Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.06.2010, 17:24   #1
sebbual
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Hi,
das ist mein erster Post hier, und zwar aus dem Grund, dass ich mir vor zwei Tagen höchstwahrscheinlich Malware über ICQ eingefangen habe. Seitdem öffnet sich sehr häufig der Internet Explorer selbstständig mit diverser Werbung. In einer Mischung aus Verzweiflung, Panik und Dummheit (...DAU...) habe ich versucht, irgendwelche mir unbekannten Dateien zu löschen. Erst danach konnte ich mich besinnen und bin auf der Suche nach Hilfe auf dieses Board gestoßen. Ich hoffe, dass ich dadurch nicht alles noch verschlimmert habe und ihr mir trotzdem noch helfen könnt.

1) CCleaner habe ich schon benutzt
2) Malwarebytes-Anti-Malware auch ausgeführt:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4217

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

20.06.2010 16:40:58
mbam-log-2010-06-20 (16-40-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 149998
Laufzeit: 19 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\UseR\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows firewall service (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Public\winscdnr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\Avr.exe (Trojan.FakeAlert) -> Delete on reboot.


3) RSIT (habe ein 32bit-System):
siehe Anhang


so, ich hoffe die ersten Schritte habe ich alle richtig befolgt und jetzt bleibt nur noch zu hoffen, dass mir jemand von euch helfen kann, ich wäre wirklich extrem dankbar dafür

Grüße,
sebbual
Angehängte Dateien
Dateityp: txt info.txt (24,2 KB, 763x aufgerufen)
Dateityp: txt log.txt (29,7 KB, 220x aufgerufen)

Alt 20.06.2010, 19:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 21.06.2010, 18:26   #3
sebbual
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4219

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.06.2010 01:35:40
mbam-log-2010-06-21 (01-35-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 362151
Laufzeit: 2 Stunde(n), 39 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15

Infizierte Speicherprozesse:
C:\Users\Public\winscrsn.exe (Trojan.Inject) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system updates (Trojan.Inject) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Public\winscrsn.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\0492.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\1989.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\3335.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\3596.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\3793.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\4583.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\5071.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\5144.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\5732.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\6046.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\7865.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\7874.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\7912.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\UseR\AppData\Local\Temp\8863.exe (Trojan.Inject) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
OTL logfile created on: 21.06.2010 18:15:10 - Run 1
OTL by OldTimer - Version 3.2.6.1     Folder = C:\Users\UseR\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 7.26 Gb Free Space | 6.52% Space Free | Partition Type: NTFS
Drive D: | 106.40 Gb Total Space | 28.56 Gb Free Space | 26.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: USER-PC
Current User Name: UseR
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\UseR\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
PRC - C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Users\UseR\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files\Winstep\WsxService.exe (Winstep Software Technologies)
PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\UseR\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (Winstep Xtreme Service) -- C:\Program Files\Winstep\WsxService.exe (Winstep Software Technologies)
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (wip0204) -- C:\Windows\System32\drivers\wip0204.sys (Wippien Software)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com/hxxp://www.google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.kleeblatt-forum.de/"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 8
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.08 16:35:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.18 17:13:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.21 20:51:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.18 17:13:08 | 000,000,000 | ---D | M]
 
[2008.06.19 15:30:43 | 000,000,000 | ---D | M] -- C:\Users\UseR\AppData\Roaming\mozilla\Extensions
[2010.06.20 23:01:39 | 000,000,000 | ---D | M] -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions
[2009.06.04 15:11:48 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.08.22 20:06:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.27 23:57:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.09.19 09:17:07 | 000,000,000 | ---D | M] (firefix) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{343CB0C5-DA79-42ea-8FC8-BBA1CFCD2829}
[2010.02.09 19:59:57 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2008.11.02 18:50:58 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009.07.25 13:33:21 | 000,000,000 | ---D | M] -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\askopensearch-VTS@ask.com
[2009.09.27 14:15:30 | 000,000,000 | ---D | M] -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\firefox@tvunetworks.com
[2010.02.09 20:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2010.02.09 20:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010.02.09 20:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2010.02.09 20:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UseR\AppData\Roaming\mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010.05.27 12:35:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.23 22:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.27 12:35:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.27 12:34:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.03.13 01:28:18 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.13 01:28:19 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.13 01:28:19 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.13 01:28:19 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.13 01:28:19 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.05.17 16:30:47 | 000,000,029 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Windows System Updates] C:\Users\Public\winscrsn.exe File not found
O4 - Startup: C:\Users\UseR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM.lnk = C:\Program Files\Miranda IM\miranda32.exe ( )
O4 - Startup: C:\Users\UseR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay =  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\UseR\Bluetooth Software\Pictures\ShirtFFSpring09KickBlack2.jpg
O24 - Desktop BackupWallPaper: C:\Users\UseR\Bluetooth Software\Pictures\ShirtFFSpring09KickBlack2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell - "" = AutoRun
O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell\AutoRun\command - "" = F:\S3\Autorun.exe -- File not found
O33 - MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\Shell - "" = AutoRun
O33 - MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8426f62e-05c2-11df-9363-913c67c5ad42}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.21 18:12:22 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\UseR\Desktop\OTL.exe
[2010.06.20 17:58:01 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\paul kalkbrenner
[2010.06.20 17:44:31 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\dub
[2010.06.20 15:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.20 15:57:41 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.19 20:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.06.19 20:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.06.19 20:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.06.19 18:21:30 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\Neuer Ordner
[2010.06.18 18:34:08 | 000,000,000 | ---D | C] -- C:\Users\UseR\AppData\Roaming\Malwarebytes
[2010.06.18 18:33:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.18 18:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.18 18:33:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.18 18:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.11 14:21:39 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\NobleM
[2010.06.11 13:22:00 | 000,000,000 | R--D | C] -- C:\Users\UseR\Desktop\Bratze - Kraft
[2010.06.09 14:03:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.09 13:30:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.09 13:30:40 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.09 13:30:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.09 13:30:36 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.09 13:30:36 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.09 13:30:36 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.06.09 13:30:35 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.09 13:30:35 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.09 13:30:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.06.09 13:30:35 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.06.09 13:30:35 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.09 13:30:35 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.06.09 13:30:35 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.09 13:30:35 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.09 13:30:27 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.06.09 13:30:24 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.06.08 18:20:32 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\The Dance Inc. - The Fighting
[2010.06.08 15:46:00 | 000,000,000 | ---D | C] -- C:\Users\UseR\Documents\u
[2010.06.06 15:47:25 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\chewychocolatecookies
[2010.05.27 12:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.05.27 12:35:39 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.05.27 12:35:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.05.27 12:35:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.05.27 12:35:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.05.26 10:32:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.23 14:48:48 | 000,000,000 | ---D | C] -- C:\Users\UseR\Desktop\Radical Hype
[2010.05.23 12:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Graffiti Studio 2.0
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.21 18:16:42 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.21 18:16:42 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.21 18:16:42 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.21 18:16:42 | 000,122,648 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.21 18:16:42 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.21 18:14:29 | 003,670,016 | ---- | M] () -- C:\Users\UseR\NTUSER.DAT
[2010.06.21 18:12:56 | 000,048,992 | ---- | M] () -- C:\Users\UseR\AppData\Roaming\nvModes.001
[2010.06.21 18:12:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\UseR\Desktop\OTL.exe
[2010.06.21 18:10:28 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.21 18:10:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.06.21 18:10:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.21 18:10:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.21 18:10:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.21 18:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.21 18:10:06 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.21 17:50:39 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.21 17:00:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.21 01:36:43 | 000,524,288 | -HS- | M] () -- C:\Users\UseR\NTUSER.DAT{c60c19a7-b3d6-11de-abb7-001e4cd61bea}.TMContainer00000000000000000001.regtrans-ms
[2010.06.21 01:36:43 | 000,065,536 | -HS- | M] () -- C:\Users\UseR\NTUSER.DAT{c60c19a7-b3d6-11de-abb7-001e4cd61bea}.TM.blf
[2010.06.21 01:36:30 | 003,317,355 | -H-- | M] () -- C:\Users\UseR\AppData\Local\IconCache.db
[2010.06.20 18:38:37 | 000,002,721 | ---- | M] () -- C:\Users\UseR\.recently-used.xbel
[2010.06.20 18:34:30 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CB0668D-0C3B-4AA0-9AF4-ADEA5698541B}.job
[2010.06.20 15:01:44 | 000,165,376 | ---- | M] () -- C:\Windows\Anozua.exe
[2010.06.20 14:34:00 | 000,042,178 | ---- | M] () -- C:\Users\UseR\Desktop\601_0.JPG
[2010.06.19 22:18:31 | 000,000,256 | ---- | M] () -- C:\Windows\wininit.ini
[2010.06.19 21:14:54 | 007,970,885 | ---- | M] () -- C:\Users\UseR\Sven_Bomwollen.rar
[2010.06.10 23:48:14 | 000,000,787 | ---- | M] () -- C:\Users\UseR\Desktop\Miranda IM.lnk
[2010.06.10 23:46:01 | 000,074,240 | ---- | M] () -- C:\Users\UseR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.10 17:51:38 | 000,318,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.28 18:16:48 | 000,048,992 | ---- | M] () -- C:\Users\UseR\AppData\Roaming\nvModes.dat
[2010.05.28 12:29:58 | 000,008,997 | ---- | M] () -- C:\Users\UseR\Desktop\medionmobile.odt
[2010.05.27 12:34:33 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.05.27 12:34:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.05.27 12:34:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.05.27 12:34:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.05.26 18:16:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.26 16:25:15 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.23 12:05:33 | 000,000,024 | ---- | M] () -- C:\Windows\AM_D8.PRF
 
