Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Security Tool - bin ich es los?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.07.2010, 12:40   #1
muhkuh
 
Security Tool - bin ich es los? - Frage

Security Tool - bin ich es los?



Grüße, geliebtes TB!

Vorab als Info:
Windows Vista home premium 32bit
Opera 10.60
3 Benutzerkonten:
1x Admin - nur für Windows Updates etc genutzt
1x Privat - eingeschränkt und ohne Adminrechte, am häufigsten genutzt.
1x Büro - eingeschränkt und ohne Adminrechte

Gestern bin ich in meinem Privatbenutzerkonto durch Klicken auf ein Google-Suchergebnis an Security Tool gekommen. Wer hätte gedacht, dass die Suche nach Tips zum Führen eines Haushaltsbuches so gefährlich sein kann

Daraufhin öffnete sich eine PDF mit einer .tmp Endung und PLING "Security Tool has been installed". Dann gings Knall auf Fall und alles hat geblinkt und was weiß ich.

PC erst mal in Panik ausgeschaltet, neu hochgefahren und in meinem Privatkonto konnte ich nichts mehr ändern. Kein Taskmanager, kein mbam, nix. Also ab ins Büro Profil, dort ging noch alles wunderbar.

Habe dann Malwarebytes upgedatet, fullscan gemacht, Funde gelöscht. Neugestartet, wieder ins Büroprofil, Antivir upgedatet und Fullscan gemacht, wieder neugestartet und wieder im Büroprofil Malwarebytes laufen lassen, diesmal aber "als admin starten". Weitere Funde gelöscht und wieder neugestartet. Dann bin ich in mein Privatprofil (hab mich endlich getraut ^^) und habe Malwarebytes erneut im Fullscan unterm Privatkonto laufen lassen. Funde entfernt.

Danach in jedem Konto CCleaner upgedatet und laufen lassen, alles entfernt, registry gesäubert, nochmal "zur Sicherheit" laufen lassen.

Kurzum: Malwarebytes hat alles unter jedem Benutzer gefunden und entfernt, CCleaner hat die Reste entfernt, aber ich fühle mich unsicher.

Mein PC läuft wieder einwandfrei, meine Hosts-Datei war nicht betroffen und soweit "eigentlich" alles gut.

Mir fällt noch ein: Windows Update hatte ich seit ca. 2 Wochen nicht laufen, da ich die Zeit irgendwie nicht dran gedacht habe ins Admin Konto zu wechseln, werd ich gleich nachholen!

Gibt es eventuell noch einen Scanner, den ich drüberlaufen lassen kann? Hijackthis hatte die Einträge soweit gefunden und nach Malwarebytes Arbeit war HijackThis auch "clean".

Sorry für den Roman, sorge mich immer noch, auch wenn Antivir, Malwarebytes und CCleaner nichts mehr finden...

Alt 22.07.2010, 16:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Tool - bin ich es los? - Standard

Security Tool - bin ich es los?



Sieht aus als hätten dich die eingeschränkten Rechte vor Schlimmerem bewahrt, denn dann hast Du keine Schreibrechte in Systembereiche und weder Schreib- noch Leserechte in den Profilordnern andere Benutzer!
Poste bitte mal alle Malwarebytes-Logs.
__________________

__________________

Alt 22.07.2010, 19:20   #3
muhkuh
 
Security Tool - bin ich es los? - Standard

Security Tool - bin ich es los?



Ja, das glaub ich auch *phew* ^^

Log1
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4332

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

20.07.2010 23:40:25
mbam-log-2010-07-20 (23-40-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 287415
Laufzeit: 59 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Log2
da hatte ich mich gewundert, da Rainmeter ja eigentlich nicht schädlich ist, habs dennoch entfernt (also den skin)
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4332

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

20.07.2010 22:31:52
mbam-log-2010-07-20 (22-31-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 287573
Laufzeit: 59 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Ivory\Documents\Rainmeter\Skins\Enigma\ConfigureEnigma.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\SaS\Documents\Rainmeter\Skins\Enigma\ConfigureEnigma.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_lt-lt_bf12ba06fdc0c65b_msimsg.dll.mui_72e8994f (Trojan.Dropper) -> Quarantined and deleted successfully.
         
und hier war der "schlimmste" Log:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4332

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

20.07.2010 21:14:13
mbam-log-2010-07-20 (21-14-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152464
Laufzeit: 7 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\ProgramData\49493130 (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\$Recycle.Bin\S-1-5-21-59915249-1296444255-759154618-1000\$RGNX5DI.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\ProgramData\49493130\49493130.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Ivory\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Ivory\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Ivory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Ivory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\srvklw32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
         
Bin mir grad nicht sicher ob ich die Reihenfolge richtig hab, aber Zeitpunkt müsste ja im Log stehen.

Stellt CCleaner keine Logs auf? Sonst hätt ich das auch noch gepostet, hab aber nichts gefunden.

Danke :*

edit: hm, der schlimmste log ist nur ein quick-scan... wo hab ich den fullscan? ich geh mal suchen..

edit: im Büroprofil war noch eins:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4324

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

20.07.2010 20:48:12
mbam-log-2010-07-20 (20-48-12).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 290933
Time elapsed: 1 hour(s), 56 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\49493130 (Rogue.Multiple) -> Delete on reboot.

