Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GUV / Ukash Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.08.2012, 20:58   #1
dropkick01
 
GUV / Ukash Trojaner - Böse

GUV / Ukash Trojaner



Hallo,

mich hat es heute auch erwischt. Sobald ich Verbindung zum Internet habe, blockt der infizierte Rechner auf das GUV Fenster (Ausschnitt siehe Anhang), dass mich zur Zahlung von 100 € auffordert.

Was kann ich tun? Danke schon mal für die Hilfe!

OTL.txt

Code:

Code:
ATTFilter
OTL logfile created on: 31.08.2012 21:29:35 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,51% Memory free
4,22 Gb Paging File | 2,93 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 7,98 Gb Free Space | 11,44% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 38,52 Gb Free Space | 55,41% Space Free | Partition Type: NTFS
Drive E: | 661,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 931,51 Gb Total Space | 699,00 Gb Free Space | 75,04% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - c:\Programme\Winamp Toolbar\winamptbServer.exe (AOL Inc.)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
PRC - C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Users\Dan\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Users\Dan\AppData\Local\Temp\CmdLineExt02.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()
MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()
MOD - C:\Acer\Empowering Technology\eAudio\eAudioUI.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eNet\eNetPlugin.dll ()
MOD - C:\Windows\System32\BatchCrypto.dll ()
MOD - C:\Windows\System32\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll ()
MOD - C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll ()
MOD - C:\Acer\Empowering Technology\eLock\eLockCTL.dll ()
MOD - C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\Programme\Norton Internet Security\Norton AntiVirus\NAVShExt.loc ()
 
 
========== Services (SafeList) ==========
 
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (comHost) -- C:\Programme\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (ISPwdSvc) -- C:\Programme\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (bewsxkwh) -- C:\Windows\system32\drivers\bewsxkwh.sys File not found
DRV - (uigxrdr) -- C:\Windows\System32\drivers\uigxrdr.SYS (1&1 Mail & Media GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\drivers\symndisv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\drivers\symfw.sys (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\drivers\symids.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\drivers\symdns.sys (Symantec Corporation)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080122.056\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080122.056\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080122.002\IDSvix86.sys (Symantec Corporation)
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2903601
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110411201655022&tb_oid=11-04-2011&tb_mrud=11-04-2011
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {e84cc2c1-b722-48fc-a39c-edb8b525c777} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{17209201-F510-41F8-AF19-0D36BA2E7345}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=1e6d885e00000000000000197ed34dac&tlver=1.4.19.19&ss=1&affID=17395
IE - HKCU\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QstscanPB&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLR
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2903601
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110411201655022&tb_oid=11-04-2011&tb_mrud=11-04-2011
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions [2011.06.07 21:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.05 18:10:49 | 000,000,000 | ---D | M]
 
