:48:09 | Computer Name = eren-PC | Source = DCOM | ID = 10010
Description =
 
Error - 13.01.2011 08:16:26 | Computer Name = eren-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?01.?2011 um 13:14:53 unerwartet heruntergefahren.
 
Error - 13.01.2011 08:16:35 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 18.01.2011 07:12:16 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:18 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >
--- --- ---
OTL Logfile:
Code:
OTL logfile created on: 26.02.2011 14:20:38 - Run 2
OTL by OldTimer - Version 3.2.21.0    Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.3
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: stop-reload@design-noir.de:1.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?ie=UTF-8&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.02.10 11:27:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.20 19:13:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.12 23:10:56 | 000,000,000 | ---D | M]
 
[2010.10.12 15:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Extensions
[2011.02.25 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions
[2010.12.07 22:19:02 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.02.23 22:02:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011.02.10 20:19:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2011.01.08 11:33:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.12.24 01:09:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.01.26 06:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.12 15:12:58 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010.11.12 18:05:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.12.07 22:19:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.11.09 21:19:54 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\elemhidehelper@adblockplus.org
[2011.01.03 22:10:15 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\firegestures@xuldev.org
[2010.10.12 15:12:46 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\jyboy.yy@gmail.com
[2010.11.09 21:19:55 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\smarterwiki@wikiatic.com
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (Smart Stop/Reload) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\stop-reload@design-noir.de
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\translator@zoli.bod
[2011.02.22 01:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.06 23:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 00:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.10 11:27:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.22 00:14:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.25 02:53:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EPSON BX300F Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIEJE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {324EF666-6162-EB7C-CCD9-902E7CAFF8A8} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A1555D05-7B30-E6D9-A36F-989C041808E7} - Internet Explorer
ActiveX: {BE610BFB-BAC9-D822-8375-CEF48B492AAD} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.26 09:06:11 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{FC480404-759B-4582-8CD2-C9B0A8E1BD49}
[2011.02.25 23:44:16 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:14:55 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.25 23:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2011.02.25 23:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware
[2011.02.25 23:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2011.02.25 23:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haufe
[2011.02.25 22:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe
[2011.02.25 22:58:23 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:23 | 000,181,760 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:57:58 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.02.25 22:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011.02.25 22:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware
[2011.02.25 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Lexware
[2011.02.25 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Adobe
[2011.02.25 22:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011.02.25 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2011.02.25 21:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.02.25 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{EDE2EBB6-0BFC-491D-9E6E-D43627E994CD}
[2011.02.25 12:21:50 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\SoftGrid Client
[2011.02.25 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\eren\Documents\Nero Home
[2011.02.25 11:00:25 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Nero
[2011.02.25 10:25:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.02.25 10:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.25 10:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.25 10:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.25 10:16:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.25 10:14:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.25 10:14:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.25 02:53:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.02.25 01:34:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Nero
[2011.02.25 01:17:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{26A6F3DA-946C-435F-B80B-371EACEA3A92}
[2011.02.25 01:00:24 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Ahead
[2011.02.25 00:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011.02.25 00:52:22 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Nero_8_neu
[2011.02.24 23:51:49 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Windows Live Writer
[2011.02.24 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Diagnostics
[2011.02.24 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\EgisTec IPS
[2011.02.24 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Google
[2011.02.24 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\eren\Impostazioni locali
[2011.02.24 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.02.24 16:40:33 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Bewerbung als Einzelhandelskaufmann in ikea
[2011.02.23 10:57:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 10:57:36 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 10:57:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 10:57:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.22 00:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011.02.22 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.02.21 02:07:17 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\elsterformular
[2011.02.21 02:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.02.21 02:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2011.02.15 06:23:43 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.13 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.02.09 11:43:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.09 11:43:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.09 11:43:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.09 11:43:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.09 11:43:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.09 11:43:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.09 11:43:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.09 11:43:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.09 11:43:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.09 11:43:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.09 11:43:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.09 11:43:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.09 11:43:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.09 11:43:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.09 11:43:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.09 11:43:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.09 11:43:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.09 11:43:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.09 11:43:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.09 11:43:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.09 11:43:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.09 11:43:00 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.09 11:42:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.09 11:42:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.09 11:42:58 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.09 11:42:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.09 11:42:54 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.09 11:42:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.09 11:42:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.09 11:42:53 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.09 11:42:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.09 11:42:52 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.09 11:42:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.09 11:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.07 22:44:36 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2011.02.07 22:44:31 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys
[2011.02.05 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Generic UG_Acer_1.0_A_A
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.01.30 19:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011.01.30 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.26 14:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.26 14:15:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.26 14:15:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.26 14:14:59 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:40:15 | 000,076,834 | ---- | M] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:14:18 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:58:20 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:20 | 000,181,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:40:00 | 000,399,525 | ---- | M] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 21:21:07 | 381,786,452 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:55:07 | 002,612,534 | ---- | M] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 11:00:25 | 000,001,024 | ---- | M] () -- C:\Users\eren\.rnd
[2011.02.25 11:00:22 | 000,007,867 | ---- | M] () -- C:\Windows\Irremote.ini
[2011.02.25 10:09:43 | 004,274,659 | R--- | M] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 02:53:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.02.25 00:59:51 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:51:39 | 200,371,185 | ---- | M] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.25 00:46:33 | 000,000,385 | ---- | M] () -- C:\Windows\wininit.ini
[2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 23:09:11 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2011.02.24 23:05:02 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | M] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.24 15:55:28 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.24 15:55:28 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.24 15:55:28 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.24 15:55:28 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.24 15:55:28 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.23 14:36:31 | 000,002,490 | ---- | M] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | M] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.14 09:33:08 | 000,276,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.02 23:38:52 | 000,451,939 | ---- | M] () -- C:\Users\eren\Desktop\4444.PNG
 
========== Files Created - No Company Name ==========
 
[2011.02.25 23:40:08 | 000,076,834 | ---- | C] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:14:18 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:31:30 | 000,399,525 | ---- | C] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 21:21:07 | 381,786,452 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:54:58 | 002,612,534 | ---- | C] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 10:16:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.25 10:16:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.25 10:16:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.25 10:16:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.25 10:16:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.25 10:09:52 | 004,274,659 | R--- | C] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 00:59:51 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:58:36 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.25 00:58:28 | 000,001,024 | ---- | C] () -- C:\Users\eren\.rnd
[2011.02.25 00:25:48 | 200,371,185 | ---- | C] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.24 23:26:56 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | C] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.23 14:36:31 | 000,002,490 | ---- | C] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | C] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.15 06:23:46 | 000,001,058 | ---- | C] () -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2011.02.02 23:38:52 | 000,451,939 | ---- | C] () -- C:\Users\eren\Desktop\4444.PNG
[2010.12.07 17:24:26 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.06 19:30:51 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.13 12:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro
[2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite
[2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular
[2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON
[2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client
[2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak
[2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer
[2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall
[2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP
[2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client
[2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer
[2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 12:50:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.06 22:12:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Adobe
[2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro
[2010.12.05 09:24:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Avira
[2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite
[2010.12.14 08:59:28 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DivX
[2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular
[2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON
[2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger
[2010.12.05 01:54:27 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Google
[2010.12.05 01:34:01 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Identities
[2010.12.05 01:34:42 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Intel Corporation
[2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware
[2010.12.05 01:34:30 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Macromedia
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Media Center Programs
[2011.02.24 16:45:33 | 000,000,000 | --SD | M] -- C:\Users\eren\AppData\Roaming\Microsoft
[2010.10.12 15:12:45 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Mozilla
[2011.02.25 01:34:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Nero
[2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client
[2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak
[2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer
[2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall
[2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP
[2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client
[2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer
[2010.12.09 10:50:19 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.01.28 01:43:22 | 001,257,184 | ---- | M] (GameRanger Technologies) -- C:\Users\eren\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
[2010.12.09 10:50:27 | 000,016,384 | ---- | M] () -- C:\Users\eren\AppData\Roaming\Thinstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\SKEL\27b3fd671cb277ea9c2f48308c7d4839f58bcc5b.Console.EXE
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.04.13 02:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010.04.13 02:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_20285Z.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7311BB85

< End of report >
--- --- ---

xlexusx 26.02.2011 14:37
Hallo ich bins nochmal,OTL Logfile:
Code:
OTL Extras logfile created on: 26.02.2011 14:20:38 - Run 2
OTL by OldTimer - Version 3.2.21.0    Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Scanner" = EPSON Scan
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Revo Uninstaller" = Revo Uninstaller 1.91
"SprayR" = SprayR 1.0 RC7b
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2011 16:02:24 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c2f29  Name des fehlerhaften Moduls: npdivx32.dll, Version: 1.5.0.52,
 Zeitstempel: 0x4a04abb0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00067105  ID des fehlerhaften
 Prozesses: 0x145c  Startzeit der fehlerhaften Anwendung: 0x01cbcbb8ce3ec06a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
Berichtskennung:
 2c1ddc94-37ac-11e0-9c43-88ae1d9948ab
 
