|
TR/Crypt.XPACK.Gen3 Moin Moin.... Habe auch ein Problem mit "TR/Crypt.XPACK.Gen3" mein Avira zeigt mir an das auch ich mir was eingefangen habe. Kenn mich nicht so aus, aber habe mir mal die Zeit genommen und bisschen im Forum gelesen und gemerkt, hier bist du richtig :) Ich habe schon das Malwarebytes Prog. und OLT Sys. Scan durchgeführt... man ich habe Kopfschmerzen :crazy: Hier die Meldung von Avira: Die Datei 'C:\Users\Kay\AppData\Local\Temp\jkkheb.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48a8011d.qua' verschoben! Hier die OLT Files: OTL Extras logfile created on: 11.03.2011 23:45:51 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kay\Videos Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 109,19 Gb Total Space | 39,69 Gb Free Space | 36,35% Space Free | Partition Type: NTFS Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1283713252-3167488077-3547314567-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr "C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption "C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr "C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0997051B-6242-4D29-8087-5DE5D075D267}" = rport=138 | protocol=17 | dir=out | app=system | "{1F7B12D1-2CEB-4DC2-931D-A3E7F969BF48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{281568E5-2B01-4292-9E90-6ABE1DA3008A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2936B9F2-6421-45C4-A2CC-423CA8420590}" = lport=137 | protocol=17 | dir=in | app=system | "{33772836-517D-4C04-A1D9-81C6D773F48F}" = rport=445 | protocol=6 | dir=out | app=system | "{579C7702-C5DD-4454-A537-1487F4A4AD75}" = rport=139 | protocol=6 | dir=out | app=system | "{674606E0-CF3B-4DFD-A5AC-FA49588B3A37}" = lport=138 | protocol=17 | dir=in | app=system | "{6E27FB57-4D8E-4B6A-BEB8-BAAFA428F0C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7497BCA1-589A-438C-AD93-1726D6CFC71D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7CD0DB40-B06A-427F-9E77-CD0E5A052D3A}" = lport=2869 | protocol=6 | dir=in | app=system | "{7FAA178D-98F8-4910-8B86-8B92368C78DD}" = rport=10243 | protocol=6 | dir=out | app=system | "{80943857-A802-4F43-9A43-CFCF35C9621E}" = lport=139 | protocol=6 | dir=in | app=system | "{828057CE-05FE-42DE-99B1-A96A879BC26A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8E23D99D-25F3-4C45-8D82-F1B60B95CC73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{962676DB-4B5D-4BAF-844F-90C254A79203}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9D75D204-0005-41E5-B9E1-DA18EBC382D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B5601ACB-7977-4DFE-8695-DE1911492995}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C32ECFAE-0DD2-4A0C-A69D-A27DE246CC42}" = lport=10243 | protocol=6 | dir=in | app=system | "{C91111C3-92BD-4F84-B5E6-0544C8692E18}" = lport=2869 | protocol=6 | dir=in | app=system | "{CF8B5008-0900-4406-905B-B5C8BB9F82E6}" = lport=445 | protocol=6 | dir=in | app=system | "{F718E3FC-4D29-438E-B26E-2322440440E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F7E598CD-6538-4EA2-85F9-45D48F7562F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FEDAE504-4D07-42E6-88FB-CE7581B42F99}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04EE51B8-A735-4E6E-9F4D-B139B342B798}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{072723F4-9127-4452-8360-4BFEFF2DFF33}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{116A830A-D020-4D63-B666-D1E564510058}" = protocol=6 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe | "{128D4230-8DC2-4758-8D6C-E85215EC84B6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{20098CB2-6EC4-4B2E-B1D6-296FE7D83060}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{2AAB555C-9A68-4E69-AEC2-A96E2BB60D0F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{3014177A-3449-47A0-BCCF-0D0592514ECF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{34DF5A76-F01E-4F0A-B29D-894DFF8A1A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{37D1BFB5-86B2-4CBB-9919-BFC568051CF8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{3DC450DA-B9FA-4764-B2EA-F55A95223A0E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{3E14BB6E-3682-417F-84BF-E806DB3E1A44}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{3FA88C91-F072-4FBC-B5EC-3B2DBD1FA7AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{3FCB5AE7-09D0-4A8F-9E10-538F1E57BBAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4146681E-11E0-4177-8212-2D73E4A60A1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4491238A-3850-4FE0-8AB5-A098B19D43F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{48837EC7-9128-417D-8130-D15FF6B97C40}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{56AB5851-47F2-4EAD-9B8B-F92A975109D7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{5708650B-93B2-4EBB-A746-A511646E7818}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5A1B7D1F-95AD-46CD-AF7F-62399525E4CF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{5B9F157B-FE41-420C-ACC4-80D0CA7EDAA8}" = dir=in | app=c:\program files\itunes\itunes.exe | "{5DD128C5-72CB-4214-BDAC-4A7569D0CBC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5EAAF6FC-E1A4-4CBD-82F6-E2BEE7ED9B64}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5F0D5E1E-CD2C-4FFF-AFFA-9A6E4AE20260}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6F1D632C-C842-4BCC-98DC-7B3BB698DFA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{82DAD9D6-4EBA-473E-8A68-BE7E19E0ED09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8AC253EF-2477-4127-B1E0-E91FB3B29919}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8B63EF71-4AC9-4DC5-87DC-0FE02FC11B43}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | "{8BDD2911-7D6C-4B6E-A0B3-605AA6A12CCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9C506EF2-2387-43E4-B91C-4D614776CF9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9CBAF7FB-23BD-40E4-BF66-D4A94726DEA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9FCC3E62-7102-4CCA-A40B-A8A6FAC5C9E6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{A19FFC8F-3498-4565-BB75-7848280F52E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | "{A8A13160-70AE-446D-ACC9-500865B17514}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | "{AA018E60-B4E0-4056-A4CA-C0A2A7D7A8D0}" = protocol=17 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe | "{B2129303-F439-43B7-A898-1DB92BFE13B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | "{C1537E89-F7BA-48BB-99AD-86A97C178555}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{C308FE1E-F736-4D68-828C-47ADF5D2EC10}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{C542A1B6-70ED-4EF4-8FC2-8EC1083083C6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{CC01D276-ABE9-4B32-A963-F2A809A4EBCB}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{CF8DFE59-ED84-4915-B625-A303B7DAFF8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D2F57522-ABB8-4CCD-92B4-9991D47ED470}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D634A6D0-087F-4BD0-A3C4-151AF8C01FCD}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | "{DBA9BC6D-4637-4393-8DE1-BD9CDA217E72}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{E0DCBF8A-8EE2-4454-949E-B9B8F5A955D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E2319906-F246-4CEE-966E-B00F6046F30C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | "{E2C30BB0-AF80-4AF1-A36F-717AB2FAE6E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E2D217DF-0F16-4ABC-935D-38611FDF23BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E3217537-631B-4280-80C0-678DBE62A61F}" = protocol=6 | dir=out | app=system | "{FB7D267C-705E-4419-AC69-CAFCA109CFAF}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | "{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{4CCBEF83-A1BE-4B0E-AF1D-A77F065F3140}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{ED032D03-25AD-452A-A4FE-CC62129AEA71}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{235E349C-74FB-488D-933A-35311ACEAC81}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{BD7EDC30-EFBA-4D8B-8988-EB8E3E8E07C3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3 "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9509674F-3972-11DE-806D-005056806466}" = Google Earth "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "DivX Setup.divx.com" = DivX-Setup "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McDonald's Fairies " = McDonald's Fairies "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "NVIDIA Drivers" = NVIDIA Drivers "PokerStars" = PokerStars "PunkBusterSvc" = PunkBuster Services "ratDVD" = ratDVD 0.78.1444 "RealPlayer 6.0" = RealPlayer "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TVUPlayer" = TVUPlayer 2.4.7.2 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.1 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:54:54 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:57:32 | Computer Name = Kay-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 11.03.2011 16:57:33 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 57908 Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 57908 Error - 11.03.2011 18:36:57 | Computer Name = Kay-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 11.03.2011 09:33:54 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 09:33:59 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 09:34:18 | Computer Name = Kay-PC | Source = bowser | ID = 8003 Description = Error - 11.03.2011 16:33:12 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 16:33:22 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 16:33:39 | Computer Name = Kay-PC | Source = bowser | ID = 8003 Description = Error - 11.03.2011 16:57:36 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 16:57:37 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 18:37:01 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > __________ OTL logfile created on: 11.03.2011 23:45:50 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kay\Videos Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 109,19 Gb Total Space | 39,69 Gb Free Space | 36,35% Space Free | Partition Type: NTFS Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kay\Videos\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()OTL Extras logfile created on: 11.03.2011 23:45:51 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kay\Videos Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 109,19 Gb Total Space | 39,69 Gb Free Space | 36,35% Space Free | Partition Type: NTFS Drive D: | 105,69 Gb Total Space | 39,33 Gb Free Space | 37,21% Space Free | Partition Type: NTFS Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1283713252-3167488077-3547314567-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr "C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.) "C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption "C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption "C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr "C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0997051B-6242-4D29-8087-5DE5D075D267}" = rport=138 | protocol=17 | dir=out | app=system | "{1F7B12D1-2CEB-4DC2-931D-A3E7F969BF48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{281568E5-2B01-4292-9E90-6ABE1DA3008A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2936B9F2-6421-45C4-A2CC-423CA8420590}" = lport=137 | protocol=17 | dir=in | app=system | "{33772836-517D-4C04-A1D9-81C6D773F48F}" = rport=445 | protocol=6 | dir=out | app=system | "{579C7702-C5DD-4454-A537-1487F4A4AD75}" = rport=139 | protocol=6 | dir=out | app=system | "{674606E0-CF3B-4DFD-A5AC-FA49588B3A37}" = lport=138 | protocol=17 | dir=in | app=system | "{6E27FB57-4D8E-4B6A-BEB8-BAAFA428F0C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{7497BCA1-589A-438C-AD93-1726D6CFC71D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7CD0DB40-B06A-427F-9E77-CD0E5A052D3A}" = lport=2869 | protocol=6 | dir=in | app=system | "{7FAA178D-98F8-4910-8B86-8B92368C78DD}" = rport=10243 | protocol=6 | dir=out | app=system | "{80943857-A802-4F43-9A43-CFCF35C9621E}" = lport=139 | protocol=6 | dir=in | app=system | "{828057CE-05FE-42DE-99B1-A96A879BC26A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8E23D99D-25F3-4C45-8D82-F1B60B95CC73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{962676DB-4B5D-4BAF-844F-90C254A79203}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9D75D204-0005-41E5-B9E1-DA18EBC382D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B5601ACB-7977-4DFE-8695-DE1911492995}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C32ECFAE-0DD2-4A0C-A69D-A27DE246CC42}" = lport=10243 | protocol=6 | dir=in | app=system | "{C91111C3-92BD-4F84-B5E6-0544C8692E18}" = lport=2869 | protocol=6 | dir=in | app=system | "{CF8B5008-0900-4406-905B-B5C8BB9F82E6}" = lport=445 | protocol=6 | dir=in | app=system | "{F718E3FC-4D29-438E-B26E-2322440440E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F7E598CD-6538-4EA2-85F9-45D48F7562F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FEDAE504-4D07-42E6-88FB-CE7581B42F99}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04EE51B8-A735-4E6E-9F4D-B139B342B798}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{072723F4-9127-4452-8360-4BFEFF2DFF33}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{116A830A-D020-4D63-B666-D1E564510058}" = protocol=6 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe | "{128D4230-8DC2-4758-8D6C-E85215EC84B6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{20098CB2-6EC4-4B2E-B1D6-296FE7D83060}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{2AAB555C-9A68-4E69-AEC2-A96E2BB60D0F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{3014177A-3449-47A0-BCCF-0D0592514ECF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{34DF5A76-F01E-4F0A-B29D-894DFF8A1A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{37D1BFB5-86B2-4CBB-9919-BFC568051CF8}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{3DC450DA-B9FA-4764-B2EA-F55A95223A0E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{3E14BB6E-3682-417F-84BF-E806DB3E1A44}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{3FA88C91-F072-4FBC-B5EC-3B2DBD1FA7AE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{3FCB5AE7-09D0-4A8F-9E10-538F1E57BBAD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4146681E-11E0-4177-8212-2D73E4A60A1A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4491238A-3850-4FE0-8AB5-A098B19D43F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{48837EC7-9128-417D-8130-D15FF6B97C40}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{56AB5851-47F2-4EAD-9B8B-F92A975109D7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{5708650B-93B2-4EBB-A746-A511646E7818}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5A1B7D1F-95AD-46CD-AF7F-62399525E4CF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{5B9F157B-FE41-420C-ACC4-80D0CA7EDAA8}" = dir=in | app=c:\program files\itunes\itunes.exe | "{5DD128C5-72CB-4214-BDAC-4A7569D0CBC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5EAAF6FC-E1A4-4CBD-82F6-E2BEE7ED9B64}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5F0D5E1E-CD2C-4FFF-AFFA-9A6E4AE20260}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6F1D632C-C842-4BCC-98DC-7B3BB698DFA1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{82DAD9D6-4EBA-473E-8A68-BE7E19E0ED09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8AC253EF-2477-4127-B1E0-E91FB3B29919}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8B63EF71-4AC9-4DC5-87DC-0FE02FC11B43}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | "{8BDD2911-7D6C-4B6E-A0B3-605AA6A12CCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9C506EF2-2387-43E4-B91C-4D614776CF9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9CBAF7FB-23BD-40E4-BF66-D4A94726DEA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9FCC3E62-7102-4CCA-A40B-A8A6FAC5C9E6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{A19FFC8F-3498-4565-BB75-7848280F52E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | "{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | "{A8A13160-70AE-446D-ACC9-500865B17514}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | "{AA018E60-B4E0-4056-A4CA-C0A2A7D7A8D0}" = protocol=17 | dir=in | app=c:\users\kay\videos\sweetimsetup.exe | "{B2129303-F439-43B7-A898-1DB92BFE13B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | "{C1537E89-F7BA-48BB-99AD-86A97C178555}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{C308FE1E-F736-4D68-828C-47ADF5D2EC10}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{C542A1B6-70ED-4EF4-8FC2-8EC1083083C6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | "{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{CC01D276-ABE9-4B32-A963-F2A809A4EBCB}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{CF8DFE59-ED84-4915-B625-A303B7DAFF8C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D2F57522-ABB8-4CCD-92B4-9991D47ED470}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D634A6D0-087F-4BD0-A3C4-151AF8C01FCD}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | "{DBA9BC6D-4637-4393-8DE1-BD9CDA217E72}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | "{E0DCBF8A-8EE2-4454-949E-B9B8F5A955D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E2319906-F246-4CEE-966E-B00F6046F30C}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | "{E2C30BB0-AF80-4AF1-A36F-717AB2FAE6E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E2D217DF-0F16-4ABC-935D-38611FDF23BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E3217537-631B-4280-80C0-678DBE62A61F}" = protocol=6 | dir=out | app=system | "{FB7D267C-705E-4419-AC69-CAFCA109CFAF}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | "{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{4CCBEF83-A1BE-4B0E-AF1D-A77F065F3140}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{ED032D03-25AD-452A-A4FE-CC62129AEA71}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{235E349C-74FB-488D-933A-35311ACEAC81}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{BD7EDC30-EFBA-4D8B-8988-EB8E3E8E07C3}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3 "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9509674F-3972-11DE-806D-005056806466}" = Google Earth "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "DivX Setup.divx.com" = DivX-Setup "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McDonald's Fairies " = McDonald's Fairies "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "NVIDIA Drivers" = NVIDIA Drivers "PokerStars" = PokerStars "PunkBusterSvc" = PunkBuster Services "ratDVD" = ratDVD 0.78.1444 "RealPlayer 6.0" = RealPlayer "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TVUPlayer" = TVUPlayer 2.4.7.2 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.1 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:54:45 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:54:54 | Computer Name = Kay-PC | Source = VSS | ID = 12289 Description = Error - 11.03.2011 16:57:32 | Computer Name = Kay-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 11.03.2011 16:57:33 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 57908 Error - 11.03.2011 17:42:55 | Computer Name = Kay-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 57908 Error - 11.03.2011 18:36:57 | Computer Name = Kay-PC | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 11.03.2011 09:33:54 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 09:33:59 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 09:34:18 | Computer Name = Kay-PC | Source = bowser | ID = 8003 Description = Error - 11.03.2011 16:33:12 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 16:33:22 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 16:33:39 | Computer Name = Kay-PC | Source = bowser | ID = 8003 Description = Error - 11.03.2011 16:57:36 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 16:57:37 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = Error - 11.03.2011 18:36:58 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.03.2011 18:37:01 | Computer Name = Kay-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Users\Kay\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Users\Kay\Videos\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.31 19:14:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.03 22:47:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.03 22:47:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.05 20:37:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 20:37:42 | 000,000,000 | ---D | M] [2009.04.17 13:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Extensions [2011.03.11 22:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions [2010.04.27 15:03:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.09 13:51:05 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\l5b0inze.default\extensions\firefox@tvunetworks.com [2011.03.11 14:51:06 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-1.xml [2009.08.23 11:07:50 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-2.xml [2009.09.14 16:50:20 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-3.xml [2009.10.29 21:22:50 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-4.xml [2010.02.04 09:42:20 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin-5.xml [2009.08.02 19:04:29 | 000,000,950 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\l5b0inze.default\searchplugins\icqplugin.xml [2011.03.05 22:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.06.27 23:45:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.14 15:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.31 21:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.29 05:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 12:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.05 22:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.03 