Files Infected:
C:\ProgramData\49493130\49493130.exe (Rogue.Multiple) -> Delete on reboot.
         
drölfzigstes Edit:
Der erste Log ist der "Neueste" unter dem "befallenen" Profil als Fullscan und augenscheinlich sauber <3
__________________

Geändert von muhkuh (22.07.2010 um 19:28 Uhr)

Alt 22.07.2010, 20:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Tool - bin ich es los? - Standard

Security Tool - bin ich es los?



Zitat:
C:\ProgramData\49493130\49493130.exe
Kennst Du das Teil? Das kann da mit eingeschränkten Rechten sich eigentlich nicht breitmachen. Entweder kam der später rein oder das liegt da schon länger drin.

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.07.2010, 21:30   #5
muhkuh
 
Security Tool - bin ich es los? - Standard

Security Tool - bin ich es los?



Nein, die Zahlenreihe da sagt mir gar nichts. Allerdings hatte ich beim Googlen den Thread zu Security Tool gefunden, dort war ein Abschnitt mit "folgende Dateien sind von Security Tool" oder so und da waren lauter Dateien dieser Art (also Zahlenordner mit Zahlendateien drin). hier:

Zitat:
Dateien von SecurityTool / Security Tool:
Code:
ATTFilter
%UserProfile%\Application Data\4946550101
%UserProfile%\Application Data\4946550101\4946550101.bat
%UserProfile%\Application Data\4946550101\4946550101.cfg
%UserProfile%\Application Data\4946550101\4946550101.exe
%UserProfile%\Desktop\Security Tool.lnk
%UserProfile%\Start Menu\Programs\Security Tool.lnk
         
aus euerm Forum im FAQ-Bereich (Anleitungen etc).

Kurzum: Nein, das Ding sagt mir nix.

hier die OTL Sachen mit *** als Profilname (wenns ok ist)

OTL.txt:
[code]
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.07.2010 21:16:24 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Ivory\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 24,94 Gb Free Space | 25,54% Space Free | Partition Type: NTFS
Drive D: | 352,64 Gb Total Space | 245,20 Gb Free Space | 69,53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7,45 Gb Total Space | 0,69 Gb Free Space | 9,32% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RIDGEBACK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\**Privatprofil**\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\**Privatprofil**\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - D:\Progz\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Progz\Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Users\**BüroProfil**\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - D:\Progz\Rainlendar\Rainlendar2\Rainlendar2.exe ()
PRC - D:\Progz\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - D:\Progz\RocketDock\RocketDock.exe ()
PRC - D:\Progz\Lotus\org6\organize\EasyClip6.exe (Lotus Development Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\**Privatprofil**\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3725.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (IGBASVC) -- C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (Egistec)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (AlfaFF) -- C:\Windows\system32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (mbmiodrvr) -- C:\Windows\System32\mbmiodrvr.sys (cansoft@livewiredev.com)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (PMEM) -- C:\Windows\System32\drivers\PMEMNT.SYS (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5935
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5935
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0409&m=aspire_5935
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Progz\Firefox\components [2010.06.30 16:39:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Progz\Firefox\plugins [2010.07.03 14:56:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: D:\Progz\Thunderbird\components [2010.05.21 20:06:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: D:\Progz\Thunderbird\plugins [2010.07.03 14:56:29 | 000,000,000 | ---D | M]
 