[2009.12.24 20:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\mozilla\Firefox\extensions
[2009.12.24 20:29:17 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Dan\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.04.10 14:03:00 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.11.20 18:34:50 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://start.facemoods.com/?a=gppc
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://start.facemoods.com/?a=gppc
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\0439\toolbaru.dll (IE Toolbar)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\101101046\ICQToolBar.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\101101046\ICQToolBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LWBMOUSE] C:\Programme\Tech\Wheel Mouse\5.0\Mouse32A.exe ()
O4 - HKLM..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent File not found
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{9D71D88C-C598-4935-C5D1-43AA4DB90836}] C:\Users\Dan\AppData\Roaming\Bifrost\server.exe File not found
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKCU..\Run: [GMX_GMX Upload-Manager] C:\Program Files\GMX\GMX Upload-Manager\DAVSRV.EXE (1&1 Mail & Media GmbH)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET4.0C)" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1280964415732" File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} https://img.web.de/v/mail/activex/fa_os_mms/upload_1141.cab (WEBDE Fotoalbum Upload Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E13D21C-2816-49C0-ADFB-77F5322D6522}: NameServer = 141.32.4.200,141.32.192.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F7FE502-399D-484B-A66B-B1926B369915}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AA7CF0A-2D31-4821-B0A4-5EAF45FE32AE}: DhcpNameServer = 10.74.83.22 193.254.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E807358-0A96-445C-88C5-98B9CA5EB6D0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9474445-6913-43EA-84B2-BBD658381175}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004.10.23 08:14:18 | 000,000,107 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1576a69a-bfc3-11e0-aa62-00197ed34dac}\Shell - "" = AutoRun
O33 - MountPoints2\{1576a69a-bfc3-11e0-aa62-00197ed34dac}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1576a735-bfc3-11e0-aa62-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{1576a735-bfc3-11e0-aa62-001e101f79c9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{39e95be3-9c68-11de-bbba-00197ed34dac}\Shell - "" = AutoRun
O33 - MountPoints2\{39e95be3-9c68-11de-bbba-00197ed34dac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{39e95bf6-9c68-11de-bbba-00197ed34dac}\Shell - "" = AutoRun
O33 - MountPoints2\{39e95bf6-9c68-11de-bbba-00197ed34dac}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{73c967e7-45df-11e1-b83f-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{73c967e7-45df-11e1-b83f-001e101f3315}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8023eccd-c7cb-11de-9331-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8023eccd-c7cb-11de-9331-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{849a9cf7-e86c-11dd-8e83-00197ed34dac}\Shell\AutoRun\command - "" = H:\Menu.exe
O33 - MountPoints2\{91ff6e5b-1058-11e1-805a-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{91ff6e5b-1058-11e1-805a-001e101fb45e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9970e67b-46eb-11df-ba06-f0606424d4b3}\Shell - "" = AutoRun
O33 - MountPoints2\{9970e67b-46eb-11df-ba06-f0606424d4b3}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{9df354a6-8461-11df-96c4-e92661ef10cf}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{ad400e41-1130-11e1-8934-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{ad400e41-1130-11e1-8934-001e101fe70e}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ae30c585-4d48-11df-a384-00197ed34dac}\Shell - "" = AutoRun
O33 - MountPoints2\{ae30c585-4d48-11df-a384-00197ed34dac}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{afe699d3-316a-11dc-9a16-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{afe699d3-316a-11dc-9a16-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autoplay.exe
O33 - MountPoints2\{d08c4373-c714-11de-9665-00197ed34dac}\Shell - "" = AutoRun
O33 - MountPoints2\{d08c4373-c714-11de-9665-00197ed34dac}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\RunGame.exe -- [2004.10.23 08:14:18 | 000,192,512 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 21:06:57 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Dan\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.31 18:43:49 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2012.08.31 18:43:45 | 015,328,952 | ---- | C] (Online Media Technologies Ltd.                              ) -- C:\Users\Dan\Desktop\AVSRegistryCleaner.exe
[2012.08.27 15:37:02 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\F88
[2012.08.15 03:09:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.15 03:09:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.15 03:09:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.15 03:09:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.15 03:09:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.15 03:09:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.15 03:09:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.15 03:07:40 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.15 01:27:59 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\{E09CCAC3-71CE-4808-A13C-12E5BE5EA6DC}
[2012.08.15 01:27:41 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\{75C78136-8DEF-4DC3-BFE7-341E74CC9F98}
[2012.08.14 01:01:09 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.08.14 00:58:03 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.08.14 00:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.08.14 00:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.08.14 00:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.08.14 00:36:56 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012.08.14 00:36:55 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012.08.14 00:36:51 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012.08.14 00:35:05 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012.08.14 00:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.08.14 00:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.08.14 00:30:13 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2012.08.14 00:23:54 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Usertreffen 2012
[2012.08.13 23:33:47 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Windows Live
[2012.08.13 23:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012.08.13 23:26:46 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\mkvtoolnix
[2012.08.13 23:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
[2012.08.13 23:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\MKVToolNix
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 21:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 21:34:13 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.31 21:34:02 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.31 21:05:21 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.31 21:05:21 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.31 21:05:21 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.31 21:05:21 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.31 20:59:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 20:59:44 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 20:59:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 20:59:34 | 2137,120,768 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.31 20:45:26 | 000,302,592 | ---- | M] () -- C:\Users\Dan\Desktop\0077imby.exe
[2012.08.31 20:43:40 | 000,050,477 | ---- | M] () -- C:\Users\Dan\Desktop\Defogger.exe
[2012.08.31 20:30:12 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Dan\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.31 20:05:20 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Dan.job
[2012.08.31 19:54:16 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.08.31 18:00:25 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job
[2012.08.31 17:53:58 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2012.08.31 17:51:58 | 015,328,952 | ---- | M] (Online Media Technologies Ltd.                              ) -- C:\Users\Dan\Desktop\AVSRegistryCleaner.exe
[2012.08.31 17:20:13 | 000,093,184 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.31 15:56:01 | 000,000,680 | ---- | M] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2012.08.31 13:17:27 | 000,001,714 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.27 18:56:58 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.27 18:56:57 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.15 03:41:40 | 000,337,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.10 17:08:39 | 000,000,104 | -H-- | M] () -- C:\Users\Dan\Desktop\.~lock.Unbenannt 1.odt#
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.31 21:07:09 | 000,302,592 | ---- | C] () -- C:\Users\Dan\Desktop\0077imby.exe
[2012.08.31 21:07:04 | 000,050,477 | ---- | C] () -- C:\Users\Dan\Desktop\Defogger.exe
[2012.08.31 13:17:26 | 000,001,714 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.31 13:16:53 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.08.14 15:50:32 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2012.08.14 00:57:44 | 000,001,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.08.14 00:55:36 | 000,001,245 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.08.14 00:52:11 | 000,001,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.08.14 00:50:07 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.08.10 17:08:39 | 000,000,104 | -H-- | C] () -- C:\Users\Dan\Desktop\.~lock.Unbenannt 1.odt#
[2011.11.27 16:17:00 | 000,000,000 | ---- | C] () -- C:\Users\Dan\AppData\Local\{309E25ED-9669-495A-9A11-5E77817BC933}
[2011.10.07 21:12:00 | 000,000,000 | ---- | C] () -- C:\Users\Dan\AppData\Local\{205B0CE5-F7E2-4B25-9D6D-7A5AD5D2F5B0}
[2011.05.09 17:15:41 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.12.26 16:02:57 | 000,000,552 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d8caps.dat
[2009.11.18 22:14:23 | 000,000,000 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\wklnhst.dat
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.02.13 17:18:09 | 000,031,007 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\UserTile.png
[2008.01.08 00:12:30 | 113,658,554 | ---- | C] () -- C:\Users\Dan\OOo_2.3.1_Win32Intel_install_de.exe
[2007.10.27 22:41:47 | 000,000,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2007.10.17 22:49:52 | 000,093,184 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.13 17:58:35 | 000,217,088 | R--- | C] () -- C:\Users\Dan\AppData\Roaming\MafiaSetup.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:17639624
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 
< End of report >
         