Error - 14.02.2011 07:17:07 | Computer Name = eren-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 17.02.2011 11:06:52 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: Empires2.Exe, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0013257e  ID des fehlerhaften
 Prozesses: 0x13c8  Startzeit der fehlerhaften Anwendung: 0x01cbceae396fe9d7  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\Empires2.Exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires
II\Empires2.Exe  Berichtskennung: 8cee0385-3aa7-11e0-ac96-88ae1d9948ab
 
Error - 18.02.2011 02:21:01 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7f0    Startzeit:
01cbcf322c244817    Endzeit: 72    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID: 
 
Error - 18.02.2011 07:52:30 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x13f4  Startzeit der fehlerhaften Anwendung: 0x01cbcf5fcaa6b6fd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 90121b49-3b55-11e0-b17c-88ae1d9948ab
 
Error - 18.02.2011 18:40:05 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Name des fehlerhaften Moduls: EMPIRES2.EXE, Version: 0.14.22.712,
 Zeitstempel: 0x3981d1df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00168bb0  ID des fehlerhaften
 Prozesses: 0xb70  Startzeit der fehlerhaften Anwendung: 0x01cbcfab8af1cfa0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Games\Age of Empires
II\EMPIRES2.EXE  Berichtskennung: 076b91cd-3bb0-11e0-80cd-88ae1d9948ab
 
Error - 19.02.2011 20:08:52 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: cf0    Startzeit:
01cbd0923d204fc4    Endzeit: 38    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID: 
 
Error - 20.02.2011 14:40:39 | Computer Name = eren-PC | Source = Application Hang | ID = 1002
Description = Programm Empires2.Exe, Version 0.14.22.712 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1494    Startzeit:
 01cbd12b2e8e8a5c    Endzeit: 68    Anwendungspfad: C:\Program Files (x86)\Microsoft Games\Age
 of Empires II\Empires2.Exe    Berichts-ID: 
 
Error - 24.02.2011 18:21:21 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4c1b553a  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x1674  Startzeit der fehlerhaften Anwendung: 0x01cbd4710630fe08  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 68269c25-4064-11e0-895a-88ae1d9948ab
 
Error - 24.02.2011 18:22:01 | Computer Name = eren-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NeroStartSmart.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4c1b553a  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe0434352  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x638  Startzeit der fehlerhaften Anwendung: 0x01cbd47133f8ded4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Nero\Nero 10\Nero BurnLite\NeroStartSmart.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 7fc42eca-4064-11e0-895a-88ae1d9948ab
 
[ System Events ]
Error - 08.01.2011 15:29:17 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 11.01.2011 09:32:27 | Computer Name = eren-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 12.01.2011 04:48:09 | Computer Name = eren-PC | Source = DCOM | ID = 10010
Description =
 
Error - 13.01.2011 08:16:26 | Computer Name = eren-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?01.?2011 um 13:14:53 unerwartet heruntergefahren.
 
Error - 13.01.2011 08:16:35 | Computer Name = eren-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 18.01.2011 07:12:16 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:17 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.01.2011 07:12:18 | Computer Name = eren-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >
--- --- ---

OTL Logfile:
Code:
OTL logfile created on: 26.02.2011 14:20:38 - Run 2
OTL by OldTimer - Version 3.2.21.0    Folder = C:\Users\eren\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 390,16 Gb Free Space | 86,19% Space Free | Partition Type: NTFS
 
Computer Name: EREN-PC | User Name: eren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\eren\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.3
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8
FF - prefs.js..extensions.enabledItems: stop-reload@design-noir.de:1.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {63df8e21-711c-4074-a257-b065cadc28d8}:1.9.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?ie=UTF-8&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.02.10 11:27:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.20 19:13:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.12 23:10:56 | 000,000,000 | ---D | M]
 
[2010.10.12 15:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Extensions
[2011.02.25 22:35:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions
[2010.12.07 22:19:02 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.02.23 22:02:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011.02.10 20:19:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.12 15:12:51 | 000,000,000 | ---D | M] (CuteMenus - Crystal SVG) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
[2011.01.08 11:33:37 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.12.24 01:09:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.10.12 15:12:52 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.01.26 06:28:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.12 15:12:58 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010.11.12 18:05:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.12.07 22:19:01 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.11.09 21:19:54 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\elemhidehelper@adblockplus.org
[2011.01.03 22:10:15 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\firegestures@xuldev.org
[2010.10.12 15:12:46 | 000,000,000 | ---D | M] (gTranslator) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\jyboy.yy@gmail.com
[2010.11.09 21:19:55 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\smarterwiki@wikiatic.com
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (Smart Stop/Reload) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\stop-reload@design-noir.de
[2010.10.12 15:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eren\AppData\Roaming\mozilla\Firefox\Profiles\.default\extensions\translator@zoli.bod
[2011.02.22 01:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.06 23:43:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 00:42:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.10 11:27:13 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.02.22 00:14:31 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.25 02:53:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-811191228-598741415-1951419527-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-811191228-598741415-1951419527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EPSON BX300F Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIEJE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SuiteTray - hkey= - key= - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {324EF666-6162-EB7C-CCD9-902E7CAFF8A8} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A1555D05-7B30-E6D9-A36F-989C041808E7} - Internet Explorer
ActiveX: {BE610BFB-BAC9-D822-8375-CEF48B492AAD} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.26 09:06:11 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{FC480404-759B-4582-8CD2-C9B0A8E1BD49}
[2011.02.25 23:44:16 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:14:55 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.25 23:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2011.02.25 23:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware
[2011.02.25 23:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware
[2011.02.25 23:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haufe
[2011.02.25 22:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe
[2011.02.25 22:58:23 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:23 | 000,181,760 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:23 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:57:58 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.02.25 22:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011.02.25 22:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware
[2011.02.25 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Lexware
[2011.02.25 22:35:15 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Adobe
[2011.02.25 22:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011.02.25 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2011.02.25 21:29:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.02.25 13:18:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{EDE2EBB6-0BFC-491D-9E6E-D43627E994CD}
[2011.02.25 12:21:50 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\SoftGrid Client
[2011.02.25 11:01:09 | 000,000,000 | ---D | C] -- C:\Users\eren\Documents\Nero Home
[2011.02.25 11:00:25 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Nero
[2011.02.25 10:25:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.02.25 10:16:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.25 10:16:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.25 10:16:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.25 10:16:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.25 10:14:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.25 10:14:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.25 02:53:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.02.25 01:34:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Nero
[2011.02.25 01:17:54 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\{26A6F3DA-946C-435F-B80B-371EACEA3A92}
[2011.02.25 01:00:24 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Ahead
[2011.02.25 00:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011.02.25 00:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011.02.25 00:52:22 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Nero_8_neu
[2011.02.24 23:51:49 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Windows Live Writer
[2011.02.24 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Diagnostics
[2011.02.24 23:33:59 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\EgisTec IPS
[2011.02.24 23:31:27 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Local\Google
[2011.02.24 23:19:56 | 000,000,000 | ---D | C] -- C:\Users\eren\Impostazioni locali
[2011.02.24 16:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.02.24 16:40:33 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Bewerbung als Einzelhandelskaufmann in ikea
[2011.02.23 10:57:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 10:57:36 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 10:57:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 10:57:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.22 00:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011.02.22 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.02.21 02:07:17 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\elsterformular
[2011.02.21 02:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.02.21 02:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2011.02.15 06:23:43 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.13 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.02.09 11:43:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.09 11:43:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.09 11:43:16 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.09 11:43:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.09 11:43:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.09 11:43:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.09 11:43:16 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.09 11:43:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.09 11:43:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.09 11:43:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.09 11:43:15 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.09 11:43:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.09 11:43:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.09 11:43:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.09 11:43:05 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.09 11:43:05 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.09 11:43:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.09 11:43:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.09 11:43:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.09 11:43:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.09 11:43:01 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.09 11:43:00 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.09 11:42:59 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.09 11:42:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.09 11:42:58 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.09 11:42:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.09 11:42:54 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.09 11:42:53 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.09 11:42:53 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.09 11:42:53 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.09 11:42:52 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.09 11:42:52 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.09 11:42:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.09 11:42:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.07 22:44:36 | 000,169,656 | ---- | C] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2011.02.07 22:44:31 | 000,025,528 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\SysNative\drivers\ESLvnic.sys
[2011.02.05 02:43:13 | 000,000,000 | ---D | C] -- C:\Users\eren\Desktop\Generic UG_Acer_1.0_A_A
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011.01.30 20:02:57 | 000,000,000 | ---D | C] -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.01.30 19:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011.01.30 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.26 14:23:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.26 14:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.26 14:15:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.26 14:15:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.26 14:14:59 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 23:44:14 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\eren\Desktop\OTL.exe
[2011.02.25 23:40:15 | 000,076,834 | ---- | M] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:14:18 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:58:20 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2011.02.25 22:58:20 | 000,181,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.02.25 22:58:20 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.02.25 22:40:00 | 000,399,525 | ---- | M] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 21:21:07 | 381,786,452 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:55:07 | 002,612,534 | ---- | M] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 11:00:25 | 000,001,024 | ---- | M] () -- C:\Users\eren\.rnd
[2011.02.25 11:00:22 | 000,007,867 | ---- | M] () -- C:\Windows\Irremote.ini
[2011.02.25 10:09:43 | 004,274,659 | R--- | M] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 02:53:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.02.25 00:59:51 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:51:39 | 200,371,185 | ---- | M] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.25 00:46:33 | 000,000,385 | ---- | M] () -- C:\Windows\wininit.ini
[2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 23:09:11 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2011.02.24 23:05:02 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | M] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.24 15:55:28 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.24 15:55:28 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.24 15:55:28 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.24 15:55:28 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.24 15:55:28 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.23 14:36:31 | 000,002,490 | ---- | M] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | M] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.14 09:33:08 | 000,276,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.02 23:38:52 | 000,451,939 | ---- | M] () -- C:\Users\eren\Desktop\4444.PNG
 