[2010.04.10 10:22:55 | 000,000,000 | ---D | M] -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Extensions
[2010.06.19 17:56:40 | 000,000,000 | ---D | M] -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions
[2010.04.10 10:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.19 17:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
[2010.06.19 17:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2010.06.19 17:58:17 | 000,000,000 | ---D | M] (FBFan) -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
[2010.04.10 10:22:58 | 000,000,000 | ---D | M] -- C:\Users\**Adminprofil**\AppData\Roaming\mozilla\Firefox\Profiles\yerqz0l7.default\extensions\staged-xpis
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IEHlprObj Class) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Progz\Lotus\org6\organize\iehelper.dll ()
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] D:\Progz\Malwarebytes\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [Rainlendar2] D:\Progz\Rainlendar\Rainlendar2\Rainlendar2.exe ()
O4 - HKLM..\RunOnce: [BrowserBallot] C:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Progz\Malwarebytes\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Web Entry - {B4E30F61-16D9-11D3-85D1-005004229569} - D:\Progz\Lotus\org6\organize\bandobjs.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/html {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\Caylee\AppData\LocalLow\Microñoft\redir.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe -- File not found
O33 - MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\Shell - "" = AutoRun
O33 - MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\Shell - "" = AutoRun
O33 - MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\Shell - "" = AutoRun
O33 - MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.21 15:25:19 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.07.21 15:25:19 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.07.21 15:25:19 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.07.21 15:22:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.07.21 15:22:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.07.20 17:02:33 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll
[2010.07.20 17:02:33 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll
[2010.07.18 22:34:21 | 000,000,000 | ---D | C] -- C:\Users\**Adminprofil**\AppData\Local\JollyBear
[2010.07.18 22:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\JollyBear
[2010.07.14 14:47:01 | 000,000,000 | ---D | C] -- C:\Windows\My Kingdom for the Princess
[2010.07.08 19:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.07.08 18:35:57 | 000,000,000 | ---D | C] -- C:\Users\**Adminprofil**\AppData\Local\SCE
[2010.07.06 17:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010.07.06 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\**Adminprofil**\AppData\Local\Last.fm
[2009.03.20 17:49:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.22 21:16:04 | 001,835,008 | -HS- | M] () -- C:\Users\**Adminprofil**\NTUSER.DAT
[2010.07.22 20:37:13 | 000,097,391 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.22 20:37:13 | 000,097,391 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.22 20:30:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.22 20:30:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.22 19:15:06 | 000,524,288 | -HS- | M] () -- C:\Users\**Adminprofil**\NTUSER.DAT{2932b98a-76c0-11df-8ceb-00235a84f537}.TMContainer00000000000000000001.regtrans-ms
[2010.07.22 19:15:06 | 000,065,536 | -HS- | M] () -- C:\Users\**Adminprofil**\NTUSER.DAT{2932b98a-76c0-11df-8ceb-00235a84f537}.TM.blf
[2010.07.22 15:09:28 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.22 15:09:28 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.22 15:09:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.22 15:09:28 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.22 15:09:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.22 12:30:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.22 12:30:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.21 23:16:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.07.20 17:02:33 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\wpcap.dll
[2010.07.20 17:02:33 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\System32\Packet.dll
[2010.07.18 22:25:14 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2010.07.15 18:13:44 | 000,001,427 | ---- | M] () -- C:\Users\Public\Desktop\MyMicroBalance.lnk
[2010.07.14 14:47:12 | 000,000,944 | ---- | M] () -- C:\Users\**Adminprofil**\Desktop\My Kingdom for the Princess.lnk
[2010.07.08 19:14:13 | 000,000,861 | ---- | M] () -- C:\Windows\wininit.ini
[2010.07.08 18:39:06 | 000,000,812 | ---- | M] () -- C:\Users\**Adminprofil**\Desktop\EverQuest II (EU Deutsch).lnk
[2010.07.06 17:23:18 | 000,000,537 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010.07.06 17:01:58 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.03 14:56:30 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
 
========== Files Created - No Company Name ==========
 
[2010.07.18 22:25:14 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.07.15 18:13:44 | 000,001,427 | ---- | C] () -- C:\Users\Public\Desktop\MyMicroBalance.lnk
[2010.07.14 14:47:12 | 000,000,944 | ---- | C] () -- C:\Users\**Adminprofil**\Desktop\My Kingdom for the Princess.lnk
[2010.07.08 18:39:06 | 000,000,812 | ---- | C] () -- C:\Users\**Adminprofil**\Desktop\EverQuest II (EU Deutsch).lnk
[2010.07.06 17:23:18 | 000,000,537 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010.07.03 14:56:30 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.02.11 09:58:56 | 000,004,096 | ---- | C] () -- C:\Windows\System32\detoured.dll
[2009.11.30 17:13:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.11.27 18:33:02 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2009.11.23 17:21:01 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.09.04 19:05:27 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.03 16:31:09 | 000,000,076 | ---- | C] () -- C:\Windows\ricdb.ini
[2009.09.03 16:31:08 | 000,000,027 | ---- | C] () -- C:\Windows\System32\RPCS.ini
[2009.08.31 15:20:11 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.08.31 15:20:11 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.08.30 16:20:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.29 14:55:35 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009.08.29 14:55:35 | 000,011,568 | ---- | C] () -- C:\Windows\System32\drivers\UimFIO.sys
[2009.08.29 01:36:45 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.29 01:35:42 | 000,000,861 | ---- | C] () -- C:\Windows\wininit.ini
[2009.04.19 01:01:10 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.04.19 01:01:10 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.10.28 12:32:40 | 000,950,272 | ---- | C] () -- C:\Windows\System32\MPEG4Evfw.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.11 14:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.09.09 11:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll
[2008.09.09 11:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.05.21 20:46:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.03.12 13:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998.01.13 13:52:30 | 000,047,104 | ---- | C] () -- C:\Windows\System32\LOTRN13.DLL
 
========== Files - Unicode (All) ==========
[2010.01.17 02:58:15 | 003,932,214 | ---- | M] ()(C:\Users\**Adminprofil**\Desktop\b?????m.bmp) -- C:\Users\**Adminprofil**\Desktop\b�����m.bmp
[2010.01.17 02:57:32 | 003,932,214 | ---- | C] ()(C:\Users\**Adminprofil**\Desktop\b?????m.bmp) -- C:\Users\**Adminprofil**\Desktop\b�����m.bmp
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:F1535D7B
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:41C283B2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:1013B07C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:ABD3B354
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DF695222
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4220A65C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F878F14A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D88D995C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:193426B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:FF818E2B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:66633281
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:1AF93AF4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:61E5F0F7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:557AD709
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A78FEBF9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:07D9FF25
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:0888F409
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3BD11093
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:C8182692
< End of report >
         