----

Extras.txt

Code:

Code:
ATTFilter
OTL Extras logfile created on: 31.08.2012 21:29:35 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,51% Memory free
4,22 Gb Paging File | 2,93 Gb Available in Paging File | 69,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 7,98 Gb Free Space | 11,44% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 38,52 Gb Free Space | 55,41% Space Free | Partition Type: NTFS
Drive E: | 661,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 931,51 Gb Total Space | 699,00 Gb Free Space | 75,04% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with Paint Shop Pro 9] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\\Paint Shop Pro 9.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2168245F-10C0-4364-9BC6-E36B7438B15F}" = lport=8090 | protocol=6 | dir=in | name=pausenhof chat | 
"{2206342F-3100-43E0-AB92-56B561BABB81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{555A5309-42F7-48AD-92DE-B819CBB5D12D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7BA4B371-41E5-4B4B-B9CE-0E7654E0AB2E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9B006AED-B2B9-457F-A865-8731455A8081}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{BC55B262-32C8-4520-A678-6DA2CEB4B5AF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D2CBBEF9-F34F-4976-BDA0-09FE4A5E55B7}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D4B1EB5E-98DD-4B5C-87E8-6A75F9BE9A96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB70F5DE-E20F-430F-82B8-0ED97544F493}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DE2DBF5E-3C9A-416C-A7E2-A966180D5D26}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F74E1052-6165-4360-BE6F-D6D50432BF77}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E54DF2-2287-4E1A-ABFB-A596B4FF8C9B}" = protocol=17 | dir=in | app=c:\users\dan\appdata\local\microsoft\windows\temporary internet files\content.ie5\946akf0o\sweetimsetup[1].exe | 
"{09A55B63-E7B6-4D27-B03E-2ABCBE770DB5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{0F7D3544-D44A-4E57-84CB-A8A914520940}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\singlefigther\counter-strike\hl.exe | 
"{14A1FF0B-808C-4884-8D55-3D86C2262A49}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{14D5F481-EB30-486F-86E6-C0434E1409B5}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"{16FAC7D6-0079-44AF-94BB-2BDD315C24B8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{25F2D476-DACB-42A4-995B-91EF2048C0A7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\singlefigther\counter-strike\hl.exe | 
"{26122130-B5C0-440D-A7C7-F064D0C3FDAB}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{29C75811-18F5-4D6B-92BA-C42ACD6682C0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{2EE83A3C-6522-4E4E-A6B7-6807746F03C2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{2FE687CD-69B4-4000-9C49-A375970046B5}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{35326AA3-550C-499E-B530-5A1C22F03530}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{38FCA075-BCF2-46D7-BFA8-D85D7D27EFF1}" = protocol=6 | dir=in | app=d:\steam\steamapps\singlefigther\day of defeat\hl.exe | 
"{42F4FC48-00DC-4862-864E-18243DA52690}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{49E78A16-FF89-4B8A-9E8C-00B748DA989F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\singlefigther\day of defeat\hl.exe | 
"{4B054746-1C5E-40E4-BE7B-F7E4F702F9E3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{5155EEA4-87C0-44EC-B6DD-03B9FF6B8742}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5A8C08B0-FE28-4394-807D-38CF416F8577}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{64F3369F-4571-4DF7-8AD3-B1C0212F81AB}" = protocol=17 | dir=in | app=d:\steam\steamapps\singlefigther\counter-strike\hl.exe | 
"{684EED8F-F44F-4CEC-B679-ABB7AF46E7B9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{7B22C071-6284-4EA3-AD6A-9BAA723A294A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8A10D8BD-75CA-4572-BFA9-21BE0FA4A9D7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\singlefigther\day of defeat\hl.exe | 
"{8A3A2F3A-166F-4644-82F3-DD42396D47F5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8C3B82B7-5122-43DF-A690-696CF8088F03}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8FCE6B66-65CE-4DC2-8E3E-395C3DFB533D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{94B5069D-DE77-4535-832F-3DC1AED05A87}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9685B3F4-5F3F-4907-96B5-0B8D4D5884A6}" = protocol=6 | dir=in | app=d:\steam\steamapps\singlefigther\counter-strike\hl.exe | 
"{A9456DFE-5DA9-4220-8E7D-C12659CB1DCA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C1A35F90-809D-4AF1-8DB5-0B2076B23C68}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E13DAC76-9080-488E-B14A-A09E8C7C96A0}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{E2061A89-8B2B-4C34-A0F5-85D6D996A2B4}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{E5557680-8652-4324-9319-382F2E5C74C9}" = protocol=6 | dir=in | app=c:\users\dan\appdata\local\microsoft\windows\temporary internet files\content.ie5\946akf0o\sweetimsetup[1].exe | 