========== Files Created - No Company Name ==========
 
[2011.02.25 23:40:08 | 000,076,834 | ---- | C] () -- C:\Users\eren\Desktop\QuickSteuer_Deluxe_2011_Dasi.zip
[2011.02.25 23:14:18 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.02.25 22:31:30 | 000,399,525 | ---- | C] () -- C:\Users\eren\Desktop\Brennen.png
[2011.02.25 21:21:07 | 381,786,452 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.02.25 13:54:58 | 002,612,534 | ---- | C] () -- C:\Users\eren\Desktop\waikru.mp3
[2011.02.25 10:16:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.25 10:16:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.25 10:16:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.25 10:16:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.25 10:16:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.25 10:09:52 | 004,274,659 | R--- | C] () -- C:\Users\eren\Desktop\Cofi.exe..exe
[2011.02.25 00:59:51 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.02.25 00:59:51 | 000,002,647 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2011.02.25 00:58:36 | 000,007,867 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.25 00:58:28 | 000,001,024 | ---- | C] () -- C:\Users\eren\.rnd
[2011.02.25 00:25:48 | 200,371,185 | ---- | C] () -- C:\Users\eren\Desktop\Nero_8_neu.rar
[2011.02.24 23:26:56 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\C_20285Z.dll
[2011.02.24 22:43:15 | 000,043,232 | ---- | C] () -- C:\Users\eren\Desktop\Unbenannt4.PNG
[2011.02.23 14:36:31 | 000,002,490 | ---- | C] () -- C:\Users\eren\Desktop\Windows Live Messenger.lnk
[2011.02.22 00:14:43 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.15 06:23:46 | 000,001,072 | ---- | C] () -- C:\Users\eren\Desktop\GameRanger.lnk
[2011.02.15 06:23:46 | 000,001,058 | ---- | C] () -- C:\Users\eren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2011.02.02 23:38:52 | 000,451,939 | ---- | C] () -- C:\Users\eren\Desktop\4444.PNG
[2010.12.07 17:24:26 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.06 19:30:51 | 000,000,385 | ---- | C] () -- C:\Windows\wininit.ini
[2010.07.13 12:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro
[2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite
[2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular
[2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON
[2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger
[2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware
[2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client
[2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak
[2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer
[2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall
[2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP
[2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client
[2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer
[2011.02.26 13:30:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Acer Registration - Reminder Recall task.job
[2011.02.25 12:50:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.06 22:12:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Adobe
[2010.12.09 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Astroburn Pro
[2010.12.05 09:24:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Avira
[2010.12.09 11:29:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DAEMON Tools Lite
[2010.12.14 08:59:28 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\DivX
[2011.02.21 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\elsterformular
[2010.12.12 12:28:57 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\EPSON
[2011.02.15 06:23:46 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\GameRanger
[2010.12.05 01:54:27 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Google
[2010.12.05 01:34:01 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Identities
[2010.12.05 01:34:42 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Intel Corporation
[2011.02.26 08:33:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Lexware
[2010.12.05 01:34:30 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Macromedia
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Media Center Programs
[2011.02.24 16:45:33 | 000,000,000 | --SD | M] -- C:\Users\eren\AppData\Roaming\Microsoft
[2010.10.12 15:12:45 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Mozilla
[2011.02.25 01:34:54 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Nero
[2011.02.26 01:33:24 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\SoftGrid Client
[2010.12.19 17:00:21 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Systweak
[2010.12.06 22:53:34 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TeamViewer
[2010.12.09 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Thinstall
[2010.12.07 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TP
[2010.12.26 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\TS3Client
[2010.12.07 23:40:33 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\Windows Live Writer
[2010.12.09 10:50:19 | 000,000,000 | ---D | M] -- C:\Users\eren\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.01.28 01:43:22 | 001,257,184 | ---- | M] (GameRanger Technologies) -- C:\Users\eren\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
[2010.12.09 10:50:27 | 000,016,384 | ---- | M] () -- C:\Users\eren\AppData\Roaming\Thinstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\SKEL\27b3fd671cb277ea9c2f48308c7d4839f58bcc5b.Console.EXE
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.02.04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.02.04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.04.13 02:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010.04.13 02:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.02.24 23:26:56 | 000,065,536 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\C_20285Z.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E8BE05FA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7311BB85

< End of report >
--- --- ---

markusg 26.02.2011 14:58
wunderbar.

download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

xlexusx 26.02.2011 15:18
du sagtest eben wunderbar darf vielleicht auch wissen was eigentlich passiert ist ?

*alderdings mach ich das mit Malwarebytes komme gleich cucu"

markusg 26.02.2011 15:35
ich meinte wunderbar das es mit dem log geklappt hatt

xlexusx 26.02.2011 15:56
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5883

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.02.2011 15:56:18
mbam-log-2011-02-26 (15-56-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 281527
Laufzeit: 35 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und entfernt.

markusg 26.02.2011 15:58
ok
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

xlexusx 26.02.2011 16:23
Combofix Logfile:
Code:
ComboFix 11-02-25.02 - eren 26.02.2011  16:10:05.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3959.2407 [GMT 1:00]
ausgeführt von:: c:\users\eren\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((  Dateien erstellt von 2011-01-26 bis 2011-02-26  ))))))))))))))))))))))))))))))
.

