Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor:Win32/IRCbot.gen!K


  • This topic is locked This topic is locked
45 replies to this topic

#1 kolibri

kolibri

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 18 October 2011 - 01:49 PM

Hi everyone,
I think i got infected by Win32/IRCbot.gen!K yesterday after clicking on a link a friend sent to me via facebook. Shortly afterwards, Windows Defender started to alert me about this malware. I removed it, but after rebooting the system, it was still there i.e. the alert popped up again. I performed an AntiVir check, but it didnt find anything. I will post the exact notification as soon as i get it again.

Now my questions: is it still save to use my laptop while the malware is on it? Can I do stuff online, or at least offline? And of course, how can i remove Win32/IRCbot.gen!K?
I dont know very much about this kind of things, so the other topics on the same malware didnt really help me, sorry...
Thank you very much for any help!


I am using windows vista, it's an Acer Aspire netbook. Internet Explorer: Mozilla Firefox 7.0.1
I dont have an extra firewall, just the Windows defender and Avira Free Antivirus. Do you need to know anything else?


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_26
Run by Mona at 18:23:20 on 2011-10-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1259 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Windows\system32\hasplms.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Carl Zeiss\MTB 2004\MTB Server Console\MTBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Windows\PLFSetI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PDF24\pdf24.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Users\Mona\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Mona\AppData\Local\Temp\tmp39.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Mona\Network\wmpctv32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://de.intl.acer.yahoo.com
mStart Page = hxxp://de.intl.acer.yahoo.com
mDefault_Page_URL = hxxp://de.intl.acer.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86

\ActiveToolBand.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
BHO: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program

files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86

\eDStoolbar.dll
TB: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program

files\ask.com\GenericAskToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Windows Network Config] c:\users\mona\network\wmpctv32.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ALaunch] c:\acer\alaunch\AlaunchClient.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [eRecoveryService]
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDFPrint] c:\program files\pdf24\pdf24.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
StartupFolder: c:\users\mona\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program

files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering

technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\philip~1.lnk - c:\philips\gogear vibe device

manager\GoGear_Vibe_DeviceManager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-

43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12

\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11

\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2D14E2D8-1BDB-4F2C-8E0C-BDBE7527B509} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mona\appdata\roaming\mozilla\firefox\profiles\1qlu9z70.default\
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-17 36000]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play

movie\000.fcl [2008-7-15 41456]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-25 51200]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-17 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-17 110032]
R2 AntiVirWebService;Avira Browser Schutz;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-17 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-17 74640]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-

21 21504]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 MTBService;MTB Server;c:\program files\carl zeiss\mtb 2004\mtb server console\MTBService.exe [2009-10-23 20480]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2008-3-25 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-25 179712]
.
=============== Created Last 30 ================
.
2011-10-18 09:59:25 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{24617f47-7a21-

4936-8f8a-2b5b0a0904a4}\offreg.dll
2011-10-18 09:47:46 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{24617f47-7a21-

4936-8f8a-2b5b0a0904a4}\mpengine.dll
2011-10-17 14:46:01 -------- d-----w- c:\users\mona\appdata\roaming\Avira
2011-10-17 14:45:11 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-17 14:45:11 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-17 14:44:57 -------- d-----w- c:\programdata\Avira
2011-10-17 14:44:57 -------- d-----w- c:\program files\Avira
2011-10-17 12:05:30 -------- d-sh--w- c:\users\mona\Network
.
==================== Find3M ====================
.
2011-10-04 12:45:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-30 23:06:24 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07:25 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-07-29 16:01:34 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-29 16:01:33 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-29 16:00:14 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-07-29 16:00:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
.
============= FINISH: 18:29:03.05 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kolibri

kolibri
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 18 October 2011 - 01:57 PM

Two more questions: I performed a backup of my data on an external harddrive - could the malware now be on the harddrive, too?

Is it safe to upload data into a mail program (for example) from the infected computer?
Thanks!

#3 kolibri

kolibri
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 22 October 2011 - 03:07 AM

Hi there,
still waiting for someone to help me, especially i have not been using my laptop at all ever since i posted my logs (i am now using another computer)...so i suppose nothing much has changed since then!! But i'd really need my laptop for working! Please help me!

In the meantime, facebook has send me a message and offer me to download McAfee security software. Do you think it is worth a try running McAfee? here's the message:


Dear xy,

We have detected that your Facebook account is infected with a form of malware, or virus, called Koobface. You downloaded the virus after receiving a message from a friend, which invited you to view a video.

To restore your account, please log into Facebook and follow the instructions you see there. You can also learn more in our Help Center at:
http://www.facebook.com/help/?topic=koobface

Thanks,
Facebook Security Team

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 22 October 2011 - 02:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 kolibri

kolibri
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 23 October 2011 - 04:09 AM

OTL logfile created on: 23/10/2011 10:54:03 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 59.34% Memory free
6.19 Gb Paging File | 4.75 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.79 Gb Total Space | 43.02 Gb Free Space | 29.92% Space Free | Partition Type: NTFS
Drive D: | 140.29 Gb Total Space | 127.57 Gb Free Space | 90.93% Space Free | Partition Type: NTFS