========== Files Created - No Company Name ==========
 
[2010.06.20 18:38:37 | 000,002,721 | ---- | C] () -- C:\Users\UseR\.recently-used.xbel
[2010.06.20 15:02:20 | 000,165,376 | ---- | C] () -- C:\Windows\Anozua.exe
[2010.06.20 14:27:03 | 000,042,178 | ---- | C] () -- C:\Users\UseR\Desktop\601_0.JPG
[2010.06.19 21:32:44 | 000,000,256 | ---- | C] () -- C:\Windows\wininit.ini
[2010.05.29 08:01:30 | 000,000,787 | ---- | C] () -- C:\Users\UseR\Desktop\Miranda IM.lnk
[2010.05.28 12:29:55 | 000,008,997 | ---- | C] () -- C:\Users\UseR\Desktop\medionmobile.odt
[2010.05.23 12:05:33 | 000,000,024 | ---- | C] () -- C:\Windows\AM_D8.PRF
[2010.01.20 16:05:44 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.05.05 17:07:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.01.05 13:20:14 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.09.24 15:22:33 | 000,000,044 | ---- | C] () -- C:\Windows\odbcddp.ini
[2008.09.24 14:45:05 | 000,001,511 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.09.24 14:44:25 | 000,000,145 | ---- | C] () -- C:\Windows\KLETT.INI
[2008.07.28 14:00:37 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.06.17 17:14:40 | 000,000,675 | ---- | C] () -- C:\Windows\HAMMER.INI
[2008.06.09 20:48:43 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI
[2008.04.30 18:19:07 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.04.30 18:19:07 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.04.30 18:14:52 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.03.02 02:52:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.03.02 02:52:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.03.02 02:07:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.03.02 02:02:44 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.03.01 17:37:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.11.20 16:24:52 | 000,159,744 | ---- | C] () -- C:\Windows\gdf.dll
[2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.04.24 18:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FEBEC560
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 21.06.2010 18:15:10 - Run 1
OTL by OldTimer - Version 3.2.6.1     Folder = C:\Users\UseR\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 7.26 Gb Free Space | 6.52% Space Free | Partition Type: NTFS
Drive D: | 106.40 Gb Total Space | 28.56 Gb Free Space | 26.84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: USER-PC
Current User Name: UseR
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Users\UseR\Downloads\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\UseR\Downloads\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C35374A-FAA1-4C93-B257-4DC2E9C7469B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3D5F351A-0265-4529-82D3-166EF394C09A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5514CC37-1D90-4B8A-8B5F-14ED59D7DC10}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{93357A75-1E24-4B6A-B099-87A597329153}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9AC722CA-2806-4003-98BD-03F7E9247355}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9221726-B65F-47E9-A367-F25AEF92EEE3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DD53168F-706B-428D-AD30-64CFB697ACAF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DDD86073-21E3-42B4-A23B-CBB92497B784}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FF32B348-BE63-4857-90E6-EC3ED586DA7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0293BA5B-0BB3-4B7C-97DC-0FC5A0740014}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{0297915E-2996-4EE1-8B7E-905428ECA199}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{05A5ECA6-6092-4BBC-85CE-6BDA5F758282}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{09256CFE-A0A7-4FA6-87C1-CCD9F07EA8D9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{0E92EB7A-9CA0-4CDC-936B-63D3BAE681E2}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe | 
"{1CB58AD0-103A-46C7-B049-856E172D71D6}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{1DBC5960-E110-4A86-9087-83212E9BF2EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2345779B-58C8-4576-88DC-EF52EA22D48C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{27905E4E-1316-49A6-A2E6-A1147FE2AE96}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{29DAE8CE-1904-470A-B951-95BB60E8FDB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E9828C7-C09A-4F91-A30C-2D90003257D3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{2EB929B5-CEF2-4BE6-BD52-F7F047B9FB53}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{34D8FC82-E8C8-4CCD-B2AC-4CCD7B972BD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{37943B51-2FA8-44C9-9828-15697579F9A0}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{3CE6014B-D830-483A-9803-ACE5B70FACB3}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{412BC7EB-6986-4C55-A238-17E0DE2A66FC}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{44C5A4DA-A7DF-409A-BF75-44950D867499}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4EEC58DF-F90D-40E5-B15F-8EF49A3B4D67}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{52198524-6C1A-473E-ADA9-4C9BD05B49FA}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{55A8975D-44C3-49D3-A751-E2690A05C8CB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6AF76C7F-A502-415B-8B37-2FCF17B4DBEE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{6F2108F8-BEC7-46F8-AF6F-44AD70AF3DC5}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{703BD8C6-78CE-462B-BE5A-136EFC1AEAD1}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{7205D839-C4E1-4B05-9132-021B3ADD91C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{78C4359D-458A-4615-832F-CEE3F725847E}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{79675A6A-0A15-4E09-A213-FF6A561DA062}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{7B8E3539-60D1-4671-9736-41489579324F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{7E53915A-D0C2-486F-AEDC-29D62C7F7C6C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{7F848D6C-5AE2-47A4-B7DB-ACFC1786DDDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{816A277F-51A8-49C7-9676-8E2C049645AA}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{8344E125-7EB8-44C0-B102-E1504769857F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{907BF8A8-5D4C-46AF-AC28-6858B79E75E9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{97738E25-FAA4-4DA6-ADA6-26C5591F2905}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{97FA0EA2-D0B4-4602-8054-B73D03F12859}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{9A7A195D-33C4-4022-9A9F-F355D96EB9F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C8C0801-C4B6-4C15-80E5-6F5ACF0CEC6A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{A94B8AFF-906A-4F30-BF87-D3DA7B818BE6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{B12429AA-5C94-4188-AEB3-51EA15EBD31A}" = protocol=6 | dir=out | app=system | 
