Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme

Antiviren-, Firewall- und andere Schutzprogramme: Backdoorprogramm auf Laptop

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 07.09.2010, 08:36   #1
Kékfrankos
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hallo,

ich habe folgendes Problem. Beim öffnen der meisten Ordner, Seiten im Internet etc. öffnet sich ein kleiner Hinweis ( siehe Bild unten ). Nun meine Frage. Wie bekomme ich das wieder weg? Ein Antimalewareprogramm fand nichts, genauso wie Antivira. Greift das Backdoorprogramm schon auf meinen Laptop zu? Systemwiederherstellung schlug fehl. Was kann ich noch machen? Bitte um eure Hilfe. Vielen Dank im voraus. Falls ich im falschen Unterforum bin, sorry dafür.


Geändert von Kékfrankos (07.09.2010 um 08:46 Uhr)

Alt 07.09.2010, 09:12   #2
Chris4You
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris
__________________

__________________

Alt 07.09.2010, 10:34   #3
Kékfrankos
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hallo,

vielen Dank für die schnelle Antwort. Den Laptop hats gerade heruntergefahren. Deswegen darf ich jetzt nochmal alles wiederholen (schlechtes Zeichen??). OTL hab ich aber schon fertig bekommen.

OTL-Editor

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.09.2010 09:49:58 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Melanie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 8,27 Gb Free Space | 5,74% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 144,02 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MELANIE-PC
Current User Name: Melanie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.07 09:44:40 | 000,293,376 | ---- | M] () -- C:\Users\Melanie\Desktop\qeze52ry.exe
PRC - [2010.09.07 08:52:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
PRC - [2010.08.30 08:25:04 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010.06.26 08:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.06.16 09:17:52 | 000,753,664 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 7\PcSync2.exe
PRC - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.06.07 13:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.04.15 08:03:03 | 000,208,896 | ---- | M] (JMMG Communications, Jochen Moschko) -- C:\Programme\BackProtection 8\bp.exe
PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.10.27 10:13:44 | 000,090,112 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclIrSrv.exe
PRC - [2009.08.05 20:46:59 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.10 20:11:46 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.06.01 23:20:12 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.26 22:23:34 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.04 16:32:23 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.10.04 16:32:21 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Melanie\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.07.25 05:40:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.07.17 01:31:32 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008.05.22 15:05:06 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.14 17:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.05.08 02:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.30 19:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.04.10 16:30:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.04.10 16:30:14 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.04.06 22:42:36 | 000,034,040 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008.04.06 22:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008.04.04 03:03:14 | 000,131,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.03.05 11:56:30 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe
PRC - [2008.03.03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.03.27 12:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Acer VCM\acp2HID.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.07 08:52:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
MOD - [2009.04.26 22:22:52 | 000,023,864 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.04.30 16:00:02 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006.07.11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\SweetIM\Messenger\msvcr71.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.05 20:46:59 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.10 20:11:46 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.06.01 23:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.10.04 16:32:16 | 000,024,064 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100)
SRV - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.04.06 22:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008.04.04 03:03:14 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.03.03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.12.21 12:24:06 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.03 16:13:34 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.06.10 20:11:46 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.07 18:23:00 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2009.04.27 21:59:29 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.11 20:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.05.14 17:05:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008.05.14 17:05:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008.05.14 17:05:42 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008.05.08 05:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.18 15:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.03.11 21:02:32 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.22 21:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.01.31 03:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008.01.31 03:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:23 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.01.21 04:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.12.06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.27 00:41:02 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006.11.10 19:23:50 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE2Emdm.sys -- (SE2Emdm)
DRV - [2006.11.10 19:23:48 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE2Emdfl.sys -- (SE2Emdfl)
DRV - [2006.11.10 19:23:42 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE2Ebus.sys -- (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM)
DRV - [2006.11.03 07:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Programme\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 20 68 53 4C 41 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Programme\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2391419"
FF - prefs.js..network.proxy.type: 0
 