22:47:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.02.03 22:47:51 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2009.10.20 14:13:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.12.14 08:59:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.05 00:39:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.06.14 15:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.31 21:19:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.29 05:24:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 12:33:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.05 22:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll [2010.10.09 12:30:50 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.09 12:30:50 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.06 19:15:49 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src [2010.10.09 12:30:50 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.09 12:30:50 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.09 12:30:50 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell - "" = AutoRun O33 - MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun O33 - MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell - "" = AutoRun O33 - MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell - "" = AutoRun O33 - MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell - "" = AutoRun O33 - MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun O33 - MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun O33 - MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell - "" = AutoRun O33 - MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell - "" = AutoRun O33 - MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell - "" = AutoRun O33 - MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell - "" = AutoRun O33 - MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell - "" = AutoRun O33 - MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.11 23:11:54 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Malwarebytes [2011.03.11 23:11:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.11 23:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.11 23:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.11 23:11:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.11 23:11:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.10 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\vlc [2011.03.10 21:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.03.09 14:51:47 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 14:51:47 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 14:51:47 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 14:51:47 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.05 22:05:34 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.03.05 22:04:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.03.05 22:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.03.05 22:04:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.03.05 21:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.03.05 21:33:17 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.03.05 21:33:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.03.05 21:28:44 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.02.27 13:13:08 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Musik neu [2011.02.24 06:32:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.24 06:29:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.24 06:29:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.24 06:29:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.24 06:29:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.24 06:28:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.24 06:28:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.24 06:28:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.24 06:28:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.24 06:28:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.24 06:28:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.24 06:28:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.24 06:28:41 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.02.24 06:28:41 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.24 06:28:41 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.02.24 06:28:40 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.24 06:28:40 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.18 16:36:58 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll [2011.02.16 20:50:14 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Musik [2011.02.15 06:34:37 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\party [2009.07.02 09:33:10 | 401,192,504 | ---- | C] (Nero AG) -- C:\Users\Kay\AppData\Roaming\Nero-9.4.13.2b_trial.exe [2009.04.17 12:57:06 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2009.04.17 12:54:52 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.04.17 12:54:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2008.03.25 21:59:55 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [1 C:\Users\Kay\Desktop\*.tmp files -> C:\Users\Kay\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.11 23:37:22 | 000,084,091 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\nvModes.001 [2011.03.11 23:36:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.11 23:36:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.11 23:36:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.11 23:36:34 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2011.03.11 23:34:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.11 23:33:41 | 000,002,631 | ---- | M] () -- C:\Users\Kay\Desktop\Microsoft Office Word 2007.lnk [2011.03.11 23:11:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.11 22:55:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000UA.job [2011.03.11 06:56:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.11 06:56:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.11 06:56:45 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.11 06:56:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.10 21:01:59 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.03.06 17:12:53 | 000,028,672 | ---- | M] () -- C:\Windows\System32\msxml6rd.dll [2011.03.05 21:34:14 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.03.04 18:55:02 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1283713252-3167488077-3547314567-1000Core.job [2011.02.22 00:41:08 | 000,007,592 | ---- | M] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat [2011.02.20 18:20:42 | 000,137,216 | ---- | M] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.18 16:36:58 | 004,184,352 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll [2011.02.10 07:20:32 | 000,313,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\Kay\Desktop\*.tmp files -> C:\Users\Kay\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.11 23:11:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.10 21:01:59 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.03.06 17:12:53 | 000,028,672 | ---- | C] () -- C:\Windows\System32\msxml6rd.dll [2011.03.05 21:34:14 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.02.24 06:28:44 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.24 06:28:44 