"{B73B0C36-F8D9-4285-B49E-2B8EBF6E34E9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BAA54BE4-50A0-4E6C-9913-D0921989AA9B}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe | 
"{BABCBCCC-6F9B-4C87-9D17-4BF35F366D47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C5B1D504-305D-4717-B9B7-67780601AE61}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{D26299D5-10A1-4C5E-A45D-FFAD412997FA}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{DC94DC8C-D4C1-47F7-AE16-A7F87A1C5192}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{EA61ACBE-71FF-466A-B779-DC435280A5E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FDA51519-8BA7-4E32-848B-0E3F754DAAAC}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{FE56BF29-494F-4563-ACFA-CD8A0D7ACB10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{0026D7AE-1A50-4291-BF72-84213786D515}C:\users\user\saved games\cs\hl.exe" = protocol=6 | dir=in | app=c:\users\user\saved games\cs\hl.exe | 
"TCP Query User{0136F24A-4C21-4872-93E9-4C14521D5CC9}C:\program files\vgnoffline2010\programme\efaserver.exe" = protocol=6 | dir=in | app=c:\program files\vgnoffline2010\programme\efaserver.exe | 
"TCP Query User{12504714-F9C4-4D8C-A5B2-C9109FFDD835}C:\program files\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files\empire interactive\flatout2\flatout2.exe | 
"TCP Query User{1CD4B219-8D91-4B1E-892F-BFBA313C170B}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{49A3472F-A158-4C61-A19B-AB675101EEAA}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{6A9FCFB5-4A42-472E-8EC7-2B93917DA372}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{919DEF82-1436-4366-9B9E-71D2E77DE0E9}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{93654DF3-FC41-485E-9120-8E44EFBD8E05}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{97F3832A-9028-4824-9047-0F0E56C285AC}C:\program files\team17 software ltd\wormsfortsdemo\wf.exe" = protocol=6 | dir=in | app=c:\program files\team17 software ltd\wormsfortsdemo\wf.exe | 
"TCP Query User{A092A5CD-7BA5-4052-A80C-BDB88B29EFCF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{A6E18FA4-08BD-4A0A-8C05-D86D7882455B}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{A898F146-005F-430B-BE8D-F2841EB0C41D}E:\cs\hl.exe" = protocol=6 | dir=in | app=e:\cs\hl.exe | 
"TCP Query User{B55BBF7C-269E-4F0F-BB96-6C11EC73FB86}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"TCP Query User{BED5E7EE-D0E7-443B-AA5B-CEA0DA44CB72}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{C8EC6BA7-D77C-4A1E-9B22-76811696A05E}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{D776B933-7B24-4E66-B7B0-06D21C56B77A}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{E76781C3-A0FE-4D55-906C-FA3A9FAE777D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{F12FFA0C-C921-4C0D-8798-301BF0DB59C6}C:\program files\java\jre1.6.0_06\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\java.exe | 
"TCP Query User{F2E873ED-CC93-41F6-BDD7-2FDBA64192A9}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{F5E35949-2647-4934-8576-8D9AA427036C}D:\bluebyte\siedler3\s3.exe" = protocol=6 | dir=in | app=d:\bluebyte\siedler3\s3.exe | 
"UDP Query User{02447EF8-D49E-49B3-A1F5-A28B381DFCBE}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{0258DE60-8F26-4AC3-9FF8-F5F76B495656}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{05A2AEC7-A5DD-4199-B8E1-465B59786F93}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{18477687-6AF2-4C29-9F85-4D27AB9A225E}C:\program files\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files\empire interactive\flatout2\flatout2.exe | 
"UDP Query User{28376379-0AA4-4A03-B521-FE7CE03B2CB1}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{2B07C1C0-0F0F-4213-A03F-ACD16AC8B0B0}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{828E67E7-DBC5-49E0-B957-F279EDD7EB6D}C:\program files\java\jre1.6.0_06\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\java.exe | 
"UDP Query User{8F46B48B-DD6B-4E66-A934-C9EE9279571A}C:\program files\java\jre1.6.0_06\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_06\bin\javaw.exe | 
"UDP Query User{9FE5DFDD-B418-4673-90DB-992939733DFA}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{B44DE2E0-408E-400C-9445-2193487275BF}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{BD7B9EEC-4432-4051-899F-1401D50F0EDC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{C03C06C2-D811-43B9-A3F8-57D90D0D4AF9}E:\cs\hl.exe" = protocol=17 | dir=in | app=e:\cs\hl.exe | 
"UDP Query User{CAFF130D-ED33-4E38-BBEB-0828C61DA5E2}C:\program files\team17 software ltd\wormsfortsdemo\wf.exe" = protocol=17 | dir=in | app=c:\program files\team17 software ltd\wormsfortsdemo\wf.exe | 
"UDP Query User{CBC5A18C-40C4-4A5F-8BB1-B99A43DC3A6A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{D2552630-0DBE-4A16-8396-6951F0D3BD23}D:\bluebyte\siedler3\s3.exe" = protocol=17 | dir=in | app=d:\bluebyte\siedler3\s3.exe | 
"UDP Query User{E1DE2B84-10E9-46D6-95C3-5CD210DB17BF}C:\users\user\saved games\cs\hl.exe" = protocol=17 | dir=in | app=c:\users\user\saved games\cs\hl.exe | 
"UDP Query User{E45A4025-897E-498A-AE6E-F9CAF7DF2E3B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{EE300EE4-FC65-44D3-A628-3832501C2358}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{EF083C19-A85D-45C8-BBAF-B1E6544CD7F6}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{F4A7AD58-35A3-45F5-ADAC-9C4C4F6C793E}C:\program files\vgnoffline2010\programme\efaserver.exe" = protocol=17 | dir=in | app=c:\program files\vgnoffline2010\programme\efaserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{49F2D7DE-0EEE-4411-8283-16BAAECF2079}" = Media Manager for WALKMAN 1.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92C72ECF-B4BE-11D4-82B0-00A0C936A230}" = Dave Mirra Freestyle BMX
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"1A5A977E511ED61600002E176F048ED6FCBD8560" = Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass  (12/18/2007 5.0.0004.6)
"Acer Acer Bio Protection 6.0.00.08" = Acer Bio Protection