 
[2010.08.03 14:40:32 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Extensions
[2010.08.03 14:42:39 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions
[2010.08.03 14:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.03 14:42:39 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions\staged-xpis
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (TranslatorBar 1.2 Toolbar) - {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Programme\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (TranslatorBar 1.2 Toolbar) - {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Programme\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (TranslatorBar 1.2 Toolbar) - {548F6736-8FE4-4680-82F2-170D6C07E1D2} - C:\Programme\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackProtection Hintergrunddienst.lnk = C:\Programme\BackProtection 8\bp.exe (JMMG Communications, Jochen Moschko)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1224782147 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Melanie\Pictures\02.06.09 schatz und ich\002.JPG
O24 - Desktop BackupWallPaper: C:\Users\Melanie\Pictures\02.06.09 schatz und ich\002.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: NAPSywiz - (C:\Windows\system32\krnlnify.dll) - C:\Windows\System32\krnlnify.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.09.07 08:52:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
[2010.09.07 08:39:46 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.09.06 21:19:06 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\Malwarebytes
[2010.09.06 21:18:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.06 21:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.06 21:18:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.06 21:18:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.06 20:53:33 | 000,000,000 | ---D | C] -- C:\EGIS_Drive
[2010.09.06 20:44:23 | 000,000,000 | --SD | C] -- C:\Users\Melanie\BackProtection
[2010.09.06 20:43:38 | 000,000,000 | ---D | C] -- C:\Programme\BackProtection 8
[2010.09.06 19:25:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PCSuite
[2010.09.06 19:25:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia
[2010.09.06 19:21:39 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.09.06 19:18:53 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.09.05 11:04:22 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Desktop\Motive
[2010.08.27 20:28:27 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Desktop\obb_bmpz
[2010.08.24 14:49:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.22 18:13:52 | 000,000,000 | ---D | C] -- C:\gamigo
[2010.08.22 17:50:17 | 657,758,657 | ---- | C] (gamigo.de                                                   ) -- C:\Users\Melanie\Desktop\SBO_Setup_v2.51_25022010.exe
[2010.08.22 17:50:09 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\PMB Files
[2010.08.22 17:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010.08.22 17:49:55 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
[2010.08.12 20:27:37 | 000,000,000 | ---D | C] -- C:\Need4Video files
[2010.08.12 20:24:24 | 000,000,000 | ---D | C] -- C:\Programme\Need4 Software Launcher
[2010.08.12 20:24:14 | 000,000,000 | ---D | C] -- C:\Programme\Need4 Video Converter 7
[2010.08.11 10:28:05 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Tracing
[2010.08.11 10:25:17 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.08.11 10:21:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.08.11 10:20:01 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.08.11 10:19:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.08.11 10:19:43 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.08.11 10:19:17 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.08.11 10:09:45 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.08.03 14:40:13 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\Mozilla
[2010.07.28 10:29:08 | 000,000,000 | ---D | C] -- C:\Programme\TranslatorBar_1.2
[2010.07.26 05:48:22 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.07.25 22:01:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.07.19 20:32:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.06.25 09:01:33 | 000,000,000 | ---D | C] -- C:\Programme\MW
[2010.06.25 07:21:19 | 000,000,000 | ---D | C] -- C:\gmax
[2010.06.25 07:20:33 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010.06.21 11:53:58 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Desktop\Bewerbung Melanie
[2010.06.10 16:11:08 | 000,000,000 | ---D | C] -- C:\Programme\Gmax
[2010.04.07 10:37:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeEEF3.dll
[2008.09.10 18:54:41 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.09.07 09:54:04 | 003,932,160 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat
[2010.09.07 09:44:40 | 000,293,376 | ---- | M] () -- C:\Users\Melanie\Desktop\qeze52ry.exe
[2010.09.07 09:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.07 09:04:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 09:04:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 08:52:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
[2010.09.07 08:40:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010.09.07 07:10:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.07 06:04:43 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.09.06 21:18:55 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.06 21:09:26 | 000,002,299 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\acervcmtmp.ini
[2010.09.06 21:05:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.09.06 21:04:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.06 21:04:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.06 21:04:47 | 3146,633,216 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.06 20:59:39 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{86966b68-6af0-11df-adb2-001d72c6155e}.TMContainer00000000000000000001.regtrans-ms
[2010.09.06 20:59:39 | 000,065,536 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{86966b68-6af0-11df-adb2-001d72c6155e}.TM.blf
[2010.09.06 20:59:37 | 002,033,277 | -H-- | M] () -- C:\Users\Melanie\AppData\Local\IconCache.db
[2010.09.06 20:43:59 | 000,000,864 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackProtection Hintergrunddienst.lnk
[2010.09.06 19:25:41 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.09.06 19:04:34 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.06 19:04:34 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.06 19:04:34 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.06 19:04:34 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.06 19:04:34 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.31 21:38:53 | 000,000,000 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\FileOut.cns
[2010.08.31 21:38:53 | 000,000,000 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\FileIn.cns
[2010.08.28 17:54:33 | 000,001,979 | ---- | M] () -- C:\Users\Melanie\Desktop\Windows Live Messenger .lnk
[2010.08.28 00:46:00 | 000,328,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.27 21:26:52 | 000,087,144 | ---- | M] () -- C:\Users\Melanie\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.27 11:21:54 | 000,083,968 | ---- | M] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.23 19:28:07 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.23 08:12:37 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.22 18:17:53 | 000,000,727 | ---- | M] () -- C:\Users\Public\Desktop\SnowBound Online.lnk
[2010.08.22 18:13:01 | 657,758,657 | ---- | M] (gamigo.de                                                   ) -- C:\Users\Melanie\Desktop\SBO_Setup_v2.51_25022010.exe
[2010.08.22 17:49:01 | 001,683,128 | ---- | M] () -- C:\Users\Melanie\Desktop\SnowboundDownloader_DE_v2.51_25022010.exe
[2010.08.22 15:32:19 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.08.13 10:28:56 | 000,550,400 | ---- | M] () -- C:\Users\Melanie\Desktop\Tanja.MSWMM
[2010.08.12 20:25:26 | 000,005,056 | ---- | M] () -- C:\ProgramData\drctchbl.xvi
[2010.08.12 20:24:58 | 000,004,110 | ---- | M] () -- C:\ProgramData\xqkcebzs.dik
[2010.08.12 20:24:28 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\Need4 Software Launcher.lnk
[2010.08.12 20:23:13 | 044,272,661 | ---- | M] () -- C:\Users\Melanie\Desktop\videoconvertersetup.exe
[2010.08.03 14:40:15 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.07.28 10:13:59 | 003,229,546 | ---- | M] () -- C:\Users\Melanie\Desktop\YouTubeDownloaderSetup_256.exe
[2010.07.25 22:02:14 | 000,001,036 | ---- | M] () -- C:\Users\Melanie\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.22 16:33:06 | 000,005,972 | ---- | M] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat
[2010.06.30 12:11:54 | 000,000,158 | ---- | M] () -- C:\Windows\TSDataEx.ini
[2010.06.30 12:11:54 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010.06.30 12:11:54 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010.06.25 09:04:30 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\TGATool2A.lnk
[2010.06.25 09:04:09 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AceIt.lnk
[2010.06.25 09:00:40 | 000,001,716 | ---- | M] () -- C:\Users\Melanie\Desktop\Route_Riter.lnk
[2010.06.25 08:23:42 | 000,000,126 | ---- | M] () -- C:\MkrMaker.ini
[2010.06.10 15:37:17 | 019,683,840 | ---- | M] () -- C:\Users\Melanie\Desktop\gmax12.exe
 