--- --- ---


Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.07.2010 21:16:24 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\**Privatprofil**\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 24,94 Gb Free Space | 25,54% Space Free | Partition Type: NTFS
Drive D: | 352,64 Gb Total Space | 245,20 Gb Free Space | 69,53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7,45 Gb Total Space | 0,69 Gb Free Space | 9,32% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RIDGEBACK
Current User Name: **Adminprofil**
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- D:\Progz\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Progz\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Progz\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD455E0-337D-4D45-939F-142F1C71DB62}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{11CE8972-1D2B-4F97-8720-6DC9E408E04C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{22A003D4-5543-43BA-99BF-7438C4DBF4A1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2488069E-24E3-4FE7-B486-B862BFB02D3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{49707AA1-99C7-4177-AB74-8BC8106CE07A}" = lport=49184 | protocol=6 | dir=in | name=akamai netsession interface | 
"{51A16504-3CC7-4C8C-AD38-D18AB6A55164}" = lport=137 | protocol=17 | dir=in | app=system | 
"{52FFBD2D-1F28-4A4A-A36E-84E69F6E2763}" = lport=445 | protocol=6 | dir=in | app=system | 
"{533B6117-E9E5-46FA-896F-5D3A7A7D841F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{533D1097-892A-4EF7-8953-EFC594E2DCF9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7EC4473F-32D0-4839-905E-249C767EE63D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7F175D0C-3550-407B-A492-694413648025}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8249BD3A-A965-4258-B2C4-6EEC9938311C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{85D2347E-31AE-49AB-BB86-5440D79E18BB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{90478739-90FC-4B8D-B209-91A859162035}" = lport=139 | protocol=6 | dir=in | app=system | 
"{913E3535-0411-4B31-BC3F-2CF1AF87EA46}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{925AE79B-728C-400C-9009-9C0471876001}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A4BE89C9-1BCF-4268-9FAD-8EC5CF606B45}" = lport=6112 | protocol=6 | dir=in | name=wciii | 
"{A8A81598-F8BB-4209-B2F5-C09E0F80D20A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E8E5D029-CD14-43F1-9663-3D1CAD4ED9B5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EE8FDBEC-90C6-4E9E-ABC7-403B806F30D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F252CA5D-54B7-4C94-9B6E-6019ABD6089B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F38A6702-B396-4427-AB62-F1985F14A3A9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02194400-F3E0-4C36-841A-2660D00A8AF6}" = protocol=17 | dir=in | app=d:\progz\steam\steam.exe | 
"{08A46C4E-9142-461E-AAAE-503C437D02D0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{0989EB26-391E-40C7-8950-ACD5402D1DAD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0BF2E4B1-BE44-437E-BEBC-19B245AC631F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{1EBCBEB7-4A11-4FF3-96BB-76E67E67DCA9}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{225570C6-CEE9-4BF8-843F-7B4724981A30}" = dir=in | app=c:\progz\skype\phone\skype.exe | 
"{320D5787-4CB7-49E8-B95C-627EFF348319}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{34040298-BA41-41E8-BA2F-A5D4D8B77746}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{341CE715-8562-4444-A532-C833BE97E38B}" = protocol=17 | dir=in | app=d:\progz\tv browser\tvbrowser.exe | 
"{34852032-14C4-47E0-9F3E-8BACEAE7C6A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{38712A7D-F185-49E2-8834-C7A8D522CDA6}" = protocol=17 | dir=in | app=d:\multimedia\games\fear\fearmp.exe | 
"{409A93C8-9E3D-4DC6-A0A8-F51D5B4C0FF2}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | 
"{44FE2F65-DFCE-4D46-B8DD-83C7EE00F43A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{56D4C125-5C0C-4B57-8718-B476E4401B18}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{5F43E633-3D3B-41EA-BD0F-48F07DC849BC}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{616559CD-C4C7-473E-9510-02134A4DE29C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{748E4184-ED9D-4AD3-8912-D60E17490BFA}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{758126FD-0EB1-4407-9050-6D9C93E8F8CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{772730D7-0A07-4076-AFB9-1FF7E198FCB0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{7A6294EE-86FF-4979-A7E0-281072B34A8F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{89FD6FFB-5A9D-4975-805B-B83028920B19}" = protocol=17 | dir=in | app=d:\progz\\utorrent.exe | 
"{92EE23A0-DCE6-4F8D-B347-7F4D8DBD04B2}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"{93055E12-CE00-44E4-85B7-471A9B0BE4A6}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{94587594-8C01-4701-9D92-ECD39BA5A89B}" = protocol=6 | dir=in | app=d:\progz\\utorrent.exe | 
"{97F99D4B-F6C9-4CCE-9B08-4ED4671840AE}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{9841299A-8327-4D9F-A6C0-3AE8F20514B0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A506BD13-C6C0-49B6-A6D5-1F9D6CD64FF5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A7916262-14AA-4464-9299-75A517176725}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{ADB84518-1A6B-4D93-8DFA-43C9817CB5E3}" = protocol=17 | dir=in | app=d:\multimedia\games\fear\fear.exe | 
"{B21D810E-EAE0-4848-81D2-1800A9171514}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{B3141721-B6E3-4E1F-A9E3-70E97B4D5F5A}" = protocol=6 | dir=in | app=d:\multimedia\games\fear\fear.exe | 
"{B5B122D3-EF03-4F6B-83B4-797DEF126AC5}" = protocol=6 | dir=in | app=d:\progz\tv browser\tvbrowser_nodd.exe | 