Computer Name: MONA-PC | User Name: Mona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/23 10:52:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mona\Desktop\OTL.exe
PRC - [2011/10/23 10:34:31 | 000,199,168 | ---- | M] () -- C:\Users\Mona\AppData\Local\Temp\tmp63.exe
PRC - [2011/10/16 23:01:28 | 000,141,824 | -HS- | M] () -- C:\Users\Mona\Network\wmpctv32.exe
PRC - [2011/10/11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/05 10:22:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011/09/07 12:55:40 | 000,221,256 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011/06/25 12:30:46 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/23 07:27:26 | 000,020,480 | ---- | M] (Carl Zeiss) -- C:\Programme\Carl Zeiss\MTB 2004\MTB Server Console\MTBService.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/04/21 12:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/08/22 17:25:35 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Mona\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008/03/24 19:37:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/02/25 10:53:24 | 000,518,656 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/02/25 10:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/24 04:29:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/24 04:28:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008/01/21 04:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2008/01/09 19:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/02 15:17:28 | 000,707,080 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2007/12/20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/27 19:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/11/22 10:01:00 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007/10/10 07:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/10/01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 14:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/19 15:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 12:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2003/06/20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/23 10:34:31 | 000,199,168 | ---- | M] () -- C:\Users\Mona\AppData\Local\Temp\tmp63.exe
MOD - [2011/10/16 23:01:28 | 000,141,824 | -HS- | M] () -- C:\Users\Mona\Network\wmpctv32.exe
MOD - [2011/10/05 10:22:00 | 001,833,944 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011/07/08 13:53:06 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011/05/04 13:53:15 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/03/29 12:53:25 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/03/21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/09/25 20:34:21 | 005,242,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2009/03/30 06:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/03/30 06:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/03/30 06:42:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2009/03/30 06:42:18 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2009/03/30 06:42:18 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2009/03/30 06:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009/03/30 06:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2008/01/09 19:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008/01/09 19:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008/01/03 03:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/12/20 14:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007/12/20 12:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007/12/19 19:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/12/19 19:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/12/19 19:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/12/19 19:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/10/23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2007/10/10 07:41:08 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
MOD - [2007/09/20 15:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007/09/11 10:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007/02/13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/22 10:00:17 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/23 07:27:26 | 000,020,480 | ---- | M] (Carl Zeiss) [Auto | Running] -- C:\Program Files\Carl Zeiss\MTB 2004\MTB Server Console\MTBService.exe -- (MTBService)
SRV - [2009/04/21 12:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/02/25 10:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/27 19:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/11/22 10:01:00 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/10/01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 14:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/19 15:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/09 14:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/01/16 12:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/08/29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/03/11 04:11:00 | 008,240,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/15 17:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/24 04:29:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2008/01/24 04:29:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/04 17:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007/10/31 04:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Mozilla\Firefox\components [2009/11/05 13:01:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Mozilla\Firefox\plugins [2010/12/07 12:20:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/05 10:22:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 13:35:50 | 000,000,000 | ---D | M]

[2008/09/14 14:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mona\AppData\Roaming\mozilla\Extensions
[2011/08/02 10:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mona\AppData\Roaming\mozilla\Firefox\Profiles\1qlu9z70.default\extensions
[2010/04/27 17:12:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mona\AppData\Roaming\mozilla\Firefox\Profiles\1qlu9z70.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/02 10:05:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mona\AppData\Roaming\mozilla\Firefox\Profiles\1qlu9z70.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/17 20:26:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Mona\AppData\Roaming\mozilla\Firefox\Profiles\1qlu9z70.default\extensions\moveplayer@movenetworks.com
[2011/09/24 12:13:19 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus WebGuard") -- C:\Users\Mona\AppData\Roaming\mozilla\Firefox\Profiles\1qlu9z70.default\extensions\toolbar@ask.com
[2010/04/30 11:36:22 | 000,002,354 | ---- | M] () -- C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\Profiles\1qlu9z70.default\searchplugins\ecosia.xml
[2011/07/25 13:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/08/28 11:16:28 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/10 16:33:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/23 01:43:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/25 13:28:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/05 10:22:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2006/07/31 17:07:16 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/10/05 10:21:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/05 10:21:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/05 10:21:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/05 10:21:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/05 10:21:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/05 10:21:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL File not found
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-894674958-1922384625-1032652220-1000..\Run: [Windows Network Config] C:\Users\Mona\Network\wmpctv32.exe ()
O4 - Startup: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D14E2D8-1BDB-4F2C-8E0C-BDBE7527B509}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mona\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mona\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{70edfcfa-36a6-11df-9c41-dc2f9126d066}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{70edfcfa-36a6-11df-9c41-dc2f9126d066}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{70edfcfa-36a6-11df-9c41-dc2f9126d066}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{b12c3ae3-8db7-11e0-a8ac-e8e5917a6e78}\Shell - "" = AutoRun
O33 - MountPoints2\{b12c3ae3-8db7-11e0-a8ac-e8e5917a6e78}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b12c3af7-8db7-11e0-a8ac-e8e5917a6e78}\Shell - "" = AutoRun
O33 - MountPoints2\{b12c3af7-8db7-11e0-a8ac-e8e5917a6e78}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETAUDIO.EXE - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETRES.EXE - - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: eAudio - hkey= - key= - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/23 10:52:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mona\Desktop\OTL.exe
[2011/10/18 18:34:29 | 000,000,000 | ---D | C] -- C:\Users\Mona\Desktop\gmer
[2011/10/17 16:46:01 | 000,000,000 | ---D | C] -- C:\Users\Mona\AppData\Roaming\Avira
[2011/10/17 16:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/10/17 16:45:11 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/10/17 16:45:11 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/10/17 16:45:11 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011/10/17 16:45:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/10/17 16:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/10/17 16:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/17 14:05:30 | 000,000,000 | -HSD | C] -- C:\Users\Mona\Network
[2011/10/14 13:34:37 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/14 13:34:37 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/14 13:34:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/14 13:34:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/14 13:34:36 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/14 13:34:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/14 13:34:32 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/14 13:34:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/14 13:34:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/14 13:34:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/14 13:34:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/14 13:34:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/14 13:34:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/14 13:34:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/14 13:34:30 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/14 13:34:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/14 13:34:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/14 13:34:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/14 13:34:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/14 13:34:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/14 13:34:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/14 13:34:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/14 13:34:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/14 13:34:02 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/14 13:34:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/05 18:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2008/07/15 20:48:26 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