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.02.24 06:28:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2010.09.03 18:55:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.07.12 07:18:42 | 000,185,496 | ---- | C] () -- C:\Windows\hpoins29.dat.temp [2010.07.12 07:18:42 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat.temp [2010.07.11 12:15:03 | 000,185,117 | ---- | C] () -- C:\Windows\hpoins29.dat [2010.07.11 12:15:03 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat [2009.08.23 10:56:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.23 10:56:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 00:19:19 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.08.03 00:19:19 | 000,022,328 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\PnkBstrK.sys [2009.08.03 00:19:05 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.08.03 00:19:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.08.03 00:19:03 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2009.06.27 23:28:59 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.06.08 15:07:58 | 000,007,592 | ---- | C] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat [2009.06.01 12:13:31 | 000,000,334 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\wklnhst.dat [2009.05.22 22:12:12 | 000,031,007 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\UserTile.png [2009.04.23 07:22:20 | 000,000,376 | ---- | C] () -- C:\Windows\mozregistry.dat [2009.04.18 09:26:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.04.17 14:20:57 | 000,137,216 | ---- | C] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.17 14:16:28 | 000,084,091 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\nvModes.001 [2009.04.17 14:16:26 | 000,084,091 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\nvModes.dat [2009.04.17 13:43:55 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2009.04.17 12:57:06 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2009.04.15 19:56:39 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2009.04.15 19:56:10 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2009.04.15 11:01:25 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2009.04.15 11:01:25 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2008.03.26 00:32:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.03.25 22:00:11 | 000,000,144 | ---- | C] () -- C:\Windows\Alaunch.ini [2008.03.25 21:59:55 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.03.25 21:59:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.03.25 15:21:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.25 15:20:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,313,960 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.06.18 20:42:03 | 000,000,000 | -HSD | M] -- C:\Users\Kay\AppData\Roaming\.# [2009.04.17 14:27:34 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Acer [2008.03.25 14:54:34 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Acer GameZone Console [2010.08.31 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Bytemobile [2009.04.21 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\FloodLightGames [2009.05.12 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Gaijin Ent [2011.01.29 14:36:36 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Gutscheinmieze [2011.03.10 23:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\ICQ [2009.04.20 11:54:59 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\iWin [2011.01.29 10:58:16 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Local [2009.10.20 14:17:01 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\OpenOffice.org [2009.06.01 12:14:08 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Template [2009.08.27 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Vodafone [2010.08.31 21:16:38 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Vodafone Mobile Connect [2011.03.11 23:34:56 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:131C0EE9 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7 < End of report > Ich hoffe mir kann jemand helfen ich habe überhaupt kein Plan was das alles zu bedeuten hat :( können wohl nur Cracks.. Gruß Kay danke im voraus... |
Hi, 1. Bitte alle Logs von malwarebytes posten 2. Das andere Log von OTL nachreichen, du hast nur die Extras gepostet. |
Moin cosinus... Ich finde das ja richtig klasse das ich so schnell eine Antwort bekomme... :daumenhoc Zu 1. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6027 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 11.03.2011 23:33:01 mbam-log-2011-03-11 (23-33-01).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 173068 Laufzeit: 7 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pmllllaudio (Trojan.Agent) -> Value: pmllllaudio -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssromnsys (Trojan.Agent) -> Value: ssromnsys -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Kay\AppData\Local\Temp\jkkheb.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. Zu 2.OTL Logfile: Code: OTL logfile created on: 13.03.2011 14:11:32 - Run 2OTL Logfile: Code: OTL Extras logfile created on: 13.03.2011 14:11:32 - Run 2Ich hoffe du kannst mir da weiter helfen....... Gruß Kay |
Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! |
Hey Arne... hier der Vollscan Bericht... Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6042 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 13.03.2011 17:53:05 mbam-log-2011-03-13 (17-53-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 327169 Laufzeit: 1 Stunde(n), 14 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Frage: Heißt das ich habe keine Infizierten Objekte und alles ist gut bei mir? Gruß Kay |
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes. |
Hey Arne... hier der Vollscan Bericht... Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6042 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 13.03.2011 17:53:05 mbam-log-2011-03-13 (17-53-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 327169 Laufzeit: 1 Stunde(n), 14 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Frage: Heißt das ich habe keine Infizierten Objekte und alles ist gut bei mir? Gruß Kay |
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. |