2011-02-26 15:14 . 2011-02-26 15:14        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-02-26 14:15 . 2011-02-26 14:15        --------        d-----w-        c:\users\eren\AppData\Roaming\Malwarebytes
2011-02-26 14:15 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-26 14:15 . 2011-02-26 14:15        --------        d-----w-        c:\programdata\Malwarebytes
2011-02-26 14:15 . 2011-02-26 14:15        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-26 14:15 . 2010-12-20 17:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-02-26 08:06 . 2011-02-26 08:06        --------        d-----w-        c:\users\eren\AppData\Local\{FC480404-759B-4582-8CD2-C9B0A8E1BD49}
2011-02-25 21:55 . 2011-02-26 08:49        --------        d-----w-        c:\users\eren\AppData\Local\Lexware
2011-02-25 21:35 . 2011-02-25 21:35        --------        d-----w-        c:\users\eren\AppData\Local\Adobe
2011-02-25 21:19 . 2011-02-25 21:19        --------        d-----w-        c:\program files (x86)\Smart Projects
2011-02-25 20:29 . 2011-02-25 20:29        --------        d-----w-        c:\program files (x86)\MSXML 4.0
2011-02-25 12:18 . 2011-02-25 12:18        --------        d-----w-        c:\users\eren\AppData\Local\{EDE2EBB6-0BFC-491D-9E6E-D43627E994CD}
2011-02-25 11:21 . 2011-02-25 11:21        --------        d-----w-        c:\users\eren\AppData\Local\SoftGrid Client
2011-02-25 10:00 . 2011-02-25 10:00        --------        d-----w-        c:\users\eren\AppData\Local\Nero
2011-02-25 01:53 . 2011-02-25 01:53        --------        d-----w-        C:\_OTL
2011-02-25 00:34 . 2011-02-25 00:34        --------        d-----w-        c:\users\eren\AppData\Roaming\Nero
2011-02-25 00:17 . 2011-02-25 00:18        --------        d-----w-        c:\users\eren\AppData\Local\{26A6F3DA-946C-435F-B80B-371EACEA3A92}
2011-02-25 00:00 . 2011-02-25 10:01        --------        d-----w-        c:\users\eren\AppData\Local\Ahead
2011-02-24 23:56 . 2011-02-24 23:58        --------        d-----w-        c:\program files (x86)\Common Files\Nero
2011-02-24 23:56 . 2011-02-24 23:56        --------        d-----w-        c:\programdata\Nero
2011-02-24 23:56 . 2011-02-24 23:56        --------        d-----w-        c:\program files (x86)\Nero
2011-02-24 22:51 . 2011-02-24 22:51        --------        d-----w-        c:\users\eren\AppData\Local\Windows Live Writer
2011-02-24 22:38 . 2011-02-24 22:38        --------        d-----w-        c:\users\eren\AppData\Local\Diagnostics
2011-02-24 22:33 . 2011-02-24 22:33        --------        d-----w-        c:\users\eren\AppData\Local\EgisTec IPS
2011-02-24 22:31 . 2011-02-25 00:30        --------        d-----w-        c:\users\eren\AppData\Local\Google
2011-02-24 22:26 . 2011-02-24 22:26        65536        --sha-r-        c:\windows\SysWow64\C_20285Z.dll
2011-02-24 22:19 . 2011-02-24 22:19        --------        d-----w-        c:\users\eren\Impostazioni locali
2011-02-24 15:45 . 2011-02-24 15:45        --------        d-----w-        c:\programdata\Microsoft Help
2011-02-23 14:30 . 2010-09-14 06:45        367104        ----a-w-        c:\windows\system32\wcncsvc.dll
2011-02-23 14:30 . 2010-09-14 06:07        276992        ----a-w-        c:\windows\SysWow64\wcncsvc.dll
2011-02-23 09:57 . 2011-01-07 08:07        662528        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-02-23 09:57 . 2011-01-07 08:07        475648        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-23 09:57 . 2011-01-07 07:31        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-02-23 09:57 . 2011-01-07 07:31        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 09:32 . 2011-01-13 10:20        7844688        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{369CB091-C2CB-4CDC-B1FA-F2872D723EA0}\mpengine.dll
2011-02-21 23:14 . 2011-02-24 21:15        --------        d-----w-        c:\program files (x86)\JDownloader
2011-02-21 01:07 . 2011-02-21 01:07        --------        d-----w-        c:\users\eren\AppData\Roaming\elsterformular
2011-02-21 01:05 . 2011-02-21 01:05        --------        d-----w-        c:\programdata\elsterformular
2011-02-21 01:05 . 2011-02-21 01:08        --------        d-----w-        c:\program files (x86)\ElsterFormular
2011-02-15 05:23 . 2011-02-15 05:23        --------        d-----w-        c:\users\eren\AppData\Roaming\GameRanger
2011-02-09 10:42 . 2011-01-26 06:31        144384        ----a-w-        c:\windows\system32\cdd.dll
2011-02-07 21:44 . 2010-12-08 10:53        169656        ----a-w-        c:\windows\system32\drivers\ESLWireACD.sys
2011-02-07 21:44 . 2010-12-08 10:53        25528        ----a-w-        c:\windows\system32\drivers\ESLvnic.sys
2011-01-30 19:02 . 2011-01-30 19:02        --------        d-----w-        c:\program files (x86)\VS Revo Group
2011-01-30 18:41 . 2011-01-30 18:41        --------        d-----w-        c:\program files (x86)\Common Files\DivX Shared
2011-01-30 13:57 . 2011-01-30 13:57        103864        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 08:43 . 2010-12-05 08:43        2560        ----a-w-        c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2010-12-05 08:43 . 2010-12-05 08:43        2560        ----a-w-        c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2010-12-05 08:43 . 2010-12-05 08:43        5632        ----a-w-        c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2010-12-05 08:43 . 2010-12-05 08:43        51712        ----a-w-        c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2010-12-05 08:43 . 2010-12-05 08:43        29696        ----a-w-        c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2010-12-05 08:43 . 2010-12-05 08:43        16896        ----a-w-        c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2010-12-05 08:23 . 2010-12-05 08:22        83120        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-12-05 00:12 . 2010-12-05 00:12        505128        ----a-w-        c:\windows\SysWow64\msvcp71.dll
2010-12-05 00:12 . 2010-12-05 00:12        353576        ----a-w-        c:\windows\SysWow64\msvcr71.dll
2010-12-05 00:12 . 2010-12-05 00:12        29480        ----a-w-        c:\windows\SysWow64\msxml3a.dll
2010-12-04 23:58 . 2010-12-04 23:58        3        ----a-w-        c:\windows\system32\PLD_Framework.cmd
.