========== Files - Modified Within 30 Days ==========

[2011/10/23 10:52:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mona\Desktop\OTL.exe
[2011/10/23 10:31:34 | 000,139,952 | ---- | M] () -- C:\Users\Mona\AppData\Roaming\nvModes.001
[2011/10/23 10:30:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/23 10:30:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/23 10:30:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/23 10:30:15 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/18 18:33:10 | 000,294,216 | ---- | M] () -- C:\Users\Mona\Desktop\gmer.zip
[2011/10/18 18:21:36 | 000,000,000 | ---- | M] () -- C:\Users\Mona\defogger_reenable
[2011/10/18 11:58:28 | 000,296,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/18 11:42:44 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/10/17 16:45:34 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/10/17 14:09:00 | 000,130,048 | ---- | M] () -- C:\Users\Mona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/10/11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/10/11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011/10/10 16:47:28 | 000,033,388 | ---- | M] () -- C:\Users\Mona\Desktop\IZN_Labrotation_Oct2011.pdf
[2011/10/10 16:25:04 | 000,002,735 | ---- | M] () -- C:\Users\Mona\Desktop\Microsoft Office Outlook 2003.lnk
[2011/10/07 18:33:59 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/10/07 18:33:59 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/07 18:33:59 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/10/07 18:33:59 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/05 18:14:38 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011/10/04 14:45:47 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/01 01:06:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/01 01:03:05 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/01 01:02:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/01 01:02:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/01 01:02:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/01 01:01:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/01 01:01:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/01 01:01:34 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/01 01:01:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/01 01:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/01 01:01:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/01 01:01:33 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/01 01:01:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/01 00:07:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/09/30 23:29:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/09/30 23:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/09/30 23:29:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/09/30 23:28:36 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2011/10/18 18:33:04 | 000,294,216 | ---- | C] () -- C:\Users\Mona\Desktop\gmer.zip
[2011/10/18 18:21:36 | 000,000,000 | ---- | C] () -- C:\Users\Mona\defogger_reenable
[2011/10/18 11:42:44 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/10/17 16:45:34 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/10/10 16:47:28 | 000,033,388 | ---- | C] () -- C:\Users\Mona\Desktop\IZN_Labrotation_Oct2011.pdf
[2011/10/05 18:14:38 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011/04/06 10:58:58 | 000,001,936 | ---- | C] () -- C:\Windows\System32\nethasp.ini
[2010/09/08 16:39:18 | 000,000,680 | ---- | C] () -- C:\Users\Mona\AppData\Local\d3d9caps.dat
[2010/09/08 15:31:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/17 15:29:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 15:29:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/12/30 19:00:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/14 15:32:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/08/23 17:22:27 | 000,000,224 | ---- | C] () -- C:\Users\Mona\AppData\Roaming\wklnhst.dat
[2008/08/22 18:01:25 | 000,139,952 | ---- | C] () -- C:\Users\Mona\AppData\Roaming\nvModes.001
[2008/08/22 17:54:04 | 000,139,952 | ---- | C] () -- C:\Users\Mona\AppData\Roaming\nvModes.dat
[2008/08/22 17:40:52 | 000,130,048 | ---- | C] () -- C:\Users\Mona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/16 05:24:24 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2008/07/16 05:23:57 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/07/15 20:48:26 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/07/15 20:47:20 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/07/15 20:47:20 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/07/15 20:47:20 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/07/15 20:31:32 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/07/15 20:31:31 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/03/26 01:32:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/25 22:59:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/03/25 16:21:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/25 16:20:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/01/21 09:15:58 | 000,623,280 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 09:15:58 | 000,125,378 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,296,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/02/20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/08/16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8

< End of report >



OTL Extras logfile created on: 23/10/2011 10:54:03 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 59.34% Memory free
6.19 Gb Paging File | 4.75 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.79 Gb Total Space | 43.02 Gb Free Space | 29.92% Space Free | Partition Type: NTFS
Drive D: | 140.29 Gb Total Space | 127.57 Gb Free Space | 90.93% Space Free | Partition Type: NTFS