Moin Arne... alles wie beschrieben geklappt... Hier das File... All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e1f2c44-e8e5-11de-8bc6-fb471398445b}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05a7-92fb-11de-b886-b09e95df4a82}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d0a05ac-92fb-11de-b886-b09e95df4a82}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b8e7367-bb29-11df-bbb8-001e101f63cf}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878e8805-4af7-11de-a086-001b24d1914f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{878e8805-4af7-11de-a086-001b24d1914f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878e8805-4af7-11de-a086-001b24d1914f}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd66-b538-11df-bc3f-d1e3a81f888c}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd80-b538-11df-bc3f-d1e3a81f888c}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9102dd90-b538-11df-bc3f-d1e3a81f888c}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949371c7-05cd-11e0-9b72-ce5de7f8a387}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53da-b535-11df-b337-d3afdcb68ad0}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53db-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53db-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53db-b535-11df-b337-be93d59fd303}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e6-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e6-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e6-b535-11df-b337-be93d59fd303}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e7-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0cf53e7-b535-11df-b337-be93d59fd303}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0cf53e7-b535-11df-b337-be93d59fd303}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bdd18867-f71a-11df-ae4d-001e101f8924}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdd18867-f71a-11df-ae4d-001e101f8924}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bdd18867-f71a-11df-ae4d-001e101f8924}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9755bac-cfbd-11df-941b-001e101f2500}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9755bac-cfbd-11df-941b-001e101f2500}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9755bac-cfbd-11df-941b-001e101f2500}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf529b9f-4150-11de-8649-ff49163a8588}\ not found. File .\recycled\info.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf529b9f-4150-11de-8649-ff49163a8588}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf529b9f-4150-11de-8649-ff49163a8588}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0f11cac-0ab9-11e0-ba0d-806e6f6e6963}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found. File G:\setup_vmc_lite.exe /checkApplicationPresence not found. C:\Windows\System32\msxml6rd.dll moved successfully. C:\Users\Kay\AppData\Roaming\.# folder moved successfully. ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully. ADS C:\ProgramData\TEMP:8173A019 deleted successfully. ADS C:\ProgramData\TEMP:9F683177 deleted successfully. ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully. ADS C:\ProgramData\TEMP:131C0EE9 deleted successfully. ADS C:\ProgramData\TEMP:FC420CE6 deleted successfully. ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully. ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully. ADS C:\ProgramData\TEMP:793F316E deleted successfully. ADS C:\ProgramData\TEMP:4F636E25 deleted successfully. ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes User: Journal User: Kay ->Temp folder emptied: 5693458152 bytes ->Java cache emptied: 58219663 bytes ->FireFox cache emptied: 70657779 bytes ->Google Chrome cache emptied: 8331582 bytes ->Apple Safari cache emptied: 3681280 bytes ->Flash cache emptied: 189538 bytes User: Public User: RegBack User: systemprofile User: TxR %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 36184601 bytes RecycleBin emptied: 230069 bytes Total Files Cleaned = 5.599,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03142011_140320 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ich hoffe das ist was du meinst... Gruß Kay |
ist jetzt noch was zu tun??? |
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
http://saved.im/mtm0nzyzmzd5/cofi.jpg
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! |
Hallo Cosinus also das Problem ist bis jetzt nicht wieder aufgetreten... habe nochmal eine Prüfung gemacht und jetzt sagt mir Avira..."keine Funde" hmmm... ich glaube das problem hat sich beim Fixen mit Malwarebytes geklärt.... ich danke dir aber trotzdem für deine Hilfe..super das es alles so schnell ging... kann ich nur weiter empfehlen :daumenhoc:daumenhoc:daumenhoc:daumenhoc >Gruß kay |
Bitte führe CF aus!! |
hey Cosinus.. hier der Text von CF: Combofix Logfile: Code: ComboFix 11-03-17.02 - Kay 18.03.2011 14:45:15.1.2 - x86kein plan was du damit machst...aber ich frage auch gar nicht mehr :crazy: Gruß kay |
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html |
hmm keine datei bekommen... habe ich was falsch gemacht? habe den scan ausgeführt (not found) |
Normen TDSS Cleaner sagt auch nichts... ich meiner Scan areas steht nichts... gruß kay:confused::confused::confused: |
Wenn nichts gefunden wurde ist das ok. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
|
hey... hier der Bericht von GMER: GMER Logfile: Code: GMER 1.0.15.15530 - hxxp://www.gmer.net |
hier OSAM log file: OSAM Logfile: Code: Report of OSAM: Autorun Manager v5.0.11926.0If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
omg mir raucht der Kopf...:wtf: ich hoffe ich mach alles richtig.... Gruß kay |
MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Acer, Inc. BIOS Manufacturer: Acer System Manufacturer: Acer, inc. System Product Name: Aspire 5920G Logical Drives Mask: 0x0000002c Kernel Drivers (total 170): 0x82650000 \SystemRoot\system32\ntkrnlpa.exe 0x8261D000 \SystemRoot\system32\hal.dll 0x80607000 \SystemRoot\system32\kdcom.dll 0x8060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8067E000 \SystemRoot\system32\PSHED.dll 0x8068F000 \SystemRoot\system32\BOOTVID.dll 0x80697000 \SystemRoot\system32\CLFS.SYS 0x806D8000 \SystemRoot\system32\CI.dll 0x8840A000 \SystemRoot\system32\drivers\Wdf01000.sys 0x88486000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x88493000 \SystemRoot\system32\drivers\acpi.sys 0x884D9000 \SystemRoot\system32\drivers\WMILIB.SYS 0x884E2000 \SystemRoot\system32\drivers\msisadrv.sys 0x884EA000 \SystemRoot\system32\drivers\pci.sys 0x88511000 \SystemRoot\System32\drivers\partmgr.sys 0x88520000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x88523000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8852D000 \SystemRoot\system32\drivers\volmgr.sys 0x8853C000 \SystemRoot\System32\drivers\volmgrx.sys 0x88586000 \SystemRoot\system32\drivers\intelide.sys 0x8858D000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8859B000 \SystemRoot\System32\drivers\mountmgr.sys 0x8860D000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x886D5000 \SystemRoot\system32\drivers\atapi.sys 0x886DD000 \SystemRoot\system32\drivers\ataport.SYS 0x886FB000 \SystemRoot\system32\drivers\fltmgr.sys 0x8872D000 \SystemRoot\system32\drivers\fileinfo.sys 0x8873D000 \SystemRoot\system32\DRIVERS\psdfilter.sys 0x88746000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8880F000 \SystemRoot\system32\drivers\ndis.sys 0x8891A000 \SystemRoot\system32\drivers\msrpc.sys 0x88945000 \SystemRoot\system32\drivers\NETIO.SYS 0x88A02000 \SystemRoot\System32\drivers\tcpip.sys 0x88AEC000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x88C0E000 \SystemRoot\System32\Drivers\Ntfs.sys 0x88D1E000 \SystemRoot\system32\drivers\volsnap.sys 0x88D57000 \SystemRoot\System32\Drivers\spldr.sys 0x88D5F000 \SystemRoot\System32\Drivers\mup.sys 0x88D6E000 \SystemRoot\System32\drivers\ecache.sys 0x88D95000 \SystemRoot\system32\drivers\disk.sys 0x88DA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x88DC7000 \SystemRoot\system32\drivers\crcdisk.sys 0x88DD0000 \SystemRoot\system32\drivers\BMLoad.sys 0x88DE3000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x88DEE000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x88BCF000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8C807000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8D000000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8D0A0000 \SystemRoot\System32\drivers\watchdog.sys 0x8D0AC000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8D0B7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8D0F5000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8D104000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8D207000 \SystemRoot\system32\DRIVERS\NETw4v32.sys 0x8D465000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8D475000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8D483000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x8D49D000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x8D4AE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x8D4C2000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x8D514000 \SystemRoot\system32\DRIVERS\winbondcir.sys 0x8D529000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8D53C000 \SystemRoot\system32\DRIVERS\DKbFltr.sys 0x8D546000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8D551000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8D57F000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8D581000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8D58C000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8D5A4000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys 0x8D5A6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8D5AC000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8D5B0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8D5B9000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8D191000 \SystemRoot\system32\DRIVERS\storport.sys 0x8D5E8000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8D1D2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8D5F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x88980000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8D1E9000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8CFE3000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x88BDE000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x889A3000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8D5FE000 \SystemRoot\system32\DRIVERS\swenum.sys 0x889B3000 \SystemRoot\system32\DRIVERS\ks.sys 0x88C00000 \SystemRoot\system32\DRIVERS\circlass.sys 0x88BF3000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x889DD000 \SystemRoot\system32\DRIVERS\umbus.sys 0x887B7000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x889EA000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8D803000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x885AB000 \SystemRoot\system32\drivers\portcls.sys 0x885D8000 \SystemRoot\system32\drivers\drmk.sys 0x807B8000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x8DA01000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x8DB04000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x8DBB9000 \SystemRoot\system32\drivers\modem.sys 0x8DBC6000 \SystemRoot\system32\DRIVERS\hidir.sys 0x8DBD1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8DBE1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8DBE8000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8DBF1000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8F40C000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x8F5B3000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x8F5C0000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x8F5C7000 \SystemRoot\system32\DRIVERS\AVerA310USB.sys 0x8F5CE000 \SystemRoot\system32\drivers\AVerA310Cap.sys 0x8F5D9000 \SystemRoot\system32\drivers\BdaSup.SYS 0x8F5DC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8F5E5000 \SystemRoot\System32\Drivers\Null.SYS 0x8F5EC000 \SystemRoot\System32\Drivers\Beep.SYS 0x8F5F3000 \SystemRoot\System32\drivers\vga.sys 0x8D9DE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8F400000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8D1F8000 \SystemRoot\system32\drivers\rdpencdd.sys 0x88800000 \SystemRoot\System32\Drivers\Msfs.SYS 0x887EC000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8CFF7000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8F60E000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8F624000 \SystemRoot\System32\Drivers\tcpipBM.SYS 0x8F629000 \SystemRoot\system32\DRIVERS\smb.sys 0x8F63D000 \SystemRoot\system32\drivers\afd.sys 0x8F685000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8F6B7000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x8F6C0000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8F6D6000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8F6E4000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8F6F7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8F6FD000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8F739000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8F743000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F75A000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8F780000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8F782000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8F78B000 \SystemRoot\System32\Drivers\crashdmp.sys 0x88B07000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x9B690000 \SystemRoot\System32\win32k.sys 0x8F798000 \SystemRoot\System32\drivers\Dxapi.sys 0x8F7A2000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9B8B0000 \SystemRoot\System32\TSDDD.dll 0x9B8D0000 \SystemRoot\System32\cdd.dll 0x8F7B1000 \SystemRoot\system32\drivers\luafv.sys 0x8F7CC000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x9F609000 \SystemRoot\system32\drivers\spsys.sys 0x9F6B9000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9F6C9000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9F6F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9F6FD000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9F710000 \SystemRoot\system32\drivers\HTTP.sys 0x9F77D000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9F79A000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9F7B3000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9F7C8000 \SystemRoot\system32\drivers\mrxdav.sys 0x8F7E1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA0C07000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA0C40000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA0C58000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA0C80000 \SystemRoot\System32\DRIVERS\srv.sys 0xA0CE6000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA0CFC000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys 0xA0D03000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xA0D07000 \SystemRoot\system32\drivers\peauth.sys 0xA0DE5000 \SystemRoot\system32\DRIVERS\PSDNServ.sys 0xA0DEE000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys 0xA0CCE000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA0CD8000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9F7E9000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xA680A000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl 0xA6827000 \SystemRoot\system32\drivers\MSPQM.sys 0xA6829000 \??