"{E7AA7EEE-E2EB-4059-878A-083FACF0D9F4}" = protocol=17 | dir=in | app=d:\steam\steamapps\singlefigther\day of defeat\hl.exe | 
"{E855BEC2-2991-4813-A5C0-66FF2E836404}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{EA5F3913-7F84-457A-8793-94D697210C2B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{F7095775-9E17-4E4E-A8FC-7B78E8763EED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{FB05615A-3F6C-48B2-912A-FECB096B4D62}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"TCP Query User{2556D3BE-EC96-4C9A-9F9A-BF53C8FDAEE8}D:\games\steam\steam.exe" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"TCP Query User{48DC7E5F-B835-4C4C-BCAF-902DEF093CB2}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{5284018A-A28E-452C-9A52-D2F6FA28196A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{683BCF28-3D16-44DF-954F-C09E0C13D2BB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{D1DEE02C-3700-48E1-8ED8-6F993998D86D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{D3AE3DCF-9FFC-48CB-B01F-64946DB3D721}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe | 
"TCP Query User{E5DCEFC4-BB2E-476E-B810-CB5F0A6A74D1}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{E88AA159-03F4-45E0-8375-18A09C9A07DC}D:\games\steam\steamapps\singlefighter998\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\games\steam\steamapps\singlefighter998\counter-strike source\hl2.exe | 
"TCP Query User{F39D1E75-E3EC-4D14-8F6C-126B34C5EEAC}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"TCP Query User{F5D74A1B-86DF-4384-8AED-1756B1EF514E}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{02A45FBC-925E-45F5-829F-95B0C5561E81}D:\games\steam\steam.exe" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"UDP Query User{1A9C33A6-0836-49AD-B317-431300B7E307}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{3C4154E1-BC74-4B00-8FCC-0A2BD403B58E}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe | 
"UDP Query User{5D9845E2-1C80-48F7-AF64-74D9E3CEBDE2}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{6A9490A4-294A-4B45-87A6-92B5D55DAD74}D:\games\steam\steamapps\singlefighter998\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\games\steam\steamapps\singlefighter998\counter-strike source\hl2.exe | 
"UDP Query User{833A736B-4A80-4369-A751-851938F0B629}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{86DF0654-A508-4B91-B147-B3AC0FE5DAA7}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"UDP Query User{921BA69A-39AD-4874-A361-3E7F7F080287}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{BACEACB6-E8F3-497F-967C-44E6995854AA}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{FF92E23E-5E54-4811-A1EE-7CFEBD2CA217}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13796FF6-8D7F-419A-9C9B-5CE0C6B2C1AE}" = Symantec Real Time Storage Protection Component
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18FC2A03-B955-4F92-8A56-B6E37A9AEBEA}" = Mission Pack
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 23
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{40E948A9-E571-4712-B3CC-064BA3131D13}" = SymNet
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4933D2E2-B621-487F-A7E7-96DA7312BCFE}" = Angry Birds Rio
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}" = Big Kahuna Reef 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111730193}" = Star Defender 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = Mystery Case Files Ravenhearst
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}" = Wheel of Fortune 2
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4F7DD0-C596-4501-AE16-77F18F7EE694}" = Angry Birds Seasons
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DC++" = DC++ 0.699
"DivX Setup" = DivX-Setup
"EAX Unified" = EAX Unified
"FotoWorks_is1" = FotoWorks
"GMX Upload-Manager" = GMX Upload-Manager
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"Half-Life" = Half-Life
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Standard)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MKVToolNix" = MKVToolNix 5.7.0
"NSSSetup.{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan (Symantec Corporation)
"OpenTTD" = OpenTTD 1.0.0-beta1
"OrCAD91DeinstKey" = OrCAD 9.1
"PartyCasino" = PartyCasino
"PartyPoker" = PartyPoker
"ShoppingReport2" = ShopperReports
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Soldat_is1" = Soldat 1.5.0
"Steam App 10" = Counter-Strike
"Steam App 30" = Day of Defeat
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"Tech Wheel Mouse" = Tech Wheel Mouse 5.0
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.2.7.1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Winamp Toolbar" = Winamp Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 31.08.2012 10:51:26 | Computer Name = ***** | Source = VSS | ID = 8194
Description = 
 