Computer Name: MONA-PC | User Name: Mona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-894674958-1922384625-1032652220-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C67D0EB-D331-4DE0-A35C-D4E1F85C2F99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20B2D9E1-90D5-45CC-BF2D-02E161E8918F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{212C11D9-74F6-4574-B5A7-FDB11B1CDE92}" = protocol=6 | dir=in | app=c:\users\mona\appdata\roaming\dropbox\bin\dropbox.exe |
"{39D9E749-A3EB-4509-B89E-E79CB161C0B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{54D075EB-D9B8-4E91-BB3E-75BD0EFF8A1F}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{57B15628-A2F6-46CE-822D-F43FC740B13B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8B645574-8037-49B8-8AA7-A3ECFD5AAE1A}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{A8B7863B-2D49-4F7F-8C99-B1D8F57C0BF0}" = protocol=17 | dir=in | app=c:\users\mona\appdata\roaming\dropbox\bin\dropbox.exe |
"{A8ED914C-FAA5-4F93-A60A-F5612FE7DA48}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{BF63087B-F5F3-4F2A-B16B-4635BD9A83C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D1CCB08A-2D6E-4A5B-9E42-4944692B3176}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{E5CFF09C-7910-4588-93E0-FB73B1DE7BBF}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{FDA65CEF-9200-4DFD-ADB3-1F3BB2F300C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{4229BF3C-C7D8-497D-8D5B-9D4BAF3F1776}C:\program files\geneious\geneious.exe" = protocol=6 | dir=in | app=c:\program files\geneious\geneious.exe |
"TCP Query User{8AEC5BDB-EBE5-40FB-B691-C6EA898B11A3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{950A7855-F6C7-4C01-9FF6-3F1007467E3C}C:\users\mona\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mona\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{BEDF22BF-E43D-4D4A-995F-9502909D7D92}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{E232DD17-A571-4F27-A112-8DA1D8AB7C9D}C:\program files\geneious\geneious.exe" = protocol=6 | dir=in | app=c:\program files\geneious\geneious.exe |
"TCP Query User{FCE0C486-B7DA-449D-8A18-61F82B06EEE4}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{4BCAFF75-0D85-4DE1-9328-5320AC15EC3D}C:\program files\geneious\geneious.exe" = protocol=17 | dir=in | app=c:\program files\geneious\geneious.exe |
"UDP Query User{B0B2D595-55A8-4CB6-98A8-8A3B4C2FC0BC}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{DE94C1E2-F485-42F5-BD72-2A7FA446EF6C}C:\users\mona\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mona\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E22DD5AD-432F-4428-98DD-05093E6BD50E}C:\program files\geneious\geneious.exe" = protocol=17 | dir=in | app=c:\program files\geneious\geneious.exe |
"UDP Query User{F2A98BA7-BA22-482C-9053-C368606264ED}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{FB1E6AB0-3EDF-4D43-AF31-0DFC19C4581E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 26
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77716CC1-63C7-47CA-836A-8E6369155130}" = Carl Zeiss AxioVision Rel. 4.8.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"4435-7533-6274-7601" = Geneious 5.3.6
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ANNO 1602 Königs-Edition" = ANNO 1602 Königs-Edition
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Carl Zeiss LSM Image Browser" = LSM Image Browser, Release 4.2
"Chromas" = Chromas
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX Setup
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImageJ_is1" = ImageJ 1.42q
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.2
"WinRAR archiver" = WinRAR archiver
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-894674958-1922384625-1032652220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/01/2011 07:07:11 | Computer Name = Mona-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ACDaemon.exe, Version 1.1.0.47, Zeitstempel
0x4ba19738, fehlerhaftes Modul ACDaemon.exe, Version 1.1.0.47, Zeitstempel 0x4ba19738,
Ausnahmecode 0xc0000005, Fehleroffset 0x0001af86, Prozess-ID 0xa58, Anwendungsstartzeit
01cbad91dccc8728.

Error - 06/01/2011 09:22:44 | Computer Name = Mona-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18999, Zeitstempel
0x4ccf92fb, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00770077, Prozess-ID 0x1148, Anwendungsstartzeit
01cbad9330dbb040.

Error - 08/01/2011 04:55:37 | Computer Name = Mona-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/01/2011 04:55:50 | Computer Name = Mona-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ACDaemon.exe, Version 1.1.0.47, Zeitstempel
0x4ba19738, fehlerhaftes Modul ACDaemon.exe, Version 1.1.0.47, Zeitstempel 0x4ba19738,
Ausnahmecode 0xc0000005, Fehleroffset 0x0001af86, Prozess-ID 0xe0c, Anwendungsstartzeit
01cbaf11d862311f.

Error - 08/01/2011 04:55:52 | Computer Name = Mona-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 08/01/2011 04:55:52 | Computer Name = Mona-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 08/01/2011 12:56:33 | Computer Name = Mona-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 08/01/2011 12:56:33 | Computer Name = Mona-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/01/2011 05:18:49 | Computer Name = Mona-PC | Source = Avira AntiVir | ID = 4118
Description =

Error - 11/01/2011 05:28:30 | Computer Name = Mona-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung OUTLOOK.EXE, Version 11.0.8326.0, Zeitstempel
0x4c1c2372, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,
Ausnahmecode 0xc0000374, Fehleroffset 0x000b015d, Prozess-ID 0x170c, Anwendungsstartzeit
01cbb11621675c90.

[ System Events ]
Error - 17/10/2011 10:48:37 | Computer Name = Mona-PC | Source = WinDefend | ID = 3006
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
wurde vom %%827-Echtzeitschutz-Agent ein Fehler festgestellt. Weitere Informationen
finden Sie hier: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/IRCbot.gen!K&threatid=133044

Scan-ID:
{CB01BB8C-C9AB-48AE-A5AF-BC99C19B51F1} Benutzer: Mona-PC\Mona Name: Backdoor:Win32/IRCbot.gen!K

ID:
133044 Schweregrad-ID: 5 Kategorie-ID: 6 Pfad: Warnungsart: %%805 Aktion: %%812 Fehlercode:
0x80508024 Fehlerbeschreibung: Zum Abschluss der Entfernung von Spyware und anderer
unerwünschter Software müssen Sie einen vollständige Überprüfung ausführen. Informationen
zu Scanoptionen finden Sie unter "Hilfe und Support".

Error - 18/10/2011 05:59:10 | Computer Name = Mona-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18/10/2011 06:03:11 | Computer Name = Mona-PC | Source = WinDefend | ID = 3006
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
wurde vom %%827-Echtzeitschutz-Agent ein Fehler festgestellt. Weitere Informationen
finden Sie hier: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/IRCbot.gen!K&threatid=133044

Scan-ID:
{AFF0912D-4A05-4C1B-9A42-0A981303125D} Benutzer: Mona-PC\Mona Name: Backdoor:Win32/IRCbot.gen!K

ID:
133044 Schweregrad-ID: 5 Kategorie-ID: 6 Pfad: Warnungsart: %%805 Aktion: %%812 Fehlercode:
0x80508024 Fehlerbeschreibung: Zum Abschluss der Entfernung von Spyware und anderer
unerwünschter Software müssen Sie einen vollständige Überprüfung ausführen. Informationen
zu Scanoptionen finden Sie unter "Hilfe und Support".