========== Files Created - No Company Name ==========
 
[2010.09.07 09:44:36 | 000,293,376 | ---- | C] () -- C:\Users\Melanie\Desktop\qeze52ry.exe
[2010.09.07 08:39:57 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010.09.06 21:18:55 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.06 20:43:59 | 000,000,864 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackProtection Hintergrunddienst.lnk
[2010.09.06 19:25:41 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.08.28 17:54:33 | 000,001,979 | ---- | C] () -- C:\Users\Melanie\Desktop\Windows Live Messenger .lnk
[2010.08.28 00:47:58 | 000,002,299 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\acervcmtmp.ini
[2010.08.22 18:17:53 | 000,000,727 | ---- | C] () -- C:\Users\Public\Desktop\SnowBound Online.lnk
[2010.08.22 17:48:55 | 001,683,128 | ---- | C] () -- C:\Users\Melanie\Desktop\SnowboundDownloader_DE_v2.51_25022010.exe
[2010.08.12 20:25:26 | 000,005,056 | ---- | C] () -- C:\ProgramData\drctchbl.xvi
[2010.08.12 20:24:58 | 000,004,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010.08.12 20:24:28 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\Need4 Software Launcher.lnk
[2010.08.12 20:22:59 | 044,272,661 | ---- | C] () -- C:\Users\Melanie\Desktop\videoconvertersetup.exe
[2010.08.12 20:07:54 | 000,550,400 | ---- | C] () -- C:\Users\Melanie\Desktop\Tanja.MSWMM
[2010.08.03 14:40:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.28 10:13:53 | 003,229,546 | ---- | C] () -- C:\Users\Melanie\Desktop\YouTubeDownloaderSetup_256.exe
[2010.06.25 09:01:34 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\TGATool2A.lnk
[2010.06.25 08:55:14 | 000,001,716 | ---- | C] () -- C:\Users\Melanie\Desktop\Route_Riter.lnk
[2010.06.17 17:48:06 | 000,000,126 | ---- | C] () -- C:\MkrMaker.ini
[2010.06.14 18:39:54 | 000,000,000 | ---- | C] () -- C:\FileOut.Cns
[2010.06.14 18:39:54 | 000,000,000 | ---- | C] () -- C:\FileIn.Cns
[2010.06.10 15:36:48 | 019,683,840 | ---- | C] () -- C:\Users\Melanie\Desktop\gmax12.exe
[2010.05.28 07:31:00 | 000,000,012 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\vqdlkr.dat
[2010.05.09 19:22:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.02.24 12:57:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.23 14:50:06 | 000,005,972 | ---- | C] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat
[2009.11.14 18:33:49 | 000,000,158 | ---- | C] () -- C:\Windows\TSDataEx.ini
[2009.11.03 16:13:34 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.01 16:35:56 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\FileOut.cns
[2009.11.01 16:35:56 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\FileIn.cns
[2009.07.06 13:27:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.05 12:07:49 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.05.07 18:47:01 | 000,000,194 | ---- | C] () -- C:\Windows\Sierra.ini
[2008.10.05 00:05:18 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\wklnhst.dat
[2008.10.04 21:55:48 | 000,083,968 | ---- | C] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.10 18:43:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.09.10 09:12:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.09.10 09:10:18 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.09.10 09:10:18 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.09.10 09:09:20 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.05.07 20:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.07 20:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.07 20:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.30 10:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.30 10:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.04.30 10:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.04.30 10:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.07 01:01:19 | 000,121,562 | ---- | C] () -- C:\Windows\System32\PicFormat32.dll
[2003.07.13 05:40:28 | 000,217,088 | ---- | C] () -- C:\Windows\System32\SAWZipNG.dll
[2002.03.13 07:46:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997.11.10 16:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
 