(((((((((((((((((((((((((((((  SnapShot@2011-02-25_09.25.08  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-19 14:34 . 2010-10-19 14:34        69632              c:\windows\SysWOW64\PXTTool80VC8.dll
+ 1996-10-09 16:25 . 1996-10-09 16:25        80896              c:\windows\SysWOW64\PXTREE32.DLL
+ 2010-10-19 14:34 . 2010-10-19 14:34        27648              c:\windows\SysWOW64\LXTPSW20VC8.dll
+ 2011-02-26 15:14 . 2011-02-26 15:14        13585              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-02-25 09:23 . 2011-02-25 09:23        13585              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-02-25 09:24        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-26 15:15        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-26 15:15        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-25 09:24        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-26 15:15        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-25 09:24        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-13 11:21 . 2011-02-26 13:17        63008              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-26 13:17        32664              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-12-05 00:30 . 2011-02-24 11:18        32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-05 00:30 . 2011-02-26 09:17        32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-25 11:24 . 2011-02-26 09:17        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-24 11:18        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-26 09:17        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-05 00:53 . 2011-02-26 15:17        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-05 00:53 . 2011-02-25 09:25        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-02-26 12:17        80352              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-12-05 00:53 . 2011-02-25 09:25        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-05 00:53 . 2011-02-26 15:17        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-05 00:53 . 2011-02-25 09:25        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-05 00:53 . 2011-02-26 15:17        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-05 00:53 . 2011-02-25 09:25        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-05 00:53 . 2011-02-26 15:17        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-05 00:53 . 2011-02-26 15:17        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-05 00:53 . 2011-02-25 09:25        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-25 20:29 . 2011-02-25 20:29        32768              c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2011-02-25 21:57 . 2011-02-25 21:57        10134              c:\windows\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
+ 2011-02-25 20:29 . 2011-02-25 20:29        32768              c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2011-02-25 22:14 . 2011-02-25 22:14        57344              c:\windows\Installer\{6BCC7669-A863-4C24-804B-9C811C102F71}\NewShortcut2.C5C62008_87C8_4C2F_ABF4_46914027DD45.exe
+ 2011-02-25 22:14 . 2011-02-25 22:14        45056              c:\windows\Installer\{6BCC7669-A863-4C24-804B-9C811C102F71}\NewShortcut2.C3689185_4222_4F18_9E97_15FEFA5BB00F.exe
+ 2011-02-25 22:14 . 2011-02-25 22:14        57344              c:\windows\Installer\{6BCC7669-A863-4C24-804B-9C811C102F71}\NewShortcut2.306E0A24_77CC_4859_BD8E_90EF2434B1E8.exe
+ 2011-02-25 22:14 . 2011-02-25 22:14        18510              c:\windows\Installer\{6BCC7669-A863-4C24-804B-9C811C102F71}\ARPPRODUCTICON.exe
+ 2011-02-25 21:58 . 2011-02-25 21:58        81920              c:\windows\Installer\{406A89D6-09E6-4550-B370-8D376DDB56BE}\ARPPRODUCTICON.exe
+ 2011-02-25 22:14 . 2011-02-25 22:14        73728              c:\windows\Installer\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}\NewShortcut1.E478996E_1F9C_4900_988E_F8A470FEA557.exe
+ 2011-02-25 22:14 . 2011-02-25 22:14        10134              c:\windows\Installer\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}\ARPPRODUCTICON.exe
+ 2010-12-06 14:08 . 2011-02-25 10:07        4674              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-12-05 00:33 . 2011-02-26 13:17        8588              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-811191228-598741415-1951419527-1000_UserData.bin
+ 2011-02-26 15:15 . 2011-02-26 15:15        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-25 09:24 . 2011-02-25 09:24        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-25 09:24 . 2011-02-25 09:24        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-26 15:15 . 2011-02-26 15:15        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-21 17:01 . 2010-09-21 17:01        557056              c:\windows\SysWOW64\zvkonline80VC8.dll
+ 2010-08-29 15:42 . 2010-08-29 15:42        552960              c:\windows\SysWOW64\zvkonline70VC8.dll
+ 2010-08-31 09:19 . 2010-08-31 09:19        552960              c:\windows\SysWOW64\zvkonline65VC8.dll
+ 2010-08-31 09:44 . 2010-08-31 09:44        548864              c:\windows\SysWOW64\zvkonline60VC8.dll
+ 2001-09-06 14:34 . 2001-09-06 14:34        252328              c:\windows\SysWOW64\Olch2d32.dll
+ 2011-02-25 21:58 . 2011-02-25 21:58        232912              c:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
+ 2011-02-25 21:58 . 2011-02-25 21:58        311760              c:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.dll
+ 2010-10-19 14:34 . 2010-10-19 14:34        110592              c:\windows\SysWOW64\LxUISettings20Native.dll
+ 2010-10-19 14:34 . 2010-10-19 14:34        135168              c:\windows\SysWOW64\LxMail30VC8.dll
+ 2010-10-19 14:34 . 2010-10-19 14:34        196608              c:\windows\SysWOW64\LxBasics91VC8.dll
+ 2006-04-21 09:08 . 2006-04-21 09:08        253952              c:\windows\SysWOW64\HtmlHelp.dll
+ 2007-05-09 15:16 . 2007-05-09 15:16        176128              c:\windows\SysWOW64\DZIP32.DLL
+ 2007-05-09 15:16 . 2007-05-09 15:16        315392              c:\windows\SysWOW64\dzactx.dll
+ 2007-05-09 15:16 . 2007-05-09 15:16        278528              c:\windows\SysWOW64\duzactx.dll
+ 2007-05-09 15:16 . 2007-05-09 15:16        143360              c:\windows\SysWOW64\DUNZIP32.DLL
+ 2011-02-25 21:58 . 2011-02-25 21:58        181760              c:\windows\system32\javaws.exe
+ 2011-02-25 21:58 . 2011-02-25 21:58        165888              c:\windows\system32\javaw.exe
+ 2011-02-25 21:58 . 2011-02-25 21:58        165888              c:\windows\system32\java.exe
+ 2011-02-25 21:58 . 2011-02-25 21:58        455680              c:\windows\system32\deploytk.dll
+ 2009-07-14 05:01 . 2011-02-26 15:14        236180              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-02-25 09:23        236180              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-25 22:14 . 2011-02-25 22:14        180224              c:\windows\Installer\{6BCC7669-A863-4C24-804B-9C811C102F71}\NewShortcut4.01E7A585_A263_4AC2_B65E_52C6640FDFB7.exe
+ 2011-02-25 22:14 . 2011-02-25 22:14        180224              c:\windows\Installer\{6BCC7669-A863-4C24-804B-9C811C102F71}\NewShortcut3.01E7A585_A263_4AC2_B65E_52C6640FDFB7.exe
+ 2011-02-25 22:14 . 2011-02-25 22:14        180224              c:\windows\Installer\{6BCC7669-A863-4C24-804B-9C811C102F71}\NewShortcut14.01E7A585_A263_4AC2_B65E_52C6640FDFB7.exe
+ 2011-02-25 22:14 . 2011-02-25 22:14        180224              c:\windows\Installer\{6BCC7669-A863-4C24-804B-9C811C102F71}\NewShortcut13.01E7A585_A263_4AC2_B65E_52C6640FDFB7.exe
+ 2011-02-25 21:57 . 2011-02-25 21:57        884736              c:\windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll
+ 2009-07-20 23:05 . 2009-07-20 23:05        1348432              c:\windows\SysWOW64\msxml4.dll
+ 2010-10-19 14:34 . 2010-10-19 14:34        4648960              c:\windows\SysWOW64\LxXtreme70VC8.dll
+ 2010-10-19 14:34 . 2010-10-19 14:34        1335296              c:\windows\SysWOW64\LXTool91VC8.dll
+ 2010-09-21 17:01 . 2010-09-21 17:01        1347584              c:\windows\SysWOW64\LXTool80VC8.dll
+ 2010-08-29 15:41 . 2010-08-29 15:41        1245184              c:\windows\SysWOW64\LXTool70VC8.dll
+ 2010-08-29 15:39 . 2010-08-29 15:39        1257472              c:\windows\SysWOW64\LXTool70NSVC8.dll
+ 2010-08-29 16:16 . 2010-08-29 16:16        1196032              c:\windows\SysWOW64\LxTool65VC8.dll
+ 2010-08-29 16:14 . 2010-08-29 16:14        1204224              c:\windows\SysWOW64\LxTool65NSVC8.dll
+ 2010-08-29 17:54 . 2010-08-29 17:54        1130496              c:\windows\SysWOW64\LxTool60VC8.dll
+ 2010-08-29 17:51 . 2010-08-29 17:51        1138688              c:\windows\SysWOW64\LXtool60NSVC8.dll
+ 2009-07-14 04:45 . 2011-02-25 21:05        3801160              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-02-25 01:58        3801160              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2010-12-05 20:58 . 2011-02-25 01:54        5241540              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-811191228-598741415-1951419527-1000-8192.dat
+ 2010-12-05 20:58 . 2011-02-26 15:14        5241540              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-811191228-598741415-1951419527-1000-8192.dat
+ 2011-02-25 22:14 . 2010-09-15 09:58        6037504              c:\windows\Installer\LxCache\{600FFA15-9871-44B9-B1E0-6522D83E7AB8}\LEXWAREINFOSERVICE.MSI
+ 2009-07-20 23:29 . 2009-07-20 23:29        6057984              c:\windows\Installer\836c6.msi
+ 2008-09-30 20:07 . 2008-09-30 20:07        6042112              c:\windows\Installer\836bf.msi
+ 2010-09-15 09:58 . 2010-09-15 09:58        6037504              c:\windows\Installer\32d0dc.msi
+ 2010-08-16 09:39 . 2010-08-16 09:39        3882496              c:\windows\Installer\32d0ca.msi
+ 2009-06-02 12:59 . 2009-06-02 12:59        1647104              c:\windows\Installer\32d0c3.msi
+ 2009-06-18 10:46 . 2009-06-18 10:46        1305600              c:\windows\Installer\32d0bd.msi
+ 2009-07-14 02:34 . 2011-02-26 12:27        10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-02-25 09:19        10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-02-25 22:11 . 2010-11-02 14:53        169475584              c:\windows\Installer\LxCache\{D91AD5C4-5A00-4668-B323-0CFDEDDA45B8}\QUICKSTEUER_DELUXE.MSI
+ 2010-11-02 14:53 . 2010-11-02 14:53        169475584              c:\windows\Installer\32d0d6.msi
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 135664]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2010-12-08 25528]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-09 834544]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2010-11-24 101048]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]

.
Inhalt des "geplante Tasks" Ordners

2011-02-26 c:\windows\Tasks\Acer Registration - Reminder Recall task.job
- c:\program files (x86)\Acer\Registration\GREG.exe [2010-04-28 02:47]

2011-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 01:07]

2011-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 01:07]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"ETDWare"="%ProgramFiles%\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-02-25 170496]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612109925l0454z145v47j22903
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\eren\AppData\Roaming\Mozilla\Firefox\Profiles\.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL -  hxxp://www.google.de/search?ie=UTF-8&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: gTranslator: jyboy.yy@gmail.com - %profile%\extensions\jyboy.yy@gmail.com
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Smart Stop/Reload: stop-reload@design-noir.de - %profile%\extensions\stop-reload@design-noir.de
FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: CuteMenus - Crystal SVG: {63df8e21-711c-4074-a257-b065cadc28d8} - %profile%\extensions\{63df8e21-711c-4074-a257-b065cadc28d8}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-811191228-598741415-1951419527-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-26  16:21:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-26 15:21
ComboFix2.txt  2011-02-25 09:30

Vor Suchlauf: 15 Verzeichnis(se), 418.929.287.168 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 418.897.100.800 Bytes frei

- - End Of File - - 30A8156336BD8CA960CD77F4F3649235
--- --- ---

Ein problem konnte die Spyware und Antvir nicht beenden :;( habs aber deaktiviert weil ich nicht wusste wie das ging

markusg 26.02.2011 16:44
ja das ist ok so.
sieht so weit gut aus.

lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

xlexusx 26.02.2011 17:06
Acer Backup Manager benötigt
Acer Crystal Eye webcam benötigt
Acer ePower Management benötigt
Acer eRecovery Management benötigt
Acer Registration Acer Incorporated benötigt
Acer ScreenSaver Acer Incorporated benötigt
Acer Updater Acer Incorporated >Unbekannt
Acrobat.com Adobe Systems Benötigt
Adobe AIR Adobe Systems Inc. benötigt
Adobe Flash Player 10 ActiveX benötigt
Adobe Flash Player 10 Plugin Unbekannt
Adobe Reader 9.4.2 MUI benötigt
Airport Mania First Flight unbekannt
Amazonia Oberon Media unbekannt
Avira AntiVir Personal - benötigt
Cake Mania Oberon Media unbekannt
CCleaner Piriform benötigt
CyberLink PowerDVD 9 nicht benötigt
DivX Web Player DivX,Inc. benötigt
Dream Day First Home unbekannt
EPSON BX300F Series benötigt
EPSON Scan benötigt
eSobi v2 esobi Inc. unbekannt
ETDWare PS/2-x64 7.0.6.5_WHQL unbekannt
Farm Frenzy 2 Oberon Media unnötig
Galapago Oberon Media unnötig
GameRanger benötigt
Google Toolbar for Internet Explorer Google Inc.unnötig
Heroes of Hellas Oberon Media unnötig
Identity Card Acer Incorporated unbekannt
Intel(R) Management Engine Components Intel Corporation benötigt
Intel(R) Rapid Storage Technology Intel Corporation benötigt
IsoBuster 2.8.5 Smart Projects 24.02.2011 10,7MB unnötig
Java(TM) 6 Update 13 (64-bit) benötig
Java(TM) 6 Update 23 Oracle benötig
JDownloader benötig
Launch Manager Acer Inc. benötig
Lexware Info Service benötig
Malwarebytes' Anti-Malware unbekannt
McAfee SiteAdvisor McAfee, benötig
McAfee SiteAdvisor McAfee, benötig
Merriam Websters Spell Jam unbekannt
Messenger Plus! Live benötig
Microsoft .NET Framework 4 Client unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation unbekannt
Microsoft Office 2010 benötig
Microsoft Office Klick-und-Los 2010 Microsoft Corporation unbekannt
Microsoft Office Starter 2010 - Deutsch unbekannt
Microsoft Silverlight unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation unbekannt
Microsoft WSE 3.0 Runtime Microsoft Corp. unbekannt
Mozilla Firefox (3.6.13) Mozilla benötigt
MSXML 4.0 SP2 (KB954430) unbekannt
MSXML 4.0 SP2 (KB973688) unbekannt
MyWinLocker Suite unbekannt
Nero 8 benötigt .
NVIDIA Drivers NVIDIA Corporation benötigt
NVIDIA PhysX NVIDIA Corporation benötigt
Poker Pop Oberon Media unnötig
QuickSteuer Deluxe 2011 benötigt
Realtek High Definition Audio Driver Realtek Semiconductor Corp. benötigt
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. benötigt
Revo Uninstaller 1.91 VS Revo Group unbekkant
Spin & Win Oberon Media unbekannt
SprayR 1.0 RC7b Jan 'neofrag' Willms unnötig
Spybot - Search & Destroy Safer Networking Limited benötigt
System Requirements Lab unbekannt
System Requirements Lab for Intel unbekannt
TeamSpeak 3 Client Unnötig
Welcome Center Acer Incorporated unbekant
Windows Live Essentials Microsoft unbekannt
Windows Live Sync Microsoft unbekannt