Error - 18/10/2011 06:25:44 | Computer Name = Mona-PC | Source = WinDefend | ID = 1008
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
wurde von %%827 ein Fehler festgestellt. Weitere Informationen finden Sie hier: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/IRCbot.gen!K&threatid=133044

Überprüfungs-ID:
{C71C5329-770E-478D-8056-E83FA9015DBD} Überprüfungstyp: %%802 Benutzer: Mona-PC\Mona

Name:
Backdoor:Win32/IRCbot.gen!K ID: 133044 Schweregrad-ID: 5 Kategorie-ID: 6 Pfad: Aktion:
%%812 Fehlercode: 0x80508024 Fehlerbeschreibung: Zum Abschluss der Entfernung von
Spyware und anderer unerwünschter Software müssen Sie einen vollständige Überprüfung
ausführen. Informationen zu Scanoptionen finden Sie unter "Hilfe und Support".

Error - 18/10/2011 06:26:20 | Computer Name = Mona-PC | Source = WinDefend | ID = 3006
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
wurde vom %%827-Echtzeitschutz-Agent ein Fehler festgestellt. Weitere Informationen
finden Sie hier: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/IRCbot.gen!K&threatid=133044

Scan-ID:
{C4A44E2E-8CBD-462F-88AD-B6998A2A7582} Benutzer: Mona-PC\Mona Name: Backdoor:Win32/IRCbot.gen!K

ID:
133044 Schweregrad-ID: 5 Kategorie-ID: 6 Pfad: Warnungsart: %%805 Aktion: %%812 Fehlercode:
0x80508024 Fehlerbeschreibung: Zum Abschluss der Entfernung von Spyware und anderer
unerwünschter Software müssen Sie einen vollständige Überprüfung ausführen. Informationen
zu Scanoptionen finden Sie unter "Hilfe und Support".

Error - 18/10/2011 15:03:25 | Computer Name = Mona-PC | Source = DCOM | ID = 10010
Description =

Error - 19/10/2011 01:42:35 | Computer Name = Mona-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19/10/2011 01:48:17 | Computer Name = Mona-PC | Source = WinDefend | ID = 3006
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
wurde vom %%827-Echtzeitschutz-Agent ein Fehler festgestellt. Weitere Informationen
finden Sie hier: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/IRCbot.gen!K&threatid=133044

Scan-ID:
{D3CBA58D-76B0-4823-88BC-F19C630F672F} Benutzer: Mona-PC\Mona Name: Backdoor:Win32/IRCbot.gen!K

ID:
133044 Schweregrad-ID: 5 Kategorie-ID: 6 Pfad: Warnungsart: %%805 Aktion: %%812 Fehlercode:
0x80508024 Fehlerbeschreibung: Zum Abschluss der Entfernung von Spyware und anderer
unerwünschter Software müssen Sie einen vollständige Überprüfung ausführen. Informationen
zu Scanoptionen finden Sie unter "Hilfe und Support".

Error - 23/10/2011 04:30:49 | Computer Name = Mona-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/10/2011 04:33:46 | Computer Name = Mona-PC | Source = WinDefend | ID = 3006
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
wurde vom %%827-Echtzeitschutz-Agent ein Fehler festgestellt. Weitere Informationen
finden Sie hier: http://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/IRCbot.gen!K&threatid=133044

Scan-ID:
{A2C2AA97-F7A5-4032-AAEB-9BA7DF6C42E8} Benutzer: Mona-PC\Mona Name: Backdoor:Win32/IRCbot.gen!K

ID:
133044 Schweregrad-ID: 5 Kategorie-ID: 6 Pfad: Warnungsart: %%805 Aktion: %%812 Fehlercode:
0x80508024 Fehlerbeschreibung: Zum Abschluss der Entfernung von Spyware und anderer
unerwünschter Software müssen Sie einen vollständige Überprüfung ausführen. Informationen
zu Scanoptionen finden Sie unter "Hilfe und Support".


< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 24 October 2011 - 10:59 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 kolibri

kolibri
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 25 October 2011 - 05:56 AM

Hi Myrti,

when I wanted to run ComboFix (after downloading it from link1), a popup told me that it was an old version and not valid any more, and that i could run it in a limited version.
What should I do?

And do i have to be connected to the internet to run combo fix?

Thanks!!!

Edited by kolibri, 25 October 2011 - 05:57 AM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 25 October 2011 - 01:37 PM

Hi,

please try the second link, it gets updated more frequently.