AAV 6.0.00.08
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AssaultCube_v1.0" = AssaultCube v1.0
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"FFOLKES Unlocks123 mod v1.4.1" = FFOLKES Unlocks123 mod v1.4.1
"Free Studio_is1" = Free Studio version 4.3
"Goldfinger 4" = Goldfinger 4
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"GridVista" = Acer GridVista
"IconPackager" = IconPackager
"ICQToolbar" = ICQ Toolbar
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.25
"Motocross Madness 2" = Microsoft Motocross Madness 2
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"PokerTH 0.6.2" = PokerTH
"PokerTH 0.6.3" = PokerTH
"RocketDock_is1" = RocketDock 1.3.5
"RollerCoaster Tycoon Setup" = Roll
"S3" = Die Siedler III Gold Edition
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative Systeminformationen
"TmNationsForever_is1" = TmNationsForever
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"Winstep Xtreme_is1" = Winstep Xtreme 8.5
"XMoto" = X-Moto
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.06.2010 14:51:57 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.06.2010 14:51:57 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.06.2010 16:56:24 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.06.2010 16:56:25 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.06.2010 16:56:34 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.06.2010 07:54:47 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.06.2010 07:54:47 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.06.2010 09:43:12 | Computer Name = UseR-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 21.06.2010 12:10:32 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.06.2010 12:10:32 | Computer Name = UseR-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 20.06.2010 14:51:52 | Computer Name = UseR-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 20.06.2010 19:37:14 | Computer Name = UseR-PC | Source = Service Control Manager | ID = 7043
Description = 
 
Error - 21.06.2010 07:54:07 | Computer Name = UseR-PC | Source = Application Popup | ID = 875
Description = Treiber sfvfs02.sys konnte nicht geladen werden.
 
Error - 21.06.2010 07:54:07 | Computer Name = UseR-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 21.06.2010 07:54:29 | Computer Name = UseR-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 21.06.2010 07:54:41 | Computer Name = UseR-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 21.06.2010 12:09:51 | Computer Name = UseR-PC | Source = Application Popup | ID = 875
Description = Treiber sfvfs02.sys konnte nicht geladen werden.
 
Error - 21.06.2010 12:09:51 | Computer Name = UseR-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 21.06.2010 12:10:15 | Computer Name = UseR-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 21.06.2010 12:10:26 | Computer Name = UseR-PC | Source = Service Control Manager | ID = 7026
Description = 
 
[ TuneUp Events ]
Error - 08.02.2009 14:09:02 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 08.02.2009 14:09:32 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.02.2009 15:04:53 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.02.2009 15:05:03 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.02.2009 15:05:39 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.02.2009 15:05:44 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.02.2009 15:07:15 | Computer Name = UseR-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >
         
__________________

Alt 24.06.2010, 20:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Windows System Updates] C:\Users\Public\winscrsn.exe File not found
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell - "" = AutoRun
O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell\AutoRun\command - "" = F:\S3\Autorun.exe -- File not found
O33 - MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\Shell - "" = AutoRun
O33 - MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8426f62e-05c2-11df-9363-913c67c5ad42}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
[2010.06.20 15:02:20 | 000,165,376 | ---- | C] () -- C:\Windows\Anozua.exe
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.


Danach brauch ich den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.06.2010, 21:11   #5
sebbual
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Updates deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Winamp Search\ deleted successfully.
C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ not found.
File F:\S3\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c22b373-083a-11de-b87d-001e4cd61bea}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c22b373-083a-11de-b87d-001e4cd61bea}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c22b373-083a-11de-b87d-001e4cd61bea}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8426f62e-05c2-11df-9363-913c67c5ad42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8426f62e-05c2-11df-9363-913c67c5ad42}\ not found.
File G:\Menu.exe not found.
File C:\Windows\Anozua.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gast
->Temp folder emptied: 2564018 bytes
->Temporary Internet Files folder emptied: 27849478 bytes
->Java cache emptied: 12 bytes
->FireFox cache emptied: 4433755 bytes
->Opera cache emptied: 343405 bytes
->Flash cache emptied: 3515 bytes
 
User: Max.UseR-PC
->Temp folder emptied: 899687646 bytes
->Temporary Internet Files folder emptied: 58812057 bytes
->Java cache emptied: 2139590 bytes
->FireFox cache emptied: 87205267 bytes
->Flash cache emptied: 173984 bytes
 
User: MAX~1~USE
->Temp folder emptied: 0 bytes
 
User: Public
 
User: UseR
->Temp folder emptied: 18165300 bytes
->Temporary Internet Files folder emptied: 28002839 bytes
->Java cache emptied: 2683987 bytes
->FireFox cache emptied: 36244254 bytes
->Google Chrome cache emptied: 7654850 bytes
->Opera cache emptied: 669454 bytes
->Flash cache emptied: 18105 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42106 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.122.00 mb
 
 
OTL by OldTimer - Version 3.2.6.1 log created on 06242010_205308

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Das ist schonmal das OTL Logfile
Ich habe gerade etwas Probleme beim zippen des OTL-Ordners, da kommen bei mir immer die Meldungen "Konnte _OTL.rar nicht erstellen" und "Zugriff verweigert", was mache ich falsch?