Error - 31.08.2012 10:54:23 | Computer Name = ***** | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 31.08.2012 10:54:25 | Computer Name = ***** | Source = VMCService | ID = 0
Description = System.TypeInitializationException: Der Typeninitialisierer für "VMC.BaseServices.DataAccessor.DataStore"
 hat eine Ausnahme verursacht. ---> OneParamException: MDB: File 'C:\Program Files\Vodafone\Vodafone
 Mobile Connect\Templates\VodafoneMobileConnectEmpty.mdb' does not exist!; ID=DataAcessorCTOR;Msg=MDB
 
   --- Ende der internen Ausnahmestapelüberwachung ---     bei VMC.BaseServices.DataAccessor.DataStore.get_MobileConnectProfileFileName()
 
   bei VMC.WindowsService.WindowsService.DllLoading()
 
Error - 31.08.2012 11:58:01 | Computer Name = ***** | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 31.08.2012 11:58:02 | Computer Name = ***** | Source = VMCService | ID = 0
Description = System.TypeInitializationException: Der Typeninitialisierer für "VMC.BaseServices.DataAccessor.DataStore"
 hat eine Ausnahme verursacht. ---> OneParamException: MDB: File 'C:\Program Files\Vodafone\Vodafone
 Mobile Connect\Templates\VodafoneMobileConnectEmpty.mdb' does not exist!; ID=DataAcessorCTOR;Msg=MDB
 