"{B8A216DD-F6A4-47B9-83C9-6125B3D9F82E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BA1D9CD4-9C48-47B7-BC60-AF88EE4A44EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BB576EB0-ABE4-4DA2-B6F1-C8412FB200DC}" = protocol=6 | dir=in | app=d:\progz\steam\steam.exe | 
"{BF37A1DC-16CB-4FC0-B3D2-B46B643DFFC7}" = protocol=6 | dir=in | app=d:\multimedia\games\fear\fearmp.exe | 
"{C0197ED1-CCD8-447B-802A-9F1CA1D77A48}" = protocol=6 | dir=in | app=d:\progz\tv browser\tvbrowser.exe | 
"{C02D2132-E996-4210-85D6-91C784884649}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{C0AA46EF-01C1-4677-8107-F6836C54955F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{CDA18427-B918-4D53-A1CC-64861EBBFD21}" = protocol=17 | dir=in | app=d:\progz\tv browser\tvbrowser_nodd.exe | 
"{D0108A08-DFE8-418A-BF74-329E8C4DCDD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D19F6D26-F492-4812-9624-FAB213D77D17}" = protocol=6 | dir=in | app=d:\progz\steam\steam.exe | 
"{D279FADB-D888-4450-9D10-9DC6EF0A3480}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{D3D4EF29-25AF-4FBF-BD3B-F0F91F27C145}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DB2C0999-411C-4E12-97B3-EC9D2AB95251}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{E2711249-6DE0-424A-A6DD-2D53017B89B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EACEF86D-5373-4B8F-B482-2DA355B881BA}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"{ECCC7597-CA7C-46A9-9D8F-F99C3DABD01C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{FEA20D4A-F2A5-4FDC-92EA-A0D3EEC0B4A2}" = protocol=17 | dir=in | app=d:\progz\steam\steam.exe | 
"TCP Query User{11C8B6F5-2273-4B51-A6E4-D1F353D7A1F0}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"TCP Query User{2981F040-FA22-4FD4-8403-54F9A3C8DC89}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{36D04550-4583-4B31-954A-10CBE04263C1}C:\users\public\documents\blizzard entertainment\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\launcher.exe | 
"TCP Query User{379C8C30-B478-4555-8FE5-17EB142DB1B5}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{45141CE4-844B-47FB-B6A8-C068638CA89C}D:\progz\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\progz\skype\phone\skype.exe | 
"TCP Query User{4B9C30AE-F88B-4935-A8E2-F0982FCFAE05}D:\progz\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\progz\trillian\trillian.exe | 
"TCP Query User{585CE905-0841-490A-93B1-607FF6C2271B}D:\downloads\wow-language-pack-engb-downloader.exe" = protocol=6 | dir=in | app=d:\downloads\wow-language-pack-engb-downloader.exe | 
"TCP Query User{62C0052B-D3C9-4337-9D66-FDDCF8F377F1}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{7B1A3811-C501-4209-93E5-DFA91BDA1DA8}D:\multimedia\games\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\multimedia\games\anno 1404\tools\anno4web.exe | 
"TCP Query User{80A0F038-BBEC-414A-BD4E-627A12103CFB}D:\progz\opera\opera.exe" = protocol=6 | dir=in | app=d:\progz\opera\opera.exe | 
"TCP Query User{81913B3F-8D9C-49A8-8B84-E72467D371A8}D:\multimedia\games\medal of honor\mohaa.exe" = protocol=6 | dir=in | app=d:\multimedia\games\medal of honor\mohaa.exe | 
"TCP Query User{84921E5F-A62D-4870-8B71-08AB60010ACA}C:\users\public\documents\blizzard entertainment\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{860F55ED-4D21-43D8-9337-531483719742}D:\progz\opera\opera.exe" = protocol=6 | dir=in | app=d:\progz\opera\opera.exe | 
"TCP Query User{8804AEEA-132A-450E-B010-9F158A404B4C}D:\progz\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\progz\trillian\trillian.exe | 
"TCP Query User{8BCF167C-E892-44AF-A89A-28F2E897F4D2}D:\progz\soulseek\slsk.exe" = protocol=6 | dir=in | app=d:\progz\soulseek\slsk.exe | 
"TCP Query User{B860B465-951E-4535-B309-633A8BA6EAEF}C:\users\public\documents\blizzard entertainment\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\repair.exe | 
"TCP Query User{C3D2D242-9374-4DFF-9A90-8E21F3A62BA8}D:\multimedia\games\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\multimedia\games\anno 1404\tools\anno4web.exe | 
"TCP Query User{C61E4E15-0FD5-4BF7-97A2-B07DC00441EA}D:\multimedia\games\towerdefensedungeon\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\multimedia\games\towerdefensedungeon\binaries\win32\udk.exe | 
"TCP Query User{C80F556D-72DA-4681-ACFA-144E8A17F184}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{CD71176A-3FE5-460E-90CF-CD7EB562C07C}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"TCP Query User{D943DDFF-6633-4A60-BA72-0A651E1F1B70}D:\multimedia\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\multimedia\games\warcraft iii\war3.exe | 
"TCP Query User{E66DB5AD-B15C-418C-9C1A-8EB2BF04E73B}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
"TCP Query User{F3846BD6-EDC4-4032-8051-18F2D93615C1}D:\progz\skype\phone\skype.exe" = protocol=6 | dir=in | app=d:\progz\skype\phone\skype.exe | 
"TCP Query User{F3A982EA-8AF2-422A-9C07-77EFFE9B6EE9}D:\progz\soulseek\slsk.exe" = protocol=6 | dir=in | app=d:\progz\soulseek\slsk.exe | 
"TCP Query User{F9A70970-DE5E-4300-8C7E-CCE02C2972BD}D:\multimedia\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\multimedia\games\warcraft iii\war3.exe | 
"TCP Query User{FA313693-53EF-4B0F-9137-3220F77001BF}D:\progz\utorrent.exe" = protocol=6 | dir=in | app=d:\progz\utorrent.exe | 
"UDP Query User{05788829-8669-4BFC-80A1-B412A90E6C99}D:\multimedia\games\towerdefensedungeon\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\multimedia\games\towerdefensedungeon\binaries\win32\udk.exe | 
"UDP Query User{07B03877-E016-4ACA-AF2C-73EB64AF23BB}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{07D5686C-7F2F-48BD-ACA7-78D02FF17A91}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"UDP Query User{09D090C8-499A-404E-87AE-FF3A42F4FABE}D:\progz\utorrent.exe" = protocol=17 | dir=in | app=d:\progz\utorrent.exe | 