Alt 24.06.2010, 21:23   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Zitat:
"Konnte _OTL.rar nicht erstellen" und "Zugriff verweigert", was mache ich falsch?
Virenscanner deaktiviert?!!
__________________
--> wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig

Alt 24.06.2010, 21:28   #7
sebbual
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Zitat:
Zitat von cosinus Beitrag anzeigen
Virenscanner deaktiviert?!!
den Avira AntiVir Guard habe ich vorher deaktiviert

Alt 24.06.2010, 21:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Hm ok, dann lass es erstmal sein. Die Dateien, auf die ich scharf war, existierten zum zeitpunkt des Fixens eh nicht mehr

Mach bitte nun einen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.06.2010, 22:49   #9
sebbual
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Also ich weiß auch nicht was jetzt los ist: ich habe alle Anweisungen genau befolgt (ComboFix heruntergeladen, umbenannt, CCleaner, alle Programme aus, cofi.exe gestartet, Warnmeldungen bestätigt), dann als cofi.exe lief hab ich den PC verlassen (um WM zu schauen;-) ), aber als ich wiederkam, hatte der PC anscheinend neugestartet und es erschien dieser screen mit "Windows konnte nicht erfolgreich heruntergefahren werden" (oder so ähnlich, halt dieser wo man entscheiden kann zwischen Abgesichertem Modus und Normal starten usw.), und beim Starten erschien auch keine ComboFix-Textdatei. Da muss ja irgendetwas falsch gelaufen sein, oder?

Alt 25.06.2010, 10:11   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Probier es bitte nochmal.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.06.2010, 12:50   #11
sebbual
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Jetzt hat es geklappt...
Code:
ATTFilter
ComboFix 10-06-24.03 - UseR 25.06.2010  16:00:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3069.1941 [GMT 2:00]
ausgeführt von:: c:\users\UseR\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-25 bis 2010-06-25  ))))))))))))))))))))))))))))))
.