\C:\Users\Kay\AppData\Local\Temp\kxrdqpow.sys 0x76FD0000 \Windows\System32\ntdll.dll Processes (total 94): 0 System Idle Process 4 System 548 C:\Windows\System32\smss.exe 616 csrss.exe 668 C:\Windows\System32\wininit.exe 676 csrss.exe 712 C:\Windows\System32\services.exe 724 C:\Windows\System32\lsass.exe 732 C:\Windows\System32\lsm.exe 872 C:\Windows\System32\svchost.exe 956 C:\Windows\System32\svchost.exe 1004 C:\Windows\System32\svchost.exe 1076 C:\Windows\System32\svchost.exe 1104 C:\Windows\System32\svchost.exe 1124 C:\Windows\System32\svchost.exe 1196 C:\Windows\System32\audiodg.exe 1228 C:\Windows\System32\SLsvc.exe 1252 C:\Windows\System32\svchost.exe 1352 C:\Windows\System32\winlogon.exe 1416 C:\Windows\System32\svchost.exe 1636 C:\Windows\System32\spoolsv.exe 1660 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1672 C:\Windows\System32\svchost.exe 1872 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1892 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1912 C:\Program Files\Bonjour\mDNSResponder.exe 1932 C:\Windows\System32\svchost.exe 1956 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 1964 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 2040 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 2148 C:\Windows\System32\taskeng.exe 2184 C:\Acer\Empowering Technology\eNet\eNet Service.exe 2236 C:\Windows\System32\dwm.exe 2368 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2412 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2456 C:\Acer\Mobility Center\MobilityService.exe 2508 C:\Windows\System32\svchost.exe 2648 C:\Windows\System32\svchost.exe 2668 C:\Windows\System32\PnkBstrA.exe 2684 C:\Windows\System32\svchost.exe 2716 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2744 C:\Program Files\Acer\Acer VCM\RS_Service.exe 2764 C:\Windows\System32\svchost.exe 2816 C:\Windows\System32\svchost.exe 2904 C:\Windows\explorer.exe 2948 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2976 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 3032 C:\Windows\System32\SearchIndexer.exe 3048 C:\Windows\System32\drivers\XAudio.exe 3056 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 3096 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 3148 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 3304 C:\Program Files\Synaptics\SynTP\SynTPStart.exe 3328 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe 3400 C:\Windows\System32\taskeng.exe 3524 WmiPrvSE.exe 3564 unsecapp.exe 3744 C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe 3932 C:\Acer\Empowering Technology\eAudio\eAudio.exe 4008 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 4036 C:\Windows\RtHDVCpl.exe 2284 WmiPrvSE.exe 3320 C:\Windows\System32\rundll32.exe 588 C:\Users\Kay\AppData\Local\temp\RtkBtMnt.exe 492 C:\Windows\System32\rundll32.exe 432 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe 2520 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 592 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe 2288 C:\Program Files\DivX\DivX Update\DivXUpdate.exe 4064 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2800 C:\Program Files\iTunes\iTunesHelper.exe 556 C:\Windows\ehome\ehtray.exe 3632 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 4048 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 4156 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe 4172 C:\Windows\ehome\ehmsas.exe 4184 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 4268 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe 4328 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 4348 C:\Windows\ehome\ehsched.exe 4496 C:\Windows\System32\wbem\unsecapp.exe 4764 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe 5180 C:\Program Files\iPod\bin\iPodService.exe 5412 C:\Windows\ehome\ehrecvr.exe 4548 C:\Windows\System32\svchost.exe 4560 C:\Program Files\Windows Media Player\wmpnetwk.exe 5252 C:\Program Files\Mozilla Firefox\firefox.exe 3656 C:\Users\Kay\Desktop\osam.exe 5668 C:\Windows\System32\SearchProtocolHost.exe 2640 C:\Windows\System32\SearchFilterHost.exe 428 dllhost.exe 308 dllhost.exe 4980 C:\Users\Kay\Videos\MBRCheck.exe 4340 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9700000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`f5b00000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS542525K9SA00, Rev: BBFOC31P Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 31171527C24A94682C92F34EB1E387CDC8AD21FC Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: |
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! |
hey... hier der Vollscanbericht von Malewarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6110 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 20.03.2011 12:38:44 mbam-log-2011-03-20 (12-38-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 333357 Laufzeit: 59 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Gruß Kay |
Hey Cosinus Und hier das Logfile von SuperAntiSpyware: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 03/20/2011 at 05:39 PM Application Version : 4.50.1002 Core Rules Database Version : 6635 Trace Rules Database Version: 4447 Scan type : Complete Scan Total Scan Time : 04:49:29 Memory items scanned : 823 Memory threats detected : 0 Registry items scanned : 11130 Registry threats detected : 0 File items scanned : 281869 File threats detected : 15 Trojan.Agent/Gen-FakeAV C:\PROGRAM FILES\WINRAR\DEFAULT.SFX Adware.Tracking Cookie s0.2mdn.net [ C:\Users\Kay\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GJB8GV74 ] Trojan.Agent/Gen-Krpytik E:\BUNDESWEHR\ARABISCH\ARABICALPHABET\ARALP11.EXE E:\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\ETIKETT!.EXE E:\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\FDRUCKER!.EXE E:\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\FORMULAR!.EXE E:\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\KALENDER!.EXE E:\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\POSTER!.EXE E:\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\VISITEN!.EXE E:\BUNDESWEHR\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\ETIKETT!.EXE E:\BUNDESWEHR\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\FDRUCKER!.EXE E:\BUNDESWEHR\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\FORMULAR!.EXE E:\BUNDESWEHR\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\KALENDER!.EXE E:\BUNDESWEHR\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\POSTER!.EXE E:\BUNDESWEHR\BUNDESWEHR\BUND 1\ANWENDUNGEN\DRUCKER-PROGRAMME\VISITEN!.EXE Gruß Kay |
Die Funde in E:\Bundeswehr sehen nach Fehlalarmen aus. Kannst du das bewerten? Ist der Ordner gewollt und/oder wichtig? |
Hey Arne... E:\ ist meine Externe Festplatte... die Daten sind nicht wichtig...Frage kann ich den Ordner Löschen? ob es ein Fehlalarm ist kann ich nicht beurteilen. PS: was ist mit SuperAntiSpyware.., kann ich das Prog. wieder Löschen? Gruß Kay |
Du musst doch wissen, was der Ordner Bundeswehr ist... |
das sind alte Ordner... ich brauche sie nicht mehr.... Gruß Kay |
Dann lösch es... Rechner jetzt ok oder noch Probleme offen? |
Nein alles SUPI.... alles wie beschrieben geklappt.... ich bedanke mich und hoffe ich bin jetzt durch :applaus: :party: Mit freundlichem Gruß Kay :dankeschoen: |
Dann wären wir durch! :abklatsch: Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink: Mozilla und andere Browser => http://filepony.de/?q=Flash+Player Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 16:07 Uhr. |
Copyright ©2000-2025, Trojaner-Board