"UDP Query User{0D548AFF-AE31-4562-81E8-0D83BD4F909E}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"UDP Query User{31D5F2B4-6D9D-49E9-9447-0CB6760F86DA}D:\progz\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\progz\trillian\trillian.exe | 
"UDP Query User{3DE314B7-E1C2-475A-B0F2-E5D98ECAC61F}D:\multimedia\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\multimedia\games\warcraft iii\war3.exe | 
"UDP Query User{54BEDA87-7C07-4DAB-A6B9-D2738803DA9B}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{5739C7B3-05FE-4AFB-8D84-F9AA53AE49C0}C:\users\public\documents\blizzard entertainment\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\launcher.exe | 
"UDP Query User{574A4D94-09D0-49BF-8994-1490F720D097}D:\multimedia\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\multimedia\games\warcraft iii\war3.exe | 
"UDP Query User{60B4F41C-D487-4B2D-9136-16058C8B49B1}D:\multimedia\games\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\multimedia\games\anno 1404\tools\anno4web.exe | 
"UDP Query User{66B3B712-1FB6-4EB3-96A0-4ECDBD646615}D:\progz\opera\opera.exe" = protocol=17 | dir=in | app=d:\progz\opera\opera.exe | 
"UDP Query User{67A5D9BC-9417-4D4A-A0D3-BD299CA7CAA0}D:\progz\soulseek\slsk.exe" = protocol=17 | dir=in | app=d:\progz\soulseek\slsk.exe | 
"UDP Query User{865B650D-B746-491D-B6E0-8A59EA769B7A}D:\multimedia\games\medal of honor\mohaa.exe" = protocol=17 | dir=in | app=d:\multimedia\games\medal of honor\mohaa.exe | 
"UDP Query User{92D670F6-FE78-43B5-8C58-741B601907E2}C:\users\public\documents\blizzard entertainment\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{AEE66092-4496-4B48-B3F5-BC3C4D427609}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{B0F6F9DD-C6C3-48A7-AEE6-357FF557A17E}D:\downloads\wow-language-pack-engb-downloader.exe" = protocol=17 | dir=in | app=d:\downloads\wow-language-pack-engb-downloader.exe | 
"UDP Query User{B12DD12E-FD67-4A4B-90CF-4DCC8BE8CCE0}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{BB5D595C-4E65-484B-A7EA-2E8697509714}D:\progz\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\progz\skype\phone\skype.exe | 
"UDP Query User{C470C08B-FF90-425A-B6D7-DE04C7C43BBA}D:\multimedia\games\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\multimedia\games\anno 1404\tools\anno4web.exe | 
"UDP Query User{D1103816-7B0F-4C76-932A-2C4FC0FA1928}C:\users\public\documents\blizzard entertainment\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\repair.exe | 
"UDP Query User{D345F213-1741-4893-AB63-5E0CE762BD76}D:\progz\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\progz\trillian\trillian.exe | 
"UDP Query User{E10DA622-793F-46E1-A2D8-903FCCECAC0E}D:\progz\opera\opera.exe" = protocol=17 | dir=in | app=d:\progz\opera\opera.exe | 
"UDP Query User{E93AC70E-614D-4B4C-B738-A76945C73919}D:\progz\skype\phone\skype.exe" = protocol=17 | dir=in | app=d:\progz\skype\phone\skype.exe | 
"UDP Query User{EF4DA782-CB5D-4BDB-ABAD-75A49CCC63CA}D:\progz\soulseek\slsk.exe" = protocol=17 | dir=in | app=d:\progz\soulseek\slsk.exe | 
"UDP Query User{F13EDCF5-8FC2-4F6C-96A6-4597C529E402}C:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6400
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{084F0F60-DA25-4A86-A954-1BE5FE19E495}" = TSR Launcher
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2D7947C2-65F2-48ED-AA76-AE40AAAE97CD}" = TSR Workshop
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{32347E43-C68C-423B-9DC8-A22CE16DE0C1}" = MyMicroBalance
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5F1B30-B10B-4579-86DD-D00F662E1031}" = Nero 8
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F726761-6E69-7A65-7236-2E31302D0409}" = IBM Lotus Organizer 6 - English
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6F9B9AEB-00D8-4000-AD5B-7E97E85571DE}" = ScopeUserGuide
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E325417-AE9C-4EE1-A158-13DF451A5987}" = Broadcom Gigabit Integrated Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.7.2
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9E4BB29-FA98-401B-9EDE-9906906E33DE}" = Paragon Festplatten Manager 2008 Suite
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alice Software" = Alice Software 4.10.0
"amg-ageoforaclestarasjourney" = Age of Oracles - Tara's Journey
"am-royalenvoytm" = Royal Envoy(TM)
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFG-Royal Envoy" = Royal Envoy
"BFG-Royal Envoy Collector's Edition" = Royal Envoy Collector's Edition
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"Cinergy T USB XE (MKII)" = Cinergy T USB XE (MKII) V6.09.28.05b
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ExpressRip" = Express Rip
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.24567
"LManager" = Launch Manager
"LogoMaker_is1" = LogoMaker 2.0
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"MobMap_is1" = MobMap 3.46
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"My Kingdom for the Princess1.0" = My Kingdom for the Princess
"MyDefrag_is1" = MyDefrag v4.1.2
"NVIDIA Drivers" = NVIDIA Drivers
"Organizer Conversion Utility" = Organizer Conversion Utility
"Picasa 3" = Picasa 3
"Rainlendar2" = Rainlendar2 (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"Royal Envoy_is1" = Royal Envoy
"Royal Envoy™ Collector’s Edition_is1" = Royal Envoy™ Collector’s Edition
"Sea Voyage 3D Screensaver_is1" = Sea Voyage 3D Screensaver 1.0
"Soulseek" = SoulSeek Client 156c
"Steam App 400" = Portal
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"tvbrowser" = TV-Browser 3.0-beta2
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Warcraft II_is1" = Warcraft II
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.07.2010 12:41:08 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description = 
 