========== LOP Check ==========
 
[2008.12.22 23:14:43 | 000,000,000 | -HSD | M] -- C:\Users\Melanie\AppData\Roaming\.#
[2008.10.08 18:17:35 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Acer
[2008.05.07 20:02:23 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Acer GameZone Console
[2008.10.12 20:08:34 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Big Fish Games
[2009.11.03 16:13:09 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\DAEMON Tools Pro
[2008.10.04 20:47:32 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\eSobi
[2008.10.10 18:12:11 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\FloodLightGames
[2008.10.15 23:19:55 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Gaijin Ent
[2008.10.10 14:58:35 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Gearbox Software
[2010.06.02 15:03:15 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\GHISLER
[2010.05.22 21:45:18 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\ICQ
[2008.10.13 19:37:42 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\iWin
[2010.05.09 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\MAGIX
[2010.09.06 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Nokia
[2010.08.25 11:10:23 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\PC Suite
[2008.10.11 23:33:04 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\PlayFirst
[2009.12.21 09:29:22 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\temp
[2008.10.05 00:05:56 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Template
[2010.03.12 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\TuneUp Software
[2010.03.15 12:20:46 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Uniblue
[2010.09.07 08:40:01 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010.09.06 20:59:55 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:131C0EE9
< End of report >
         