Connection to the internet is not necessary while ComboFix is running (only in the beginning, so that it can, for example, download a newer version of itself)
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 kolibri

kolibri
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 25 October 2011 - 02:29 PM

Hi Myrti,
the second link worked fine, so here's the log:

ComboFix 11-10-25.04 - Mona 25/10/2011 21:15:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1662 [GMT 2:00]
ausgeführt von:: c:\users\Mona\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mona\AppData\Roaming\.#
c:\users\Mona\AppData\Roaming\.#\MBX@11E8@282990.###
c:\users\Mona\AppData\Roaming\.#\MBX@11E8@2829C0.###
c:\users\Mona\AppData\Roaming\.#\MBX@11E8@2829F0.###
c:\users\Mona\AppData\Roaming\.#\MBX@155C@1AB2990.###
c:\users\Mona\AppData\Roaming\.#\MBX@155C@1AB29C0.###
c:\users\Mona\AppData\Roaming\.#\MBX@155C@1AB29F0.###
c:\users\Mona\AppData\Roaming\.#\MBX@1770@1D92990.###
c:\users\Mona\AppData\Roaming\.#\MBX@1770@1D929C0.###
c:\users\Mona\AppData\Roaming\.#\MBX@1770@1D929F0.###
c:\users\Mona\AppData\Roaming\.#\MBX@EE0@1742990.###
c:\users\Mona\AppData\Roaming\.#\MBX@EE0@17429C0.###
c:\users\Mona\AppData\Roaming\.#\MBX@EE0@17429F0.###
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-25 bis 2011-10-25 ))))))))))))))))))))))))))))))
.
.
2011-10-25 19:22 . 2011-10-25 19:22 -------- d-----w- c:\users\Mona\AppData\Local\temp
2011-10-25 19:22 . 2011-10-25 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-25 10:45 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D17E428-102D-478D-A974-7407051E32AB}\mpengine.dll
2011-10-17 14:46 . 2011-10-17 14:46 -------- d-----w- c:\users\Mona\AppData\Roaming\Avira
2011-10-17 14:45 . 2011-10-11 13:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-17 14:45 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-17 14:45 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-17 14:44 . 2011-10-17 14:45 -------- d-----w- c:\programdata\Avira
2011-10-17 14:44 . 2011-10-17 14:44 -------- d-----w- c:\program files\Avira
2011-10-17 12:05 . 2011-10-25 10:41 -------- d-sh--w- c:\users\Mona\Network
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 12:45 . 2011-07-25 11:31 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-09-12 21:05 . 2009-09-12 21:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 21:06 . 2009-09-12 21:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 21:06 . 2009-09-12 21:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-12 21:06 . 2009-09-12 21:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-12 21:06 . 2009-09-12 21:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 21:07 . 2009-09-12 21:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-12 21:06 . 2009-09-12 21:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-12 21:06 . 2009-09-12 21:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 11:33 . 2009-08-14 11:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 21:06 . 2009-09-12 21:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-10-05 08:22 . 2011-05-07 17:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-06-25 10:30 1491928 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-06-25 1491928]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-06-25 1491928]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mona\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mona\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mona\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-06-25 884696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-09-07 221256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-25 535336]
Philips GoGear VIBE Device Manager.lnk - c:\philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2009-12-29 1611152]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2008-10-22 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ %I
Authentication Packages REG_MULTI_SZ %I
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETAUDIO.EXE]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SETAUDIO.EXE
backup=c:\windows\pss\SETAUDIO.EXE.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETRES.EXE]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SETRES.EXE
backup=c:\windows\pss\SETRES.EXE.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2007-10-10 05:41 1286144 ----a-w- c:\acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-11-22 08:01 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-03-11 02:11 88608 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-01-22 09:14 200704 ------w- c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-24 02:29 4702208 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 MTBService;MTB Server;c:\program files\Carl Zeiss\MTB 2004\MTB Server Console\MTBService.exe [2009-10-23 20480]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.intl.acer.yahoo.com
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Mona\AppData\Roaming\Mozilla\Firefox\Profiles\1qlu9z70.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-eRecoveryService - (no file)
AddRemove-ANNO 1602 Königs-Edition - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 21:22
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-10-25 21:25:52
ComboFix-quarantined-files.txt 2011-10-25 19:25
.
Vor Suchlauf: 15 Verzeichnis(se), 45,927,677,952 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 47,322,890,240 Bytes frei
.
- - End Of File - - 667691BD8D1167DBC73EAE1B9CE7BBD3

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 25 October 2011 - 02:46 PM

Hi,

can you please hold of shutting the PC off for now. Please run a scan with OTL again and post the log here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 kolibri

kolibri
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 25 October 2011 - 03:02 PM

Sorry, I already put the laptop to sleep before i read your reply...hope that's not too much of a problem? Will post the log in a sec...

#12 kolibri

kolibri
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 25 October 2011 - 03:15 PM

Here's the OTL log, didnt give me a extra.txt this time, though...



OTL logfile created on: 25/10/2011 22:07:29 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mona\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 49.58% Memory free
6.19 Gb Paging File | 4.73 Gb Available in Paging File | 76.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.79 Gb Total Space | 44.65 Gb Free Space | 31.05% Space Free | Partition Type: NTFS
Drive D: | 140.29 Gb Total Space | 127.43 Gb Free Space | 90.83% Space Free | Partition Type: NTFS