   --- Ende der internen Ausnahmestapelüberwachung ---     bei VMC.BaseServices.DataAccessor.DataStore.get_MobileConnectProfileFileName()
 
   bei VMC.WindowsService.WindowsService.DllLoading()
 
Error - 31.08.2012 14:02:30 | Computer Name = ***** | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 31.08.2012 14:09:04 | Computer Name = ***** | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 31.08.2012 14:09:08 | Computer Name = ***** | Source = VMCService | ID = 0
Description = System.TypeInitializationException: Der Typeninitialisierer für "VMC.BaseServices.DataAccessor.DataStore"
 hat eine Ausnahme verursacht. ---> OneParamException: MDB: File 'C:\Program Files\Vodafone\Vodafone
 Mobile Connect\Templates\VodafoneMobileConnectEmpty.mdb' does not exist!; ID=DataAcessorCTOR;Msg=MDB
 
   --- Ende der internen Ausnahmestapelüberwachung ---     bei VMC.BaseServices.DataAccessor.DataStore.get_MobileConnectProfileFileName()
 
   bei VMC.WindowsService.WindowsService.DllLoading()
 
Error - 31.08.2012 14:59:50 | Computer Name = ***** | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 31.08.2012 14:59:54 | Computer Name = ***** | Source = VMCService | ID = 0
Description = System.TypeInitializationException: Der Typeninitialisierer für "VMC.BaseServices.DataAccessor.DataStore"
 hat eine Ausnahme verursacht. ---> OneParamException: MDB: File 'C:\Program Files\Vodafone\Vodafone
 Mobile Connect\Templates\VodafoneMobileConnectEmpty.mdb' does not exist!; ID=DataAcessorCTOR;Msg=MDB
 
   --- Ende der internen Ausnahmestapelüberwachung ---     bei VMC.BaseServices.DataAccessor.DataStore.get_MobileConnectProfileFileName()
 
   bei VMC.WindowsService.WindowsService.DllLoading()
 
[ System Events ]
Error - 31.08.2012 14:09:09 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.08.2012 14:09:09 | Computer Name = ***** | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 31.08.2012 14:10:09 | Computer Name = ***** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 31.08.2012 14:10:42 | Computer Name = ***** | Source = DCOM | ID = 10005
Description = 
 
Error - 31.08.2012 14:10:42 | Computer Name = ***** | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 31.08.2012 15:00:00 | Computer Name = ***** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.08.2012 15:00:00 | Computer Name = ***** | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 31.08.2012 15:01:27 | Computer Name = ***** | Source = DCOM | ID = 10005
Description = 
 
Error - 31.08.2012 15:01:27 | Computer Name = ***** | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 31.08.2012 15:02:19 | Computer Name = ***** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
 
< End of report >
         
So, im abgesichterten Modus konnte ich endlich Anti-Malware erfolgreich installieren, habe einen kompletten Scan durchlaufen und den Rechner neu gestartet. Insgesamt sind jetzt 69 Dateien in Quarantäne geschickt (noch nicht gelöscht!). Das GVU Bundespolizei Fenster poppt jetzt nicht mehr auf, aber ich will den Trojaner schließlich komplett entfernen.

Meine Logdatei...

mbam-log.txt:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org
 
Datenbank Version: v2012.09.01.03
 
Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
***** :: ***** [Administrator]
 
Schutz: Deaktiviert
 
01.09.2012 14:06:47
mbam-log-2012-09-01 (14-14-40).txt
 
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 194264
Laufzeit: 6 Minute(n), 58 Sekunde(n)
 
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel: 34
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Keine Aktion durchgeführt.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Keine Aktion durchgeführt.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Keine Aktion durchgeführt.
HKCR\HBLiteAx.Info (Adware.HotBar) -> Keine Aktion durchgeführt.
HKCR\HBLiteAx.Info.1 (Adware.HotBar) -> Keine Aktion durchgeführt.
HKCR\HBLiteAX.UserProfiles (Adware.HotBar) -> Keine Aktion durchgeführt.
HKCR\HBLiteAX.UserProfiles.1 (Adware.HotBar) -> Keine Aktion durchgeführt.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Bifrost (Bifrose.Trace) -> Keine Aktion durchgeführt.
HKCU\Software\hblitesa (Adware.HotBar) -> Keine Aktion durchgeführt.
HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\HBLite (Adware.HotBar) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt.
HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Keine Aktion durchgeführt.
HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Keine Aktion durchgeführt.
HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt.
 
Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{9D71D88C-C598-4935-C5D1-43AA4DB90836} (Trojan.Agent) -> Daten:  -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{9D71D88C-C598-4935-C5D1-43AA4DB90836} (Trojan.Agent) -> Daten: C:\Users\Dan\AppData\Roaming\Bifrost\server.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Daten: C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Daten: C:\Program Files\QuestScan\questscan.dll -> Keine Aktion durchgeführt.
 
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse: 14
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Roaming\Bifrost (Backdoor.Bifrose) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Roaming\HBLite (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\ProgramData\HBLiteSA (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\HBLite (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\HBLite\bin (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\HBLite\bin\11.0.363.0 (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\HBLite\bin\11.0.363.0\firefox (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions\plugins (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\ShoppingReport2 (Adware.ShoppingReport2) -> Keine Aktion durchgeführt.
C:\Program Files\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Keine Aktion durchgeführt.
C:\Program Files\ShoppingReport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Keine Aktion durchgeführt.
 
Infizierte Dateien: 17
C:\Users\*****\AppData\Local\Temp\ICReinstall_FLVPlayerSetup.exe (Adware.Agent) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\install_0_msi.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Local\Temp\wpbt0.dll (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.
C:\ProgramData\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\ProgramData\HBLiteSA\HBLiteSAAbout.mht (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\ProgramData\HBLiteSA\HBLiteSAau.dat (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\ProgramData\HBLiteSA\HBLiteSAEULA.mht (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\HBLite\bin\11.0.363.0\LaunchHelp.dll (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Keine Aktion durchgeführt.
C:\Program Files\ICQToolbar\0439\toolbaru.dll (Trojan.BHO) -> Keine Aktion durchgeführt.
 
(Ende)
         
Miniaturansicht angehängter Grafiken
GUV / Ukash Trojaner-guv-trojaner.jpg  

Alt 05.09.2012, 16:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GUV / Ukash Trojaner - Standard

GUV / Ukash Trojaner



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu GUV / Ukash Trojaner
100 €, adware.agent, adware.hotbar, adware.questscan, adware.seekmo, adware.shopperreports, adware.shoppingreport2, adware.softomate, backdoor.bifrose, bifrose.trace, bingbar, blockt, guv ukash, heute, icreinstall, infizierte, install.exe, internet, msiinstaller, office 2007, pop-up-blocker, sobald, t-mobile, troja, trojan.agent, trojan.bho, trojan.fakems, trojan.ransom.gen, trojaner, ukash, ukash trojaner, verbindung, vodafone, zahlung



Ähnliche Themen: GUV / Ukash Trojaner


  1. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  2. gvu / ukash-trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (11)
  3. Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (9)
  4. Ukash-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (12)
  5. Ukash GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (11)
  6. UKASH BKA-Trojaner
    Log-Analyse und Auswertung - 01.11.2012 (22)
  7. BKA Trojaner Ukash
    Log-Analyse und Auswertung - 20.10.2012 (7)
  8. BKA/UKASH - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (1)
  9. Ukash Trojaner
    Log-Analyse und Auswertung - 28.07.2012 (25)
  10. Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (2)
  11. Ukash- Trojaner
    Mülltonne - 04.06.2012 (2)
  12. BKA-trojaner, ukash
    Log-Analyse und Auswertung - 20.01.2012 (10)
  13. BKA-Ukash-Trojaner
    Log-Analyse und Auswertung - 04.08.2011 (1)
  14. BKA Trojaner Ukash
    Log-Analyse und Auswertung - 14.05.2011 (1)
  15. Ukash-BKA Trojaner
    Log-Analyse und Auswertung - 06.05.2011 (68)
  16. Ukash - BKA - Trojaner
    Log-Analyse und Auswertung - 02.05.2011 (25)
  17. BKA-Ukash-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (3)

Zum Thema GUV / Ukash Trojaner - Hallo, mich hat es heute auch erwischt. Sobald ich Verbindung zum Internet habe, blockt der infizierte Rechner auf das GUV Fenster (Ausschnitt siehe Anhang), dass mich zur Zahlung von 100 - GUV / Ukash Trojaner...
Archiv
Du betrachtest: GUV / Ukash Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.