--- --- ---


Extras-Editor

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.09.2010 09:49:58 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Melanie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 8,27 Gb Free Space | 5,74% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 144,02 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MELANIE-PC
Current User Name: Melanie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B0CCEC36-0F68-4200-9333-07ABDC9E6849}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B3743900-03CE-48DB-AB35-E7E997A036C3}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046CAE90-41BD-4DFF-9F66-69CBDABEA0DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0515AB49-D391-4A91-8DAF-53C4D3C2F355}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{057C4092-4B25-4539-939B-63111302ADC0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AA0CB6D-250A-497E-896F-CC4E0E01269B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C6E0F10-7302-4C2B-8930-67DB8668572A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{0E42E275-4EDB-4BE4-9107-69835DD8382A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1078D01E-5551-4BBA-B6D4-0A4CB6DB4C87}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{13B1B061-F775-40F5-BC17-822DAEDA0C4E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{174BDFC6-5957-4BEA-BC23-14F8680CF8FD}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{18F13C8A-2F99-4689-A939-5F2BEEEE4676}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B31B917-3FB6-4893-AEFB-86D65F402F3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1F4BF65C-AD70-4820-A638-34912EDC82B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{201477B6-A117-44F3-A075-F09B1F3E8CC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2BD739EF-A368-40D8-8694-38C445AFF41E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2CDCF5F8-6BE7-4195-B77A-DBE6DC9C8B00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D6C587F-53A7-41DA-A284-844F79B44E52}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2DB9864A-7249-4E0B-9B05-84DF35F6E304}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{2E12FE3B-F0BF-4E1B-875B-01449643E220}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E39948B-3696-4D57-A6BE-DC4061598B5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F95D4F7-1A70-4609-8797-1F4695C71702}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30B1BB7C-47DA-409F-9A46-272821AD65E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{31A2002C-2D07-4788-A180-D1FB7DF92E6E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{31EE60CF-0E6A-4F5E-A2B9-23EE956A20DA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{32C776B1-88B3-498B-BDDD-382E5DA221A5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{34F8E6F2-3633-4471-8D44-EA6DD247C4BE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{357157BD-043D-4229-97C7-6BEABC42647F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{381AAF77-5325-44C7-BBDF-1F1A67E76AC2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3867FFCB-159C-405B-AB2E-64EEAB55BD47}" = protocol=6 | dir=in | app=c:\gamigo\snowboundonline\run.exe | 
"{38FE7F86-9D6B-43F3-A7D0-D452EB973705}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{39543FCA-E84E-4C40-BDBD-3AD976759DFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F191BD8-E698-460A-8E8B-39B1F3923758}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{40F6633E-C7F1-4B60-A140-293DB36D74F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{473D0EBB-ED72-4BCD-9868-A12242E9F7ED}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{4D013F74-3C09-499E-9EE2-04EC2B33842C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4E03B8D7-3820-4ABB-B0FD-3C8D279BE0B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4E68C5A0-5745-45E5-9D6F-310383B088EA}" = protocol=17 | dir=in | app=e:\libneap.dll | 
"{5042E790-1744-4447-AD2D-8B89F17ADD43}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5426B4D8-11C5-4418-B531-70355A855A0D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5AD711F2-CD42-429E-818E-E2A72FAD3FF2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{5EB66F48-0DF4-49AE-8897-76AEDA2FA512}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F445A37-1343-4DEB-A2C3-B705E4382C35}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{623F3F0C-96E3-4507-BC2C-6751D634CA79}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{663E24DB-746F-4613-A025-711B5352DF9A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6698C2B0-0C8C-4BB4-AC2D-76CBD39FA84B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{66EB64F4-4600-4C86-B478-2BC2E528FDAA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{686C827B-3F1E-4B91-834A-B92FBE144655}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{69E15D11-2F91-4A1A-BA60-6DFB87DF6DBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C6D270D-9A2E-495B-B7B3-20CCAC190787}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6CAD8071-31AD-4DBA-B819-2FEE6DD0200E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6CD629A3-AF4A-4EE4-B3DB-759E3ED6EEA3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{74BEE852-5C5F-4F60-9C63-6033F6513F06}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{785670C8-D6E0-41A8-B487-054B9F423C3A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7C0A7420-F5A9-4FB3-A313-79B5B5F94228}" = protocol=6 | dir=in | app=e:\libneap.dll | 
"{7EC7D901-F7A4-4E8A-8BEF-B0AA9FB84F81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A242C81-33AC-4B6C-9D23-50A4360AC30C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8AF0D93E-83E2-460D-B674-27487D45D47D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B2B9469-10B8-4B65-9139-D84FB2585854}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B3488E5-E66D-4C64-A6D6-400D01F097BA}" = protocol=17 | dir=in | app=e:\dwizard615.exe | 
"{912C173F-76FA-43A2-9A1B-1217ADBCA054}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{92199FC9-675B-41DD-A674-A697D6DF84FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E00047A-456B-4324-9237-5B8996187512}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A14FF724-1692-4982-9999-8DDA3BD64CF4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A7898854-4855-42AD-A680-595A87E9CCC5}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{A7F136AA-66E0-4782-AD73-4100136243C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ABE5CFA9-8510-4F6C-A17F-FA7AF7F79FBF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5195AB3-74D6-41FD-AC3E-F13518F4641A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7750CF6-AD6A-4023-B1F8-4AFF7CC5C0E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B77F9E97-92E6-4165-8073-C25B985F7ABA}" = protocol=17 | dir=in | app=c:\gamigo\snowboundonline\run.exe | 
"{C120845B-15ED-4155-878E-ABE812208B34}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C815E185-D1CB-49C9-ADE5-0C3CA3A3EC04}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{C9361CDA-5327-41E0-986C-6AC76875DDCA}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{CAE458B9-6B41-469F-81C2-009550143045}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD04A254-A2E8-4ADB-96D2-91074CD83499}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{D4B234B0-B109-4106-8A6F-C16FC6F18713}" = protocol=6 | dir=in | app=e:\dwizard615.exe | 
"{D5CB2415-F15F-4148-88D8-73081C54F0D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D72A2A13-2176-4554-B5AB-EC4DCC6F27CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D89BC81B-F048-4FFE-A0FC-7F79DCDDF241}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DBF97DF8-19E3-4347-9A10-EBB5EAE7D1D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC5A5504-5DBC-44E1-9F93-576CA513434C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DFCE3B1E-5608-4F48-9692-11E4FE1FB82D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{E951B1DB-74A9-4390-A214-B7CC94EA1A66}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9BB441F-C6F6-4FBD-A10D-C7B17E32BEB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9D31E29-0BE1-4F04-8955-5B8661B6F271}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF8F2DCF-6C91-4317-9FFF-5F6773A7FD87}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F25B8834-D667-4269-B7F7-932B44911059}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F39D629A-C59F-4EFE-8701-1FB8572EA983}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F85931DE-2FCE-4B1D-9202-52E3324F2007}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{F96C5476-AEE3-4280-A7D4-5953188EFA71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{0A04BDCF-CCDA-4B29-B6B4-20626F0EA5B5}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"TCP Query User{2986400D-C5D6-486C-9ADD-CDE44E75D3ED}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{3574FA08-1F87-4ED2-B8DC-3A7BEFF021B0}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"TCP Query User{4BF1F50E-E8AF-4079-BEEA-27C2A6AC8D50}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{A4685A39-4761-488F-AEEE-68E338D03644}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | 
"TCP Query User{E79382BD-A4B3-499A-802B-41D15751A6B6}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | 
"UDP Query User{0894D49F-80BA-4011-A4BB-59E5B5CB123C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{54B5A8BF-7CE4-41F3-B3CD-51C0929F8BD8}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"UDP Query User{5763FB3E-FBCE-4FE8-A52D-332677094EA9}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | 
"UDP Query User{9410DC36-2531-4B37-AC81-84863F76C926}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | 
"UDP Query User{CA796A13-5E4C-43B8-BCCD-510B80B436E6}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"UDP Query User{FEAD0ED5-B023-4930-A4EB-EEA445753E6A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1D049523-F355-4848-AB92-0CB5AC9409AF}_is1" = SnowBound Online v2.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.7.0519
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79AE77D7-7E8C-4A98-B32B-A941736DBFA6}_is1" = Texas Hold'em Poker - Royal-Flush-Edition 2007
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8226A577-657C-4961-8DDC-EAC8DF61B465}" = Microsoft Train Simulator gmax Gamepack
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16ECDF4-DA6F-418F-947A-C1652B5CFD96}" = SweetIM for Messenger 2.7
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem  (11/03/2006 6.82.0.1)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"AceIt_is1" = AceIt v1.3.1
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Big Fun Maxi Minigolf" = Big Fun Maxi Minigolf
"BrothersInArms" = Brothers In Arms
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Convoi" = Convoi 1.50
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EA Download Manager" = EA Download Manager
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"H-Start Bc fekvõhelyes kocsi" = H-Start Bc fekvõhelyes kocsi
"H-Start WLAB hálókocsi" = H-Start WLAB hálókocsi
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MÁV-Start Bd Telepítõ program" = MÁV-Start Bd Telepítõ program
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSTS Activity Mover_is1" = MSTS Activity Mover, 1.0
"Need4 Software Launcher" = Need4 Software Launcher 7.1
"Need4 Video Converter 7" = Need4 Video Converter 7
"Nokia PC Suite" = Nokia PC Suite
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TGATool2A_is1" = TGATool2A version 4.00.34
"The route Bratislava-Brno-Praha for MSTS_is1" = The route Bratislava-Brno-Praha for MSTS version from  BP 77 / 
"Train Simulator 1.0" = Microsoft Train Simulator
"Train Store (German Language Pack)" = Train Store (German Language Pack)
"Train Store V3.2" = Train Store V3.2
"TranslatorBar_1.2 Toolbar" = TranslatorBar 1.2 Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World Series of Poker TOC" = World Series of Poker: TOC
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyProduct" = MyProduct
"Route_Riter v7.5" = Route_Riter v7.5
"Tiszántúl 2" = Tiszántúl 2
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2010 23:51:58 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.05.2010 23:52:02 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.05.2010 23:52:02 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.05.2010 13:56:23 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2010 13:56:27 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.05.2010 13:56:27 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.05.2010 14:03:26 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2010 14:04:48 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2010 14:04:51 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.05.2010 14:04:51 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 05.09.2010 05:07:19 | Computer Name = Melanie-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 05.09.2010 05:07:19 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 05.09.2010 05:07:19 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 05.09.2010 14:34:31 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 05.09.2010 14:34:31 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 05.09.2010 14:36:53 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 05.09.2010 14:36:53 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 06.09.2010 00:02:51 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.09.2010 13:19:09 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 06.09.2010 15:05:16 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 12.06.2010 15:01:08 | Computer Name = Melanie-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >
         