2010-06-25 14:12 . 2010-06-25 14:13	--------	d-----w-	c:\users\UseR\AppData\Local\temp
2010-06-25 14:12 . 2010-06-25 14:12	--------	d-----w-	c:\users\MAX~1~USE\AppData\Local\temp
2010-06-25 14:12 . 2010-06-25 14:12	--------	d-----w-	c:\users\Max.UseR-PC\AppData\Local\temp
2010-06-25 14:12 . 2010-06-25 14:12	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2010-06-25 14:12 . 2010-06-25 14:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-06-24 18:53 . 2010-06-24 18:53	--------	d-----w-	C:\_OTL
2010-06-24 14:52 . 2010-06-24 14:52	--------	d-----w-	c:\program files\Zattoo4
2010-06-23 12:14 . 2010-04-14 17:47	293376	----a-w-	c:\windows\system32\psisdecd.dll
2010-06-23 12:14 . 2010-04-14 17:46	428544	----a-w-	c:\windows\system32\EncDec.dll
2010-06-23 12:13 . 2009-11-08 08:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-06-23 12:13 . 2009-11-08 08:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-06-23 12:13 . 2009-11-08 08:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-06-23 12:13 . 2009-11-08 08:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-06-23 12:13 . 2009-11-08 08:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-06-23 10:27 . 2010-04-16 16:05	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-06-23 10:27 . 2010-04-16 14:17	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-20 13:57 . 2010-06-20 14:47	--------	d-----w-	c:\program files\trend micro
2010-06-20 13:57 . 2010-06-20 13:58	--------	d-----w-	C:\rsit
2010-06-19 18:26 . 2010-06-19 18:26	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2010-06-19 18:16 . 2010-06-20 14:16	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-06-19 18:16 . 2010-06-24 18:53	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-06-18 16:34 . 2010-06-18 16:34	--------	d-----w-	c:\users\UseR\AppData\Roaming\Malwarebytes
2010-06-18 16:33 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-18 16:33 . 2010-06-18 16:33	--------	d-----w-	c:\programdata\Malwarebytes
2010-06-18 16:33 . 2010-06-18 16:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-06-18 16:33 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-06-15 19:33 . 2010-06-15 19:33	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-07 17:49 . 2010-06-07 17:49	--------	d-----w-	c:\users\Max.UseR-PC\AppData\Roaming\IrfanView
2010-05-27 10:35 . 2010-05-27 10:34	411368	----a-w-	c:\windows\system32\deployJava1.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 13:51 . 2006-11-02 15:33	618442	----a-w-	c:\windows\system32\perfh007.dat
2010-06-25 13:51 . 2006-11-02 15:33	122648	----a-w-	c:\windows\system32\perfc007.dat
2010-06-25 13:44 . 2008-05-13 16:39	836	----a-w-	c:\windows\bthservsdp.dat
2010-06-25 13:22 . 2009-01-19 19:14	--------	d-----w-	c:\users\Max.UseR-PC\AppData\Roaming\ICQ
2010-06-25 11:04 . 2009-01-20 14:52	48825	----a-w-	c:\users\Max.UseR-PC\AppData\Roaming\nvModes.dat
2010-06-24 18:41 . 2009-01-21 13:18	--------	d-----w-	c:\users\Max.UseR-PC\AppData\Roaming\Skype
2010-06-24 18:13 . 2009-01-21 13:18	--------	d-----w-	c:\users\Max.UseR-PC\AppData\Roaming\skypePM
2010-06-19 18:03 . 2009-03-30 15:57	--------	d-----w-	c:\users\UseR\AppData\Roaming\Skype
2010-06-19 18:02 . 2008-05-17 11:58	--------	d-----w-	c:\users\UseR\AppData\Roaming\ICQ
2010-06-19 16:24 . 2009-03-30 15:58	--------	d-----w-	c:\users\UseR\AppData\Roaming\skypePM
2010-06-18 15:48 . 2008-03-02 00:02	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-06-18 15:12 . 2008-05-24 14:57	--------	d-----w-	c:\program files\Common Files\Adobe
2010-06-17 21:06 . 2010-01-04 11:59	1	----a-w-	c:\users\UseR\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-17 18:36 . 2010-01-13 14:03	1	----a-w-	c:\users\Max.UseR-PC\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-10 14:43 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-06-09 13:43 . 2009-01-23 14:20	--------	d-----w-	c:\users\Max.UseR-PC\AppData\Roaming\Winamp
2010-06-09 11:59 . 2010-01-23 20:13	--------	d-----w-	c:\program files\ICQ7.0
2010-06-08 14:36 . 2008-05-17 12:27	--------	d-----w-	c:\program files\Winamp
2010-05-28 16:16 . 2008-05-14 19:50	48992	----a-w-	c:\users\UseR\AppData\Roaming\nvModes.dat
2010-05-27 10:36 . 2008-05-23 14:44	--------	d-----w-	c:\program files\Common Files\Java
2010-05-27 10:34 . 2008-05-23 14:44	--------	d-----w-	c:\program files\Java
2010-05-26 16:16 . 2010-06-09 11:30	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-09 11:30	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-25 08:12 . 2010-05-25 08:12	7680	----a-w-	c:\users\UseR\AppData\Roaming\Trillian\languages\de\talk.dll
2010-05-25 08:12 . 2010-05-25 08:12	7168	----a-w-	c:\users\UseR\AppData\Roaming\Trillian\languages\de\events.dll
2010-05-25 08:12 . 2010-05-25 08:12	2048	----a-w-	c:\users\UseR\AppData\Roaming\Trillian\languages\de\toolkit.dll
2010-05-25 08:12 . 2010-05-25 08:12	10240	----a-w-	c:\users\UseR\AppData\Roaming\Trillian\languages\de\buddy.dll
2010-05-23 10:05 . 2010-05-23 10:05	--------	d-----w-	c:\program files\Graffiti Studio 2.0
2010-05-21 12:14 . 2009-10-03 13:39	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-19 14:28 . 2010-05-19 14:28	54101	----a-w-	c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-19 14:28 . 2010-05-19 14:28	57409	----a-w-	c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-19 14:28 . 2010-05-19 14:28	52963	----a-w-	c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-19 14:28 . 2010-05-19 14:28	54073	----a-w-	c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-19 14:28 . 2010-05-19 14:28	56969	----a-w-	c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-05-19 14:28 . 2009-04-15 14:22	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-05-19 14:26 . 2010-05-19 14:29	754984	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-05-19 14:26 . 2010-05-19 14:29	1180952	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-13 11:49 . 2008-05-26 15:42	--------	d-----w-	c:\program files\Google
2010-05-07 14:27 . 2010-05-07 14:27	68256	----a-w-	c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.0.232\German\setup.exe
2010-05-04 18:42 . 2010-06-09 11:30	833024	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-09 11:30	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-05-04 16:53 . 2010-06-09 11:30	26624	----a-w-	c:\windows\system32\ieUnatt.exe
2010-05-01 19:03 . 2009-02-26 19:18	--------	d-----w-	c:\users\Max.UseR-PC\AppData\Roaming\dvdcss
2010-05-01 13:53 . 2010-06-09 11:30	2036224	----a-w-	c:\windows\system32\win32k.sys
2010-04-30 14:56 . 2010-04-24 10:08	--------	d-----w-	c:\users\UseR\AppData\Roaming\gtk-2.0
2010-04-30 14:18 . 2010-04-30 14:18	--------	d-----w-	c:\program files\PhotoScape
2010-04-30 14:17 . 2010-04-30 14:17	--------	d-----w-	c:\users\UseR\AppData\Roaming\IrfanView
2010-04-30 14:17 . 2010-04-30 14:17	--------	d-----w-	c:\program files\IrfanView
2010-04-24 17:26 . 2008-06-01 14:31	77544	----a-w-	c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-23 13:55 . 2010-05-26 08:32	2048	----a-w-	c:\windows\system32\tzres.dll
2010-04-23 09:22 . 2008-05-23 15:41	680	----a-w-	c:\users\UseR\AppData\Local\d3d9caps.dat
2010-04-16 16:10 . 2010-06-09 11:30	1314816	----a-w-	c:\windows\system32\quartz.dll
2010-04-16 16:05 . 2010-06-23 10:27	459776	----a-w-	c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:05 . 2010-06-23 10:27	173056	----a-w-	c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:05 . 2010-06-23 10:27	2153984	----a-w-	c:\windows\AppPatch\AcGenral.dll
2010-04-16 16:05 . 2010-06-23 10:27	541696	----a-w-	c:\windows\AppPatch\AcLayers.dll
2010-04-05 16:07 . 2010-06-09 11:30	67072	----a-w-	c:\windows\system32\asycfilt.dll
2010-03-31 01:58 . 2008-05-17 12:27	133616	------w-	c:\windows\system32\pxafs.dll
.

------- Sigcheck -------

[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
[-] 2008-07-08 . 534B3525C497688ABE3C7FFE7D7DC5ED . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-02-03 21:14	39472	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 4939776]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-03 523312]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-02-06 589824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-04-30 3642368]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-02-13 805384]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-04 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-04 8534560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-04-30 16:14	3024384	----a-w-	c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^UseR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Miranda IM.lnk]
path=c:\users\UseR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Miranda IM.lnk
backup=c:\windows\pss\Miranda IM.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08	209153	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46	1135912	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware  (reboot)]
2010-04-29 13:39	1090952	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
2007-09-02 11:58	495616	----a-w-	c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"CTCheck"=c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe"
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-05 717296]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-02-22 80784]
R3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\DRIVERS\wip0204.sys [2008-12-30 23480]
R3 zlportio;zlportio;c:\users\UseR\Saved Games\UltraStar Deluxe\zlportio.sys [x]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-04-30 43184]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-01-29 41456]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-02-14 24576]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-02-15 595248]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-02-15 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:49]

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 11:49]

2010-06-25 c:\windows\Tasks\User_Feed_Synchronization-{4CB0668D-0C3B-4AA0-9AF4-ADEA5698541B}.job
- c:\windows\system32\msfeedssync.exe [2008-06-17 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.intl.acer.yahoo.com
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\UseR\AppData\Roaming\Mozilla\Firefox\Profiles\xhlvsqb8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.kleeblatt-forum.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: c:\users\UseR\AppData\Roaming\Mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\users\UseR\AppData\Roaming\Mozilla\Firefox\Profiles\xhlvsqb8.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: general.useragent.extra.zencast - c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-BitTorrent DNA - c:\users\UseR\Program Files\DNA\btdna.exe
AddRemove-Winamp Detect - g:\winamp detect\UninstWaDetect.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-25 16:13
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1052262869-3660729671-1865004345-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:63,5a,75,f1,98,7d,2a,ed,74,0d,79,65,d3,41,00,78,5f,5e,ea,1c,6c,0a,17,
   76,ec,0f,83,eb,18,66,c0,5b,ec,d5,5c,45,1f,75,27,03,7e,36,07,8a,a5,46,fb,73,\
"??"=hex:5f,7b,9c,cd,ad,23,34,98,d3,59,d4,2c,fe,6c,26,db