Error - 05.07.2010 12:41:48 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description = 
 
Error - 05.07.2010 12:42:29 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description = 
 
Error - 05.07.2010 12:43:09 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description = 
 
Error - 05.07.2010 12:43:50 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description = 
 
Error - 05.07.2010 12:44:30 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description = 
 
Error - 05.07.2010 12:45:12 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description = 
 
Error - 05.07.2010 12:45:52 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description = 
 
Error - 05.07.2010 12:46:32 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description = 
 
Error - 05.07.2010 12:47:12 | Computer Name = Ridgeback | Source = RasClient | ID = 20227
Description = 
 
[ System Events ]
Error - 20.07.2010 14:51:03 | Computer Name = Ridgeback | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 21.07.2010 09:24:44 | Computer Name = Ridgeback | Source = DCOM | ID = 10005
Description = 
 
Error - 21.07.2010 09:24:44 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 21.07.2010 09:24:44 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.07.2010 09:24:44 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 21.07.2010 09:24:44 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.07.2010 09:29:54 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 21.07.2010 09:29:54 | Computer Name = Ridgeback | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.07.2010 09:33:56 | Computer Name = Ridgeback | Source = DCOM | ID = 10010
Description = 
 
Error - 21.07.2010 17:16:23 | Computer Name = Ridgeback | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---


Toll, nun weiß jeder dass ich ein absoluter Spielejunkie bin


Alt 22.07.2010, 21:51   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Tool - bin ich es los? - Standard

Security Tool - bin ich es los?



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O33 - MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe -- File not found
O33 - MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\Shell - "" = AutoRun
O33 - MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\Shell - "" = AutoRun
O33 - MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\Shell - "" = AutoRun
O33 - MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:F1535D7B
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:41C283B2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:1013B07C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:ABD3B354
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DF695222
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4220A65C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F878F14A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D88D995C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:193426B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:FF818E2B
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:66633281
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:1AF93AF4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:61E5F0F7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:557AD709
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A78FEBF9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:07D9FF25
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:0888F409
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3BD11093
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:C8182692
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> Security Tool - bin ich es los?

Alt 23.07.2010, 15:01   #7
muhkuh
 
Security Tool - bin ich es los? - Standard

Security Tool - bin ich es los?