--- --- ---


Ich hoffe, damit kann man schon was anfangen? Nachdem der Lappi wieder hochgefahren wurde, kam eine Meldung, das irgendwas im Programm geändert wurde.
Vielen Dank im voraus.

Viele Grüße
__________________

Alt 07.09.2010, 11:04   #4
Chris4You
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hi,

wer oder was hat den Laptop runtergefahren? Windows oder MAM nach dem Scannen?

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\system32\krnlnify.dll
C:\Windows\System32\NTIOFM4.dll
C:\Windows\System32\NTIBUN5.dll
e:\libneap.dll
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Achtung: Die ersten zwei Files sind hidden!

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:
ATTFilter
:OTL
O36 - AppCertDlls: NAPSywiz - (C:\Windows\system32\krnlnify.dll) - C:\Windows\System32\krnlnify.dll File not found
[2010.08.12 20:24:58 | 000,004,110 | ---- | M] () -- C:\ProgramData\xqkcebzs.dik
[2010.08.12 20:25:26 | 000,005,056 | ---- | M] () -- C:\ProgramData\drctchbl.xvi
[2010.05.28 07:31:00 | 000,000,012 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\vqdlkr.dat

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:131C0EE9

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = dword:0x00

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Lass unbedingt GMER laufen...

Zusätzlich noch:

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 07.09.2010, 11:41   #5
Kékfrankos
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hallo,

der Laptop wurde schier unscheinbar ohne Fremdeinwirkung heruntergefahren. Zumindest nicht durch mich.
Und bei Virtustotal muss ich ja auf "Search" klicken. Da kam bei allen 4 Dateien "Not found". Ist das normal.

MBR-Check

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5730
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 156):
0x82643000 \SystemRoot\system32\ntkrnlpa.exe
0x82610000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047D000 \SystemRoot\system32\PSHED.dll
0x8048E000 \SystemRoot\system32\BOOTVID.dll
0x80496000 \SystemRoot\system32\CLFS.SYS
0x804D7000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\System32\Drivers\spup.sys
0x8078F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80798000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x805B7000 \SystemRoot\system32\drivers\acpi.sys
0x807BE000 \SystemRoot\system32\drivers\msisadrv.sys
0x807C6000 \SystemRoot\system32\drivers\pci.sys
0x807ED000 \SystemRoot\System32\drivers\partmgr.sys
0x807FC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A40A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A414000 \SystemRoot\system32\drivers\volmgr.sys
0x8A423000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A46D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A47D000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A485000 \SystemRoot\system32\drivers\atapi.sys
0x8A48D000 \SystemRoot\system32\drivers\ataport.SYS
0x8A4AB000 \SystemRoot\system32\drivers\msahci.sys
0x8A4B5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A4C3000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A4F5000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A505000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A50E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A602000 \SystemRoot\system32\drivers\ndis.sys
0x8A70D000 \SystemRoot\system32\drivers\msrpc.sys
0x8A738000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A80A000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB1C000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB55000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB5D000 \SystemRoot\System32\Drivers\mup.sys
0x8AB6C000 \SystemRoot\System32\drivers\ecache.sys
0x8AB93000 \SystemRoot\system32\drivers\disk.sys
0x8ABA4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABC5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABF0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8F403000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8FAE7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FB88000 \SystemRoot\System32\drivers\watchdog.sys
0x8FB94000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FB9F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FBDD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A90F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A99C000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8FC0A000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8FD0C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FD10000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FD23000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8FD2D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FD38000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FD67000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FD69000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FD74000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FD8C000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8FD94000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8FD9D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FDAC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A773000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FDDB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FDE6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
OTL wurde auch ausgeführt.