Die meisten programme kenn ich wirklich nicht will da auch nix falsches löschen da hab ich angst irgendwie.

ich hoffe ich habe das richtig versatnden gehabt,. und gemacht

markusg 26.02.2011 17:11
deinstaliere.
Adobe Reader 9.4.2
ersetzen:
Adobe - Adobe Reader herunterladen - Alle Versionen

bitte den mcafee security scan nicht mit instalieren.
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok
deinstaliere.
Airport Mania
Amazonia
Cake Mania
Dream Day First
eSobi
Farm Frenzy 2
Galapago
Google Toolbar
Heroes of Hellas
IsoBuster
Java beide versionen deinstalieren!

Java SE Downloads
klicke auf download jre
Merriam Websters
Poker Pop
Spin & Win
SprayR
Spybot kann man getrost drauf verzichten, nur 1x updates pro woche, ist nicht nützlich
TeamSpeak
Windows Live
beide.
bereinige jetzt mit dem ccleaner.

xlexusx 26.02.2011 17:35
Download Java SE Runtime Environment 6u24 for Windows x64, Multi-language

Download Information and Files

diese Java hab ich runtergeladen das müsste die richtige sein oder ?

diese kleine spiele von obera sind mit auf acer draufinstalliert und so gekommen so ein Müll braucht wirklich kein mensch.

Öhm du hast ja das geschrieben
Spybot kann man getrost drauf verzichten, nur 1x updates pro woche, ist nicht nützlich
TeamSpeak
Windows Live
beide.
bereinige jetzt mit dem ccleaner.
Also Spybot deinstallieren gelle ? Teamspeak genauso und windows live

aber windows live brauchen wir ja das ist das Msn.

markusg 26.02.2011 17:37
messenger steht nicht dabei. die
Windows Live Essentials Microsoft unbekannt
Windows Live Sync Microsoft unbekannt
sollten weg können.
ja bei java ists das richtige.

xlexusx 26.02.2011 17:41
Wenn ich das Windows Live Essentials Deinstalliere fragt es mich ob ich das windows mail oder das messenger bzw beide zussamen deinstallieren will.

hab ejetzt alle beide auf deinstallieren gedrückt das heisst theoretisch das ich kein Messenger mehr habe wen.

markusg 26.02.2011 17:42
na wenn du den messenger brauchst behällst du ihn, wenn du windows mail auch brauchst dann deinstaliere es nicht, du hast unnötig dahinter geschrieben :-)

xlexusx 26.02.2011 17:47
Ähm Nach jeder Neustart kommt ein meldung mit " Das Profil konnte nicht gefunden werden"

da kan ich Nur auf´s OK drücken oder [X] schliesen

bin mir nicht so sicher ob alles hier okay ist ;( allerdings ist mein msn gelöscht worden weil das Windos Live Essentials warscheinlich msn war da habe ich deinstallieren gedrückt, Windows messenge ausgewählt und Windows Mail und ein neustart war angesagt.

xlexusx 26.02.2011 17:47
Zitat:
Zitat von markusg (Beitrag 624764)
na wenn du den messenger brauchst behällst du ihn, wenn du windows mail auch brauchst dann deinstaliere es nicht, du hast unnötig dahinter geschrieben :-)

Sorry wusste ich nicht die namen sagen mir weniger ;

markusg 26.02.2011 17:52
kannst du mal versuchsweise avira deinstalieren und dann neustarten?
tritts problem noch auf?

xlexusx 26.02.2011 18:11
Hallo MarkusG,

was ich seltsam finde wenn ich avire deinstalliere kommt da kein Meldung mehr einerseits ist das wieder seltsam früher kam ja kein meldung nur ist das später irgendwie gekommen nachdem ich viren bekommen hatte.

Also kein meldung mehr meinst du das dass jetzt alles gesäubert ist ?
Mein System startet langsam woran liegt das

markusg 26.02.2011 18:13
wir müssen avira erst mal wieder neu drauf machen, vllt läufts jetzt.

hast du bereits mit dem ccleaner bereinigt?
war der systemstart die ganze zeit langsam seit die trojaner meldungen auftraten?

avira
http://www.trojaner-board.de/54192-a...tellungen.html
avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
bitte auch unter verwaltung, planer, scan auftrag, darauf achten, das dieser über lokale laufwerke läuft! sonst werden die einstellungen nicht gültig.
den update auftrag auf 1x pro tag einstellen.
und "nachhohlen falls zeit überschritten" auswählen
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.

xlexusx 26.02.2011 18:13
was für Antivir nutzten sie den eigentlich ?
und was sie mir empfhelen können ?

xlexusx 26.02.2011 18:14
Mein Startup Programme was deaktivieren ? was aktivieren ?


Zitat:
Zitat von xlexusx (Beitrag 624782)
Ja HKCU:Run IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
Nein HKCU:Run EPSON BX300F Series C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S6F09.tmp" /EF "HKCU"
Nein HKCU:Run swg "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Ja HKLM:Run IAStorIcon C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Ja HKLM:Run EgisUpdate "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
Ja HKLM:Run EgisTecPMMUpdate "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
Ja HKLM:Run BackupManagerTray "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
Ja HKLM:Run LManager C:\Program Files (x86)\Launch Manager\LManager.exe
Ja HKLM:Run NBKeyScan "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
Ja HKLM:Run LexwareInfoService C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
Ja HKLM:Run Adobe Reader Speed Launcher "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Ja HKLM:Run Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja HKLM:Run RtHDVCpl C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Ja HKLM:Run ETDWare %ProgramFiles%\Elantech\ETDCtrl.exe
Ja HKLM:Run Acer ePower Management C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Nein HKLM:Run DivX Download Manager "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
Nein HKLM:Run DivXUpdate "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Nein HKLM:Run mwlDaemon C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
Nein HKLM:Run SuiteTray "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

markusg 26.02.2011 18:15
start ausführen msconfig.exe
enter
unter systemstart alle haken raus, außer avgnt (avira)
pc neustarten.
verbesserung?

xlexusx 26.02.2011 18:19
es war schon so langsam hab nur mal so nebenbei gefragt ob sie vielleicht tipp´s haben oder so.

Ah ja bereinigt habe ich "wir sollen bei cc nix in registry suchen" stimmt das wirklich ? das es das system beschädigen kann.

markusg 26.02.2011 18:24
ja das stimmt.
also schalt mal die autostart einträge aus und starte neu.

xlexusx 26.02.2011 18:37
Zitat:
Zitat von markusg (Beitrag 624784)
start ausführen msconfig.exe
enter
unter systemstart alle haken raus, außer avgnt (avira)
pc neustarten.
verbesserung?
So dies habe ich jetzt gemacht Auch das mit Avira Eingestellt , neugestartet nur das braucht immernoch lange bei der Wilkommen schrift (Windows7) aber naja ist nicht so tragisch dan ausser sie haben ein anderes iddeeee.

Alderiings ist untern rechts bei starttaskliste nicht mehr das C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe was früher da war das schadet nicht oder ?

markusg 26.02.2011 18:38
nein das schadet nicht.
scanne bitte erst mal mit avira wie beschrieben.
wie lange ist denn lange :-)

xlexusx 26.02.2011 18:43
öhm ich schätze mal 7 - 12 sec


ist das was für mich ?

hxxp://www.windowspower.de/Windows-7-schneller-Starten_1392.html

markusg 26.02.2011 19:00
das ist blödsinn :-)
na 7 sekunden is doch wohl net lang.
mach jetzt erst mal den avira scan bitte wie oben beschrieben!

xlexusx 26.02.2011 19:02
Zitat:
Zitat von markusg (Beitrag 624805)
das ist blödsinn :-)
na 7 sekunden is doch wohl net lang.
mach jetzt erst mal den avira scan bitte wie oben beschrieben!