Voilà, le Ergebnis:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4fa391f6-2c6a-11de-b6ca-806e6f6e6963}\ not found.
File E:\Einstiegsseite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59751b64-5078-11df-a75e-00235a84f537}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59751b64-5078-11df-a75e-00235a84f537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59751b64-5078-11df-a75e-00235a84f537}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aac49e3-760c-11df-8e91-00235a84f537}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7aac49e3-760c-11df-8e91-00235a84f537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aac49e3-760c-11df-8e91-00235a84f537}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{904202d8-94a6-11de-a9fb-00242cf8163d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{904202d8-94a6-11de-a9fb-00242cf8163d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{904202d8-94a6-11de-a9fb-00242cf8163d}\ not found.
File F:\Autorun.exe not found.
ADS C:\ProgramData\Temp:F1535D7B deleted successfully.
ADS C:\ProgramData\Temp:41C283B2 deleted successfully.
ADS C:\ProgramData\Temp:1013B07C deleted successfully.
ADS C:\ProgramData\Temp:ABD3B354 deleted successfully.
ADS C:\ProgramData\Temp:DF695222 deleted successfully.
ADS C:\ProgramData\Temp:4220A65C deleted successfully.
ADS C:\ProgramData\Temp:F878F14A deleted successfully.
ADS C:\ProgramData\Temp:D88D995C deleted successfully.
ADS C:\ProgramData\Temp:193426B4 deleted successfully.
ADS C:\ProgramData\Temp:FF818E2B deleted successfully.
ADS C:\ProgramData\Temp:66633281 deleted successfully.
ADS C:\ProgramData\Temp:1AF93AF4 deleted successfully.
ADS C:\ProgramData\Temp:61E5F0F7 deleted successfully.
ADS C:\ProgramData\Temp:557AD709 deleted successfully.
ADS C:\ProgramData\Temp:A78FEBF9 deleted successfully.
ADS C:\ProgramData\Temp:9D03192E deleted successfully.
ADS C:\ProgramData\Temp:07D9FF25 deleted successfully.
ADS C:\ProgramData\Temp:0888F409 deleted successfully.
ADS C:\ProgramData\Temp:3BD11093 deleted successfully.
ADS C:\ProgramData\Temp:C8182692 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: **Adminprofil**
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 49674711 bytes
->FireFox cache emptied: 12278771 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 963 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: **Privatprofil**
->Temp folder emptied: 259491 bytes
->Temporary Internet Files folder emptied: 9498643 bytes
->Java cache emptied: 51841718 bytes
->FireFox cache emptied: 35908412 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 10732 bytes
 
User: Public
 
User: **Büroprofil**
->Temp folder emptied: 16504127 bytes
->Temporary Internet Files folder emptied: 516873 bytes
->Java cache emptied: 26368437 bytes
->Opera cache emptied: 1498965 bytes
->Flash cache emptied: 9194 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 195,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 07232010_145504

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         


Vielen Dank, dass du mir hilfst

Alt 23.07.2010, 18:22   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Tool - bin ich es los? - Standard

Security Tool - bin ich es los?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Security Tool - bin ich es los?
antivir, benutzerkonten, benutzerkonto, ccleaner, eingeschränkt, gefährlich, hijack, hijackthis, home, home premium, hosts, hosts-datei, kein taskmanager, klicke, malwarebytes, mbam, neu, panik, pc läuft, pdf, registry, security, security tool, sicherheit, starten, taskmanager, tool, updates, vista, vista home premium, windows updates



Ähnliche Themen: Security Tool - bin ich es los?


  1. Security Tool erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (18)
  2. Security Tool - bin ich sauber?
    Plagegeister aller Art und deren Bekämpfung - 27.03.2011 (11)
  3. Problem: Security Tool (Virus)
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (15)
  4. security tool
    Mülltonne - 27.11.2010 (4)
  5. Security Tool Eingefangen und Entfernt?
    Plagegeister aller Art und deren Bekämpfung - 22.11.2010 (6)
  6. Security Tool Verzeiflung !!!
    Plagegeister aller Art und deren Bekämpfung - 17.11.2010 (1)
  7. Security Tool - Hurra er ist weg
    Plagegeister aller Art und deren Bekämpfung - 24.09.2010 (0)
  8. Security Tool
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (10)
  9. Security Tool losgeworden?
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (10)
  10. Security Tool - erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2010 (6)
  11. Security Tool
    Log-Analyse und Auswertung - 23.07.2010 (1)
  12. Unbekanntes Vista Security Tool
    Log-Analyse und Auswertung - 20.04.2010 (5)
  13. Total Win 7 Security Tool Alert
    Log-Analyse und Auswertung - 03.04.2010 (1)
  14. SecurityTool / Security Tool entfernen
    Anleitungen, FAQs & Links - 22.02.2010 (2)
  15. wie lösche ich security tool?
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (1)
  16. Security Tool
    Plagegeister aller Art und deren Bekämpfung - 11.01.2010 (104)
  17. Security Tool Mysterium
    Plagegeister aller Art und deren Bekämpfung - 25.10.2009 (1)

Zum Thema Security Tool - bin ich es los? - Grüße, geliebtes TB! Vorab als Info: Windows Vista home premium 32bit Opera 10.60 3 Benutzerkonten: 1x Admin - nur für Windows Updates etc genutzt 1x Privat - eingeschränkt und ohne - Security Tool - bin ich es los?...
Archiv
Du betrachtest: Security Tool - bin ich es los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.