[HKEY_USERS\S-1-5-21-1052262869-3660729671-1865004345-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,43,53,d7,2d,4e,9d,ba,6a,98,3a,21,79,9e,01,89,db,9b,48,d5,7c,
   fb,85,be,c1,24,e2,4c,83,46,53,98,e0,1b,72,c6,0e,83,3c,27,2c,3d,f9,53,32,bb,\
"rkeysecu"=hex:89,02,16,cf,72,14,c1,72,e5,e7,04,b1,4a,95,a4,15

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(1768)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2010-06-25  16:20:10
ComboFix-quarantined-files.txt  2010-06-25 14:19

Vor Suchlauf: 14 Verzeichnis(se), 10.198.544.384 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 10.141.466.624 Bytes frei

- - End Of File - - 9D2C5025A762957BD2A701B85C04725C
         

Alt 26.06.2010, 13:25   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Dann probier jetzt mal Logs mit GMER und OSAM zu erstellen. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Geändert von cosinus (26.06.2010 um 13:31 Uhr)

Alt 26.06.2010, 14:51   #13
sebbual
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-26 14:21:46
Windows 6.0.6001 Service Pack 1
Running: 8lnbnbjx.exe; Driver: C:\Users\UseR\AppData\Local\Temp\kgtdapob.sys


---- System - GMER 1.0.15 ----

SSDT            9FBB9284                                                                                                             ZwCreateThread
SSDT            9FBB9270                                                                                                             ZwOpenProcess
SSDT            9FBB9275                                                                                                             ZwOpenThread
SSDT            9FBB927F                                                                                                             ZwTerminateProcess

INT 0x52        ?                                                                                                                    88408F00
INT 0x62        ?                                                                                                                    85759BF8
INT 0x72        ?                                                                                                                    85759BF8
INT 0x82        ?                                                                                                                    8575DBF8
INT 0x92        ?                                                                                                                    88408F00
INT 0xA3        ?                                                                                                                    88408F00
INT 0xB2        ?                                                                                                                    88408F00

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                                      82EECB18 4 Bytes  [84, 92, BB, 9F]
.text           ntkrnlpa.exe!KeSetTimerEx + 624                                                                                      82EECCE8 4 Bytes  [70, 92, BB, 9F]
.text           ntkrnlpa.exe!KeSetTimerEx + 640                                                                                      82EECD04 4 Bytes  [75, 92, BB, 9F]
.text           ntkrnlpa.exe!KeSetTimerEx + 854                                                                                      82EECF18 4 Bytes  [7F, 92, BB, 9F]
?               System32\Drivers\spoh.sys                                                                                            Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                             section is writeable [0x8F607340, 0x3A08F7, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                900F146F 5 Bytes  JMP 884084E0
.text           ak3pesrb.SYS                                                                                                         9055D004 11 Bytes  [88, 87, 7A, 48, 00, 00, 00, ...]
.text           ak3pesrb.SYS                                                                                                         9055D010 1 Byte  [25]
.text           ak3pesrb.SYS                                                                                                         9055D010 6 Bytes  [25, 00, 00, 00, 20, 18]
.text           ak3pesrb.SYS                                                                                                         9055D017 3 Bytes  [00, 20, 0E] {ADD [EAX], AH; PUSH CS}
.text           ak3pesrb.SYS                                                                                                         9055D01C 69 Bytes  [00, 00, 00, 00, 00, 00, 01, ...]
.text           ...                                                                                                                  
                C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                entry point in "" section [0xA3A25000]
.clc            C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                unknown last section [0xA3A26000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[1928] SHELL32.dll!InitNetworkAddressControl + 2939                                           765C0064 4 Bytes  [F0, 1F, 00, 10]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                            [806996D2] \SystemRoot\System32\Drivers\spoh.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                             [80699040] \SystemRoot\System32\Drivers\spoh.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                     [806997FC] \SystemRoot\System32\Drivers\spoh.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                            [806990BE] \SystemRoot\System32\Drivers\spoh.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                      [8069913C] \SystemRoot\System32\Drivers\spoh.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [806A9048] \SystemRoot\System32\Drivers\spoh.sys
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortNotification]                                           488D3675
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortWritePortUchar]                                         F0F28B40
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortWritePortUlong]                                         3331C10F
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                     8480C7C9
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                          DE000000
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                   899055EF
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortReadPortUchar]                                          00008880
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortStallExecution]                                         8C888900
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortGetParentBusType]                                       89000000
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortRequestCallback]                                        00009088
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                  7CC08300
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                   89515052
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortCompleteRequest]                                        10A6E808
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortMoveMemory]                                             06EB0002
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                              FE3AE850
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                 5D5EFFFF
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                   CC0004C2
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortReadPortUshort]                                         51EC8B55
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                   00FC6583
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortInitialize]                                             20BB5653
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortGetDeviceBase]                                          5790583F
IAT             \SystemRoot\System32\Drivers\ak3pesrb.SYS[ataport.SYS!AtaPortDeviceStateChange]                                      583FB0BE

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                [73EE88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                 [73F298A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                             [73EEB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                       [73EDFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                 [73EE7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                              [73EDEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                  [73F1B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                     [73EEBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                             [73EE074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                              [73EE06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                               [73ED71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                       [73F6D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                          [73F07379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                             [73EDE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                       [73ED697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                      [73ED69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                         [73EE2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                          [10002300] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]              [10001B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                        [10002690] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT             C:\Windows\Explorer.EXE[1928] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                          [10001290] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                               857601F8
Device          \Driver\BTHUSB \Device\0000008f                                                                                      bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\netbt \Device\NetBT_Tcpip_{DC6C1383-482A-4263-A545-D05548BD62E1}                                             93E22500