Zitat:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\NAPSywiz:C:\Windows\system32\krnlnify.dll deleted successfully.
C:\ProgramData\xqkcebzs.dik moved successfully.
C:\ProgramData\drctchbl.xvi moved successfully.
C:\Users\Melanie\AppData\Roaming\vqdlkr.dat moved successfully.
ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:193426B4 deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
ADS C:\ProgramData\TEMP:8173A019 deleted successfully.
ADS C:\ProgramData\TEMP:2B99FE60 deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
ADS C:\ProgramData\TEMP:FC420CE6 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully.
ADS C:\ProgramData\TEMP:131C0EE9 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 56620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Melanie
->Temp folder emptied: 306820804 bytes
->Temporary Internet Files folder emptied: 52810998 bytes
->Java cache emptied: 52144375 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 292205 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5906401 bytes
RecycleBin emptied: 50409058 bytes

Total Files Cleaned = 448,00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09072010_112415

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
GMER

Zitat:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit quick scan 2010-09-07 11:40:38
Windows 6.0.6002 Service Pack 2
Running: qeze52ry.exe; Driver: C:\Users\Melanie\AppData\Local\Temp\pwldifow.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 858AF1F8
Device \FileSystem\fastfat \Fat 86FD61F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Hoffe das ist alles so richtig.
Vielen Dank.


Alt 07.09.2010, 12:36   #6
Chris4You
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hi,

kopiere bei Virustotal den Pfad mit file gleich in das eingabefeld...
Also z. B. C:\Windows\system32\krnlnify.dll markieren, kopieren und in das Eingabefeld bei virustotal einfügen (strg+v)...

Taucht der Fehler noch auf?

chris
__________________
--> Backdoorprogramm auf Laptop

Alt 07.09.2010, 14:19   #7
Kékfrankos
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hallo,

also da kann ich garnichts einfügen bei Upload a File. Eingeben kann ich da auch nichts.

Viele Grüße

EDIT: Also auf Durchsuchen habe ich nun geklickt. Da hat es ein Protokoll gefunden, welches ich nun über Virtustotal gesucht habe. Da kam folgendes raus.

Zitat:
AhnLab-V3 2010.09.07.00 2010.09.07 -
AntiVir 8.2.4.50 2010.09.07 -
Antiy-AVL 2.0.3.7 2010.09.07 -
Authentium 5.2.0.5 2010.09.07 -
Avast 4.8.1351.0 2010.09.07 -
Avast5 5.0.594.0 2010.09.07 -
AVG 9.0.0.851 2010.09.07 -
BitDefender 7.2 2010.09.07 -
CAT-QuickHeal 11.00 2010.09.07 -
ClamAV 0.96.2.0-git 2010.09.07 -
Comodo 5999 2010.09.07 -
DrWeb 5.0.2.03300 2010.09.07 -
Emsisoft 5.0.0.37 2010.09.07 -
eSafe 7.0.17.0 2010.09.05 -
eTrust-Vet 36.1.7839 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.07 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.07 -
Ikarus T3.1.1.88.0 2010.09.07 -
Jiangmin 13.0.900 2010.09.07 -
K7AntiVirus 9.63.2453 2010.09.06 -
Kaspersky 7.0.0.125 2010.09.07 -
McAfee 5.400.0.1158 2010.09.07 -
McAfee-GW-Edition 2010.1B 2010.09.07 -
Microsoft 1.6103 2010.09.07 -
NOD32 5430 2010.09.07 -
Norman 6.05.11 2010.09.06 -
nProtect 2010-09-07.02 2010.09.07 -
Panda 10.0.2.7 2010.09.06 -
PCTools 7.0.3.5 2010.09.07 -
Prevx 3.0 2010.09.07 -
Rising 22.64.01.04 2010.09.07 -
Sophos 4.57.0 2010.09.07 -
Sunbelt 6841 2010.09.07 -
SUPERAntiSpyware 4.40.0.1006 2010.09.07 -
Symantec 20101.1.1.7 2010.09.07 -
TheHacker 6.5.2.1.366 2010.09.07 -
TrendMicro 9.120.0.1004 2010.09.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.07 -
VBA32 3.12.14.0 2010.09.06 -
ViRobot 2010.8.25.4006 2010.09.07 -
VirusBuster 12.64.20.0 2010.09.06
Vielen Dank.