:)) alles klar dan,
jao Scan Vorgang läuft schon grade 7 versteckte objekte (was auch das heisst)

und 25%

xlexusx 26.02.2011 19:48
taddaaaaaaaaaaaaa



Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 26. Februar 2011 18:43

Es wird nach 2437318 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : EREN-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.611 31824 Bytes 14.01.2011 13:28:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10.01.2011 13:22:56
AVSCAN.DLL : 10.0.3.0 56168 Bytes 10.01.2011 13:23:14
LUKE.DLL : 10.0.3.2 104296 Bytes 10.01.2011 13:23:03
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:23:11
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 17:18:48
VBASE003.VDF : 7.11.3.1 2048 Bytes 09.02.2011 17:18:48
VBASE004.VDF : 7.11.3.2 2048 Bytes 09.02.2011 17:18:48
VBASE005.VDF : 7.11.3.3 2048 Bytes 09.02.2011 17:18:48
VBASE006.VDF : 7.11.3.4 2048 Bytes 09.02.2011 17:18:48
VBASE007.VDF : 7.11.3.5 2048 Bytes 09.02.2011 17:18:48
VBASE008.VDF : 7.11.3.6 2048 Bytes 09.02.2011 17:18:48
VBASE009.VDF : 7.11.3.7 2048 Bytes 09.02.2011 17:18:48
VBASE010.VDF : 7.11.3.8 2048 Bytes 09.02.2011 17:18:48
VBASE011.VDF : 7.11.3.9 2048 Bytes 09.02.2011 17:18:48
VBASE012.VDF : 7.11.3.10 2048 Bytes 09.02.2011 17:18:48
VBASE013.VDF : 7.11.3.59 157184 Bytes 14.02.2011 17:18:48
VBASE014.VDF : 7.11.3.97 120320 Bytes 16.02.2011 17:18:48
VBASE015.VDF : 7.11.3.148 128000 Bytes 19.02.2011 17:18:48
VBASE016.VDF : 7.11.3.183 140288 Bytes 22.02.2011 17:18:48
VBASE017.VDF : 7.11.3.216 124416 Bytes 24.02.2011 17:18:49
VBASE018.VDF : 7.11.3.217 2048 Bytes 24.02.2011 17:18:49
VBASE019.VDF : 7.11.3.218 2048 Bytes 24.02.2011 17:18:49
VBASE020.VDF : 7.11.3.219 2048 Bytes 24.02.2011 17:18:49
VBASE021.VDF : 7.11.3.220 2048 Bytes 24.02.2011 17:18:49
VBASE022.VDF : 7.11.3.221 2048 Bytes 24.02.2011 17:18:49
VBASE023.VDF : 7.11.3.222 2048 Bytes 24.02.2011 17:18:49
VBASE024.VDF : 7.11.3.223 2048 Bytes 24.02.2011 17:18:49
VBASE025.VDF : 7.11.3.224 2048 Bytes 24.02.2011 17:18:49
VBASE026.VDF : 7.11.3.225 2048 Bytes 24.02.2011 17:18:49
VBASE027.VDF : 7.11.3.226 2048 Bytes 24.02.2011 17:18:49
VBASE028.VDF : 7.11.3.227 2048 Bytes 24.02.2011 17:18:49
VBASE029.VDF : 7.11.3.228 2048 Bytes 24.02.2011 17:18:49
VBASE030.VDF : 7.11.3.229 2048 Bytes 24.02.2011 17:18:49
VBASE031.VDF : 7.11.3.240 62976 Bytes 25.02.2011 17:18:49
Engineversion : 8.2.4.176
AEVDF.DLL : 8.1.2.1 106868 Bytes 10.01.2011 13:22:51
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 26.02.2011 17:18:51
AESCN.DLL : 8.1.7.2 127349 Bytes 10.01.2011 13:22:49
AESBX.DLL : 8.1.3.2 254324 Bytes 10.01.2011 13:22:49
AERDL.DLL : 8.1.9.2 635252 Bytes 10.01.2011 13:22:49
AEPACK.DLL : 8.2.4.10 520567 Bytes 26.02.2011 17:18:51
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 26.02.2011 17:18:50
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 26.02.2011 17:18:50
AEHELP.DLL : 8.1.16.1 246134 Bytes 26.02.2011 17:18:49
AEGEN.DLL : 8.1.5.2 397683 Bytes 26.02.2011 17:18:49
AEEMU.DLL : 8.1.3.0 393589 Bytes 10.01.2011 13:22:42
AECORE.DLL : 8.1.19.2 196983 Bytes 26.02.2011 17:18:49
AEBB.DLL : 8.1.1.0 53618 Bytes 10.01.2011 13:22:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.01.2011 13:22:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 10.01.2011 13:22:55
AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 13:26:53
AVREG.DLL : 10.0.3.2 53096 Bytes 10.01.2011 13:22:55
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10.01.2011 13:22:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 10.01.2011 13:22:51
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10.01.2011 13:22:54
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.01.2011 13:22:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 10.01.2011 13:23:15

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +PCK,+PFS,+SPR,

Beginn des Suchlaufs: Samstag, 26. Februar 2011 18:43

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\Software\McAfee\symboliclinkvalue
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\8
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\10
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\11
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\12
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\7
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions\9
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'IoctlSvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '11' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '50' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '346' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\Users\eren\Downloads\Steuer.Spar.Erklaerung.2011.German-RESTORE.7z.001.part
[WARNUNG] Die Datei konnte nicht gelesen werden!
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert


Ende des Suchlaufs: Samstag, 26. Februar 2011 19:34
Benötigte Zeit: 51:19 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

20803 Verzeichnisse wurden überprüft
362710 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
362710 Dateien ohne Befall
5117 Archive wurden durchsucht
1 Warnungen
0 Hinweise
538075 Objekte wurden beim Rootkitscan durchsucht
7 Versteckte Objekte wurden gefunden

markusg 26.02.2011 19:53
so, was hab ich geschrieben, suchlauf soll über lokaler schutz, lokale laufwerke gehen.
bitte überprüfe die konfiguration noch mal ganz genau.
dann scanne über lokaler schutz, lokale laufwerke

xlexusx 26.02.2011 20:07
Zitat:
Zitat von markusg (Beitrag 624781)
wir müssen avira erst mal wieder neu drauf machen, vllt läufts jetzt.

hast du bereits mit dem ccleaner bereinigt?
war der systemstart die ganze zeit langsam seit die trojaner meldungen auftraten?

avira
Avira 10 Free Einrichtung - Paules-PC-Forum.de
avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
bitte auch unter verwaltung, planer, scan auftrag, darauf achten, das dieser über lokale laufwerke läuft! sonst werden die einstellungen nicht gültig.
den update auftrag auf 1x pro tag einstellen.
und "nachhohlen falls zeit überschritten" auswählen
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.


ich habe das genauso aufgestellt wie in das forum von Paules pc0

Kannst du bitte genauer sagen wo ich gehen muss auf avira ? verstehe das bzw finde es nicht :8

markusg 27.02.2011 11:25
was findest du nicht.
du öffnest avira, dann auf lokaler schutz und dann auf lokale laufwerke

xlexusx 27.02.2011 16:05
Hallo,

Ich habe avira geöffnet, dan auf lokale schutz und dan auf lokale laufwerk gescannt.


Bericht:


Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 27. Februar 2011 14:50

Es wird nach 2437318 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : eren
Computername : EREN-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.611 Bytes 14.01.2011 13:28:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10.01.2011 13:22:56
AVSCAN.DLL : 10.0.3.0 56168 Bytes 10.01.2011 13:23:14
LUKE.DLL : 10.0.3.2 104296 Bytes 10.01.2011 13:23:03
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:23:11
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 17:18:48
VBASE003.VDF : 7.11.3.1 2048 Bytes 09.02.2011 17:18:48
VBASE004.VDF : 7.11.3.2 2048 Bytes 09.02.2011 17:18:48
VBASE005.VDF : 7.11.3.3 2048 Bytes 09.02.2011 17:18:48
VBASE006.VDF : 7.11.3.4 2048 Bytes 09.02.2011 17:18:48
VBASE007.VDF : 7.11.3.5 2048 Bytes 09.02.2011 17:18:48
VBASE008.VDF : 7.11.3.6 2048 Bytes 09.02.2011 17:18:48
VBASE009.VDF : 7.11.3.7 2048 Bytes 09.02.2011 17:18:48
VBASE010.VDF : 7.11.3.8 2048 Bytes 09.02.2011 17:18:48
VBASE011.VDF : 7.11.3.9 2048 Bytes 09.02.2011 17:18:48
VBASE012.VDF : 7.11.3.10 2048 Bytes 09.02.2011 17:18:48
VBASE013.VDF : 7.11.3.59 157184 Bytes 14.02.2011 17:18:48
VBASE014.VDF : 7.11.3.97 120320 Bytes 16.02.2011 17:18:48
VBASE015.VDF : 7.11.3.148 128000 Bytes 19.02.2011 17:18:48
VBASE016.VDF : 7.11.3.183 140288 Bytes 22.02.2011 17:18:48
VBASE017.VDF : 7.11.3.216 124416 Bytes 24.02.2011 17:18:49
VBASE018.VDF : 7.11.3.217 2048 Bytes 24.02.2011 17:18:49
VBASE019.VDF : 7.11.3.218 2048 Bytes 24.02.2011 17:18:49
VBASE020.VDF : 7.11.3.219 2048 Bytes 24.02.2011 17:18:49
VBASE021.VDF : 7.11.3.220 2048 Bytes 24.02.2011 17:18:49
VBASE022.VDF : 7.11.3.221 2048 Bytes 24.02.2011 17:18:49
VBASE023.VDF : 7.11.3.222 2048 Bytes 24.02.2011 17:18:49
VBASE024.VDF : 7.11.3.223 2048 Bytes 24.02.2011 17:18:49
VBASE025.VDF : 7.11.3.224 2048 Bytes 24.02.2011 17:18:49
VBASE026.VDF : 7.11.3.225 2048 Bytes 24.02.2011 17:18:49
VBASE027.VDF : 7.11.3.226 2048 Bytes 24.02.2011 17:18:49
VBASE028.VDF : 7.11.3.227 2048 Bytes 24.02.2011 17:18:49
VBASE029.VDF : 7.11.3.228 2048 Bytes 24.02.2011 17:18:49
VBASE030.VDF : 7.11.3.229 2048 Bytes 24.02.2011 17:18:49
VBASE031.VDF : 7.11.3.240 62976 Bytes 25.02.2011 17:18:49
Engineversion : 8.2.4.176
AEVDF.DLL : 8.1.2.1 106868 Bytes 10.01.2011 13:22:51
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 26.02.2011 17:18:51
AESCN.DLL : 8.1.7.2 127349 Bytes 10.01.2011 13:22:49
AESBX.DLL : 8.1.3.2 254324 Bytes 10.01.2011 13:22:49
AERDL.DLL : 8.1.9.2 635252 Bytes 10.01.2011 13:22:49
AEPACK.DLL : 8.2.4.10 520567 Bytes 26.02.2011 17:18:51
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 26.02.2011 17:18:50
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 26.02.2011 17:18:50
AEHELP.DLL : 8.1.16.1 246134 Bytes 26.02.2011 17:18:49
AEGEN.DLL : 8.1.5.2 397683 Bytes 26.02.2011 17:18:49
AEEMU.DLL : 8.1.3.0 393589 Bytes 10.01.2011 13:22:42
AECORE.DLL : 8.1.19.2 196983 Bytes 26.02.2011 17:18:49
AEBB.DLL : 8.1.1.0 53618 Bytes 10.01.2011 13:22:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.01.2011 13:22:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 10.01.2011 13:22:55
AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 13:26:53
AVREG.DLL : 10.0.3.2 53096 Bytes 10.01.2011 13:22:55
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10.01.2011 13:22:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 10.01.2011 13:22:51
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10.01.2011 13:22:54
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.01.2011 13:22:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 10.01.2011 13:23:15

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, Q:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 10
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 27. Februar 2011 14:50

Der Suchlauf nach versteckten Objekten wird begonnen.
c:\program files\acer\acer epower management\setapm.exe
c:\program files\acer\acer epower management\setapm.exe
[HINWEIS] Der Prozess ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'wlcomm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'msnmsgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeVirt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '360' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\Users\eren\Downloads\Steuer.Spar.Erklaerung.2011.German-RESTORE.7z.001.part
[WARNUNG] Die Datei konnte nicht gelesen werden!
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.


Ende des Suchlaufs: Sonntag, 27. Februar 2011 15:38
Benötigte Zeit: 48:23 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

20259 Verzeichnisse wurden überprüft
361021 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
361021 Dateien ohne Befall
5309 Archive wurden durchsucht
1 Warnungen
0 Hinweise
82634 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden

markusg 27.02.2011 16:09
sieht gut aus :-)
meldungen des guard gabs nicht mehr nehme ich an?
meldung mit dem profil ist auch geschichte?

xlexusx 27.02.2011 17:01
es gibt kein Meldung mehr ja danke schön.

meldung mit deem profil kommt auch nicht mehr alles super !


Trojaner Board 1a Super



http://www.pfiffige-geschenkideen.de...4Y_eigen_3.png

cosinus 28.02.2011 16:53
Zitat:
C:\Users\eren\Downloads\Steuer.Spar.Erklaerung.2011.German-RESTORE.7z.001.part
kurz einmisch:Was ist eigentlich das?

xlexusx 01.03.2011 22:58
Ops das ist eigentlich Müll,

Gehört ins Papierkorb danke für hinweis ich lösch es mal.


Ein Programm, wo man ein Steuererklärung elektronisch erstellt waruM ?

xlexusx 01.03.2011 23:24
Zitat:
Zitat von xlexusx (Beitrag 624761)
Download Java SE Runtime Environment 6u24 for Windows x64, Multi-language

Download Information and Files

diese Java hab ich runtergeladen das müsste die richtige sein oder ?

diese kleine spiele von obera sind mit auf acer draufinstalliert und so gekommen so ein Müll braucht wirklich kein mensch.

Öhm du hast ja das geschrieben
Spybot kann man getrost drauf verzichten, nur 1x updates pro woche, ist nicht nützlich
TeamSpeak
Windows Live
beide.
bereinige jetzt mit dem ccleaner.
Also Spybot deinstallieren gelle ? Teamspeak genauso und windows live

aber windows live brauchen wir ja das ist das Msn.



Hey markusg,


Ich habe gemerkt das ich bei einige seiten das Java brauche :(

weiß nicht wieso ich es deinstallieren sollte und ein anderes installieren aufjedenfall mit diese version was du mir angeboten hast kan ich nicht auf alle seiten das Java Verwenden.

markusg 02.03.2011 11:46
das ist das selbe java was du vorher auch hattest. wenn du java (jre) instaliert hast.
ist nur ein update.
welches problem gibts

xlexusx 02.03.2011 22:51
Zitat:
Zitat von markusg (Beitrag 626051)
das ist das selbe java was du vorher auch hattest. wenn du java (jre) instaliert hast.
ist nur ein update.
welches problem gibts

Ähm Benutzte zu zeit neulich ein Programm wo ich Elektronisch Steuersparerklärung erstelle.

Da wen ich auf einige infos draufklicke steht
"Die von Ihnen aufgerufene Aktion kann nicht ausgeführt werden, weil in Ihrem Browser nicht die benötigte Java-Version installiert ist. Bitte installieren Sie sich die Java Runtime Umgebung JRE 1.6.0_10 oder höher und versuchen Sie es erneut.

Die benötigte Software kann hier beim Hersteller herunter geladen werden.

weiter"


Dieses meldung kommt und auf ein Chattseite das Kan ich nicht öffnen sagt mir genauso mit java

Der Unterschied zwischen mein allten und diesen java ist ?

cosinus 02.03.2011 22:54
Zitat:
Ähm Benutzte zu zeit neulich ein Programm wo ich Elektronisch Steuersparerklärung erstelle.
Nicht rein zufällig das, was du aus einer dubiosen Quelle hast? :pfeiff:

Zitat:
C:\Users\eren\Downloads\Steuer.Spar.Erklaerung.2011.German-RESTORE.7z.001.part

xlexusx 03.03.2011 08:35
*hust*

Das ist eigentlich müll weil ich dieses nicht benutzt habe ein anderes daswegen.

was machen wir den eigentlich mit Java :)

markusg 03.03.2011 11:21
woher hast du deine steuererklärungs software?

xlexusx 03.03.2011 12:29
Zitat:
Zitat von markusg (Beitrag 626369)
woher hast du deine steuererklärungs software?

Willst du mein frage nicht beantworten ?

cosinus 03.03.2011 12:32
Zitat:
Zitat von xlexusx (Beitrag 626399)
Willst du mein frage nicht beantworten ?
Warum weichst du unseren Fragen aus oder ist das Absicht, um davon abzulenken, dass man illegal Software nutzt? :rolleyes:

Du hast ein Problem mit der Steuersoftware und die erste Frage, die sich stellt, ist die Quelle, aus der du es hast. Und ganz offensichtlich stammt es aus irgendeiner Untergrundseite oder aus einer Tauschbörse. :balla:

markusg 03.03.2011 12:36
eigendlich wolltest du doch eben meine frage nicht beantworten.
aber diese reaktionen seit dieses thema angesprochen wurde sprechen bände.
illegal erworbene software wird hier nicht unterstützt und wenn mir das früher aufgefallen währe, wäre der suport schon wesendlich früher zu ende gewesen.
danke übrigens @cosinus für diesen hinweis.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131