Computer Name: MONA-PC | User Name: Mona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/23 10:52:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mona\Desktop\OTL.exe
PRC - [2011/10/11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 14:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/05 10:22:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011/09/07 12:55:40 | 000,221,256 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011/06/25 12:30:46 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/23 07:27:26 | 000,020,480 | ---- | M] (Carl Zeiss) -- C:\Programme\Carl Zeiss\MTB 2004\MTB Server Console\MTBService.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/04/21 12:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/03/24 19:37:18 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/02/25 10:53:24 | 000,518,656 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/02/25 10:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/24 04:29:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/24 04:28:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008/01/09 19:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/02 15:17:28 | 000,707,080 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2007/12/20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/27 19:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/11/22 10:01:00 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/10 07:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/10/01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 14:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/19 15:41:50 | 000,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2003/06/20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/05 10:22:00 | 001,833,944 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011/07/08 13:53:06 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2011/05/04 13:53:15 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/03/29 12:53:25 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/03/21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/09/25 20:34:21 | 005,242,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2009/03/30 06:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/03/30 06:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/03/30 06:42:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2009/03/30 06:42:18 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2009/03/30 06:42:18 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2009/03/30 06:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009/03/30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/03/30 06:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2008/01/09 19:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008/01/09 19:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008/01/03 03:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/12/20 14:58:00 | 000,679,936 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007/12/20 12:33:26 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007/12/19 19:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/12/19 19:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/12/19 19:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/12/19 19:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/10/10 07:41:08 | 000,106,496 | ---- | M] () -- C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
MOD - [2007/09/20 15:01:12 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2007/09/11 10:59:04 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007/02/13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 14:59:39 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/22 10:00:17 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/23 07:27:26 | 000,020,480 | ---- | M] (Carl Zeiss) [Auto | Running] -- C:\Program Files\Carl Zeiss\MTB 2004\MTB Server Console\MTBService.exe -- (MTBService)
SRV - [2009/04/21 12:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008/08/29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/02/25 10:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/27 19:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/11/22 10:01:00 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/10/01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 14:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/19 15:41:50 | 000,051,200 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/09/10 15:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/09 14:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/01/16 12:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/08/29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/03/11 04:11:00 | 008,240,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/15 17:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/24 04:29:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2008/01/24 04:29:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/04 17:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007/10/31 04:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Mozilla\Firefox\components [2009/11/05 13:01:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Mozilla\Firefox\plugins [2010/12/07 12:20:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/05 10:22:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 13:35:50 | 000,000,000 | ---D | M]

[2008/09/14 14:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mona\AppData\Roaming\mozilla\Extensions
[2011/10/25 21:08:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mona\AppData\Roaming\mozilla\Firefox\Profiles\1qlu9z70.default\extensions
[2010/04/27 17:12:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mona\AppData\Roaming\mozilla\Firefox\Profiles\1qlu9z70.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/25 21:08:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Mona\AppData\Roaming\mozilla\Firefox\Profiles\1qlu9z70.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/17 20:26:45 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Mona\AppData\Roaming\mozilla\Firefox\Profiles\1qlu9z70.default\extensions\moveplayer@movenetworks.com
[2011/09/24 12:13:19 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus WebGuard") -- C:\Users\Mona\AppData\Roaming\mozilla\Firefox\Profiles\1qlu9z70.default\extensions\toolbar@ask.com
[2010/04/30 11:36:22 | 000,002,354 | ---- | M] () -- C:\Users\Mona\AppData\Roaming\Mozilla\Firefox\Profiles\1qlu9z70.default\searchplugins\ecosia.xml
[2011/07/25 13:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/08/28 11:16:28 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/10 16:33:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/23 01:43:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/07/25 13:28:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/05 10:22:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2006/07/31 17:07:16 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2011/10/05 10:21:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/05 10:21:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/05 10:21:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/05 10:21:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/05 10:21:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/05 10:21:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2011/10/25 21:22:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL File not found
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - Startup: C:\Users\Mona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-894674958-1922384625-1032652220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D14E2D8-1BDB-4F2C-8E0C-BDBE7527B509}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mona\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mona\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O30 - LSA: Authentication Packages - (%I) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETAUDIO.EXE - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SETRES.EXE - - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: eAudio - hkey= - key= - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/25 21:25:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/25 21:22:30 | 000,000,000 | ---D | C] -- C:\Users\Mona\AppData\Local\temp
[2011/10/25 21:12:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/25 21:12:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/25 21:12:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/25 21:12:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/25 21:09:16 | 004,274,341 | R--- | C] (Swearware) -- C:\Users\Mona\Desktop\ComboFix.exe
[2011/10/25 12:54:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/25 12:54:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/23 10:52:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mona\Desktop\OTL.exe
[2011/10/18 18:34:29 | 000,000,000 | ---D | C] -- C:\Users\Mona\Desktop\gmer
[2011/10/17 16:46:01 | 000,000,000 | ---D | C] -- C:\Users\Mona\AppData\Roaming\Avira
[2011/10/17 16:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/10/17 16:45:11 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/10/17 16:45:11 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/10/17 16:45:11 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011/10/17 16:45:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/10/17 16:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/10/17 16:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/17 14:05:30 | 000,000,000 | -HSD | C] -- C:\Users\Mona\Network
[2011/10/14 13:34:37 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/14 13:34:37 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/14 13:34:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/14 13:34:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/14 13:34:36 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/14 13:34:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/14 13:34:32 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/14 13:34:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/14 13:34:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/14 13:34:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/14 13:34:30 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/14 13:34:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/14 13:34:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/14 13:34:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/14 13:34:30 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/14 13:34:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/14 13:34:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/14 13:34:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/14 13:34:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/14 13:34:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/14 13:34:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/14 13:34:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/14 13:34:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/14 13:34:02 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/14 13:34:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/05 18:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2008/07/15 20:48:26 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