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                 8575B1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                     884321F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                     884321F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                                     884331F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                     884321F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                     884321F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                     884321F8
Device          \Driver\PCI_PNP4216 \Device\00000062                                                                                 spoh.sys
Device          \Driver\usbehci \Device\USBPDO-6                                                                                     884331F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                               8575B1F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                               8575B1F8
Device          \Driver\cdrom \Device\CdRom0                                                                                         884C81F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                               8575B1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                          8575E1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                          sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                   [80CFA580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   8575E1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   8575E1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                        [80CFA580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\cdrom \Device\CdRom1                                                                                         884C81F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                               8575B1F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                              93E22500
Device          \Driver\BTHUSB \Device\00000091                                                                                      bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\Smb \Device\NetbiosSmb                                                                                       939901F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{62D63F80-07DE-42D6-88C3-EF7713BD9AB9}                                             93E22500
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                   88512350
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                     884321F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                     884321F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                     884331F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                     884321F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                     884321F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                     884321F8
Device          \Driver\sptd \Device\3759958230                                                                                      spoh.sys
Device          \Driver\usbehci \Device\USBFDO-6                                                                                     884331F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{9F4CB8F4-2B33-4E61-99FE-E3D789B06B17}                                             93E22500
Device          \Driver\ak3pesrb \Device\Scsi\ak3pesrb1Port4Path0Target0Lun0                                                         88507408
Device          \Driver\ak3pesrb \Device\Scsi\ak3pesrb1Port4Path0Target0Lun0                                                         sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\ak3pesrb \Device\Scsi\ak3pesrb1                                                                              88507408
Device          \Driver\ak3pesrb \Device\Scsi\ak3pesrb1                                                                              sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \FileSystem\cdfs \Cdfs                                                                                               85FE21F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd61bea                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x1F 0xBB 0x3F 0xDA ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xCB 0xB8 0xE6 0x81 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xDD 0x56 0x97 0xC2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001e4cd61bea (not active ControlSet)                      
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x1F 0xBB 0x3F 0xDA ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xCB 0xB8 0xE6 0x81 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xDD 0x56 0x97 0xC2 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

[/CODE]

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:48:41 on 26.06.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.4

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"IconPackager" - ? - C:\Program Files\Stardock\Object Desktop\IconPackager\ipcpl.cpl  (File not found)
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"ay3itgn9" (ay3itgn9) - "Microsoft Corporation" - C:\Windows\system32\drivers\ay3itgn9.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"catchme" (catchme) - ? - C:\Users\UseR\AppData\Local\Temp\catchme.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"msahci" (msahci) - "Microsoft Corporation" - C:\Windows\System32\drivers\msahci.sys
"NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
"PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys
"PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\Windows\System32\drivers\sfvfs02.sys
"Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"Wippien Network Adapter 2.4" (wip0204) - "Wippien Software" - C:\Windows\System32\DRIVERS\wip0204.sys
"zlportio" (zlportio) - ? - C:\Users\UseR\Saved Games\UltraStar Deluxe\zlportio.sys  (File not found)
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{41E300E0-78B6-11ce-849B-444553540000} "Display Effects CPL Extension" - "Microsoft Corporation" - C:\Windows\system32\themeui.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll
{2CF9036B-F720-425F-918C-03A336A65FC4} "IconPackager Context Menu" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{1799460C-0BC8-4865-B9DF-4A36CD703FF0} "IconPackager Repair" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.6.0_06" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
"ICQ7" - "ICQ, LLC." - C:\Program Files\ICQ7.0\ICQ.exe
"Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? -   (File not found | COM-object registry key not found)
{D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Browser Plug-in" - "Veoh Networks Inc" - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "Egis" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\UseR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
"eDataSecurity Loader" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ZPdtWzdVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\shsvcs.dll,-12288" (ShellHWDetection) - "Microsoft Corporation" - C:\Windows\System32\shsvcs.dll
"@%SystemRoot%\System32\shsvcs.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\shsvcs.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
"eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe  (File found, but it contains no detailed information)
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"Validity Fingerprint Service" (vfsFPService) - "Validity Sensors, Inc." - C:\Windows\system32\vfsFPService.exe
"Winstep Xtreme Service" (Winstep Xtreme Service) - "Winstep Software Technologies" - C:\Program Files\Winstep\WsxService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Alt 26.06.2010, 15:03   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.06.2010, 01:38   #15
sebbual
 
wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Standard

wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4243

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

26.06.2010 18:09:33
mbam-log-2010-06-26 (18-09-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 355090
Laufzeit: 2 Stunde(n), 58 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Antwort

Themen zu wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig
.dll, appdata, ccleaner, dateien, explorer, firewall, gen, handle, icq, internet, internet explorer, local\temp, malware, microsoft, panik, rsit, selbständig, software, suche, temp, trojan.agent, trojan.fakealert, version, windows firewall, öffnet



Ähnliche Themen: wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig


  1. Windows7: Malware eingefangen von infiziertem XP-Rechner über Fritzbox?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2015 (32)
  2. webpageclick.net öffnet sich selbständig in Chrome OS
    Alles rund um Mac OSX & Linux - 05.01.2015 (4)
  3. BrowseSmart eingefangen, Anti Malware hat über 1000 Infizierungen gefunden
    Log-Analyse und Auswertung - 07.09.2014 (3)
  4. Tab öffnet sich selbständig immer wieder
    Log-Analyse und Auswertung - 16.08.2014 (15)
  5. Unbekannte Webseite öffnet sich selbständig in regelmäßigen Abständen
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (2)
  6. Firefox-Tab mit Sponsorship öffnet sich selbständig
    Log-Analyse und Auswertung - 04.08.2013 (11)
  7. laufwerk öffnet sich selbständig - virus / trojaner?
    Log-Analyse und Auswertung - 15.07.2013 (7)
  8. BKA-Trojaner öffnet sich über Internet-Explorer
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (3)
  9. Browser öffnet sich selbständig
    Log-Analyse und Auswertung - 31.07.2011 (20)
  10. Outlook, Word und Firefox schliessen sich selbständig!Eventuell ein Virus eingefangen?
    Log-Analyse und Auswertung - 08.03.2011 (19)
  11. Internet Explorer macht sich selbständig und öffnet Werbefenster
    Log-Analyse und Auswertung - 16.07.2010 (7)
  12. Malware über ICQ eingefangen, Firefox öffnet selbstständig Werbeanzeigen und anderes
    Log-Analyse und Auswertung - 20.06.2010 (24)
  13. Trojaner gehabt - System jetzt sauber? IE öffnet sich selbständig...
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (24)
  14. Werbung über IE öffnet sich andauernd
    Log-Analyse und Auswertung - 19.03.2010 (1)
  15. Internet Explorer öffnet sich selbständig mit Werbung
    Log-Analyse und Auswertung - 18.01.2010 (3)
  16. Internet Explorer öffnet sich ständig selbständig
    Log-Analyse und Auswertung - 25.09.2007 (13)
  17. Internet Explorer öffnet sich selbständig
    Log-Analyse und Auswertung - 22.04.2006 (3)

Zum Thema wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig - Hi, das ist mein erster Post hier, und zwar aus dem Grund, dass ich mir vor zwei Tagen höchstwahrscheinlich Malware über ICQ eingefangen habe. Seitdem öffnet sich sehr häufig der - wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig...
Archiv
Du betrachtest: wahrsch. Malware über ICQ eingefangen, IE öffnet sich jetzt selbständig auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.