========== Files - Modified Within 30 Days ==========

[2011/10/25 22:05:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/25 21:22:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/25 21:10:25 | 004,274,341 | R--- | M] (Swearware) -- C:\Users\Mona\Desktop\ComboFix.exe
[2011/10/25 21:05:48 | 000,139,952 | ---- | M] () -- C:\Users\Mona\AppData\Roaming\nvModes.001
[2011/10/25 21:05:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 21:05:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 21:05:06 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/23 12:22:12 | 000,021,761 | ---- | M] () -- C:\Users\Mona\Desktop\Programm_Alumni-Treffen_RISE_ww_28_September_2011.pdf
[2011/10/23 10:52:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mona\Desktop\OTL.exe
[2011/10/18 18:33:10 | 000,294,216 | ---- | M] () -- C:\Users\Mona\Desktop\gmer.zip
[2011/10/18 18:21:36 | 000,000,000 | ---- | M] () -- C:\Users\Mona\defogger_reenable
[2011/10/18 11:58:28 | 000,296,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/18 11:42:44 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/10/17 16:45:34 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/10/17 14:09:00 | 000,130,048 | ---- | M] () -- C:\Users\Mona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/11 15:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/10/11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/10/11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011/10/10 16:47:28 | 000,033,388 | ---- | M] () -- C:\Users\Mona\Desktop\IZN_Labrotation_Oct2011.pdf
[2011/10/10 16:25:04 | 000,002,735 | ---- | M] () -- C:\Users\Mona\Desktop\Microsoft Office Outlook 2003.lnk
[2011/10/07 18:33:59 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/10/07 18:33:59 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/07 18:33:59 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/10/07 18:33:59 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/05 18:14:38 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011/10/04 14:45:47 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/01 01:06:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/01 01:03:05 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/01 01:02:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/01 01:02:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/01 01:02:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/01 01:01:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/01 01:01:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/01 01:01:34 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/01 01:01:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/01 01:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/01 01:01:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/01 01:01:33 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/01 01:01:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/01 00:07:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/09/30 23:29:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/09/30 23:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/09/30 23:29:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/09/30 23:28:36 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2011/10/25 21:12:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/25 21:12:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/25 21:12:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/25 21:12:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/25 21:12:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/23 12:22:12 | 000,021,761 | ---- | C] () -- C:\Users\Mona\Desktop\Programm_Alumni-Treffen_RISE_ww_28_September_2011.pdf
[2011/10/18 18:33:04 | 000,294,216 | ---- | C] () -- C:\Users\Mona\Desktop\gmer.zip
[2011/10/18 18:21:36 | 000,000,000 | ---- | C] () -- C:\Users\Mona\defogger_reenable
[2011/10/18 11:42:44 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/10/17 16:45:34 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/10/10 16:47:28 | 000,033,388 | ---- | C] () -- C:\Users\Mona\Desktop\IZN_Labrotation_Oct2011.pdf
[2011/10/05 18:14:38 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011/04/06 10:58:58 | 000,001,936 | ---- | C] () -- C:\Windows\System32\nethasp.ini
[2010/09/08 16:39:18 | 000,000,680 | ---- | C] () -- C:\Users\Mona\AppData\Local\d3d9caps.dat
[2010/09/08 15:31:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/17 15:29:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 15:29:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/12/30 19:00:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/14 15:32:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/08/23 17:22:27 | 000,000,224 | ---- | C] () -- C:\Users\Mona\AppData\Roaming\wklnhst.dat
[2008/08/22 18:01:25 | 000,139,952 | ---- | C] () -- C:\Users\Mona\AppData\Roaming\nvModes.001
[2008/08/22 17:54:04 | 000,139,952 | ---- | C] () -- C:\Users\Mona\AppData\Roaming\nvModes.dat
[2008/08/22 17:40:52 | 000,130,048 | ---- | C] () -- C:\Users\Mona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/16 05:24:24 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2008/07/16 05:23:57 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/07/15 20:48:26 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/07/15 20:47:20 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/07/15 20:47:20 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/07/15 20:47:20 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/07/15 20:31:32 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/07/15 20:31:31 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/03/26 01:32:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/25 22:59:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/03/25 16:21:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/25 16:20:59 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/01/21 09:15:58 | 000,623,280 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 09:15:58 | 000,125,378 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,296,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,591,320 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,103,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/02/20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/08/16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8

< End of report >

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 25 October 2011 - 03:26 PM

Hi,

I would like to cross check something that looks of in the ComboFix log:
Open Notepad and copy/paste the code box below into a new text file.
@echo off
swreg query HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa > "%userprofile%\Desktop\regexport.txt"
 "%userprofile%\Desktop\regexport.txt"
  • Save the file as regquery.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "regquery.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
  • It will open a text file, please copy the content in your next reply.

If the file shouldn't open you will also see a new file called regexport.txt on your Desktop with the same content.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 kolibri

kolibri
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 25 October 2011 - 03:41 PM

Hi myrti,


SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
auditbaseobjects REG_DWORD 0 (0x0)
auditbasedirectories REG_DWORD 0 (0x0)
crashonauditfail REG_DWORD 0 (0x0)
fullprivilegeauditing REG_BINARY 00
Bounds REG_BINARY 0030000000200000
LimitBlankPasswordUse REG_DWORD 1 (0x1)
LmCompatibilityLevel REG_DWORD 3 (0x3)
NoLmHash REG_DWORD 1 (0x1)
Notification Packages REG_MULTI_SZ %I\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0\0
Authentication Packages REG_MULTI_SZ %I\0\0
LsaPid REG_DWORD 752 (0x2f0)
SecureBoot REG_DWORD 1 (0x1)
ProductType REG_DWORD 3 (0x3)
disabledomaincreds REG_DWORD 0 (0x0)
everyoneincludesanonymous REG_DWORD 0 (0x0)
forceguest REG_DWORD 0 (0x0)
restrictanonymous REG_DWORD 0 (0x0)
restrictanonymoussam REG_DWORD 1 (0x1)
enabledcom REG_SZ y

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

Edited by kolibri, 25 October 2011 - 03:46 PM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:12 AM

Posted 25 October 2011 - 04:44 PM

Hi,

something seems to be wrong with your settings, please run this reg script to fix it:

  • Please follow steps 1-3 behind this link to backup your registry with ERUNT (use current date while naming the location).
  • Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.

    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
  • It should look like this ->Posted Image
  • Doubleclick fix.reg, when a window pops up and ask if this information should be merged, press Yes and ok.

Afterwards please run ComboFix again.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users