Alt 07.09.2010, 16:09   #8
Chris4You
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hi,

was macht der Rechner?
Das MBRChreck.Log ist nicht vollständig, da fehlt der Rest, bitte noch mal posten...
Welche Datei hast Du analysieren lassen? Auch da fehlt der Vorspann und der Nachspann mit Prüfsummen etc....

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 07.09.2010, 16:52   #9
Kékfrankos
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hallo,

auch mein Rechner.........fährt sich immer öfters fest, seltsame Abstürze etc.
Vielleicht überlastet?

Bei MBR kam jetzt noch weniger raus.

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5730
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 155):
0x82610000 \SystemRoot\system32\ntkrnlpa.exe
0x829C9000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\System32\Drivers\spei.sys
0x8078A000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80793000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
Analysiert habe ich mit Virtustotal diese Datei: "Protokoll.txt"
dieses kam dabei raus.

Zitat:
File name: Protokoll.txt
Submission date: 2010-09-07 14:19:27 (UTC)
Current status: queued queued analysing finished
Result: 0/ 43 (0.0%)

AhnLab-V3 2010.09.07.01 2010.09.07 -
AntiVir 8.2.4.50 2010.09.07 -
Antiy-AVL 2.0.3.7 2010.09.07 -
Authentium 5.2.0.5 2010.09.07 -
Avast 4.8.1351.0 2010.09.07 -
Avast5 5.0.594.0 2010.09.07 -
AVG 9.0.0.851 2010.09.07 -
BitDefender 7.2 2010.09.07 -
CAT-QuickHeal 11.00 2010.09.07 -
ClamAV 0.96.2.0-git 2010.09.07 -
Comodo 6000 2010.09.07 -
DrWeb 5.0.2.03300 2010.09.07 -
Emsisoft 5.0.0.37 2010.09.07 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7839 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.07 -
Fortinet 4.1.143.0 2010.09.07 -
GData 21 2010.09.07 -
Ikarus T3.1.1.88.0 2010.09.07 -
Jiangmin 13.0.900 2010.09.07 -
K7AntiVirus 9.63.2453 2010.09.06 -
Kaspersky 7.0.0.125 2010.09.07 -
McAfee 5.400.0.1158 2010.09.07 -
McAfee-GW-Edition 2010.1B 2010.09.07 -
Microsoft 1.6103 2010.09.07 -
NOD32 5431 2010.09.07 -
Norman 6.06.05 2010.09.07 -
nProtect 2010-09-07.02 2010.09.07 -
Panda 10.0.2.7 2010.09.07 -
PCTools 7.0.3.5 2010.09.07 -
Prevx 3.0 2010.09.07 -
Rising 22.64.01.04 2010.09.07 -
Sophos 4.57.0 2010.09.07 -
Sunbelt 6841 2010.09.07 -
SUPERAntiSpyware 4.40.0.1006 2010.09.07 -
Symantec 20101.1.1.7 2010.09.07 -
TheHacker 6.5.2.1.366 2010.09.07 -
TrendMicro 9.120.0.1004 2010.09.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.07 -
VBA32 3.12.14.0 2010.09.06 -
ViRobot 2010.8.25.4006 2010.09.07 -
VirusBuster 12.64.20.0 2010.09.06 -

Additional informationShow all
MD5 : aedf8ddd8e1f1fd5b66b2b3e5a49e1e5
SHA1 : fa972de973cb4b05ecc6fc7e4b14d3aba9ab8e4b
SHA256: c9a56452d13b033abc956bc60466b41e5a4204ee6efa280a5f5fa874159e569e
ssdeep: 96:a1tCtoti2ex99VGlBUztUdUDlLUQpUbzCUcGUHUWZ0ceg/ZeKUBUzvN:24SsVDWtI1
File size : 3237 bytes
First seen: 2010-09-07 14:19:27
Last seen : 2010-09-07 14:19:27
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
Viele Grüße

Alt 07.09.2010, 17:18   #10
Chris4You
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hi,

äh, das Log von MBRCheck ist immer noch nicht vollständig, ich brauche das gesamte Log bsi zum Ende...
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • [b]Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.[b]
Poste bitte den Inhalt des .txt Dokumentes. Falls das nicht in einen Post passt, bitte auf mehrere verteilen...

Wieso lässt du die die Protokol.txt überprüfen bei virustotal. Zu überprüfen sind:
Code:
ATTFilter
C:\Windows\system32\krnlnify.dll
C:\Windows\System32\NTIOFM4.dll
C:\Windows\System32\NTIBUN5.dll
e:\libneap.dll
         
Arbeite das bitte noch ab:
http://www.trojaner-board.de/86574-bootkit-remover.html

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 07.09.2010, 18:17   #11
Kékfrankos
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hallo,

bei MBR gibts nicht mehr. Das ist alles gewesen, was in der .txt-Datei steht.
Hier nochmal.

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5730
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 155):
0x82610000 \SystemRoot\system32\ntkrnlpa.exe
0x829C9000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\System32\Drivers\spei.sys
0x8078A000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80793000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B9000 \SystemRoot\system32\drivers\acpi.sys
0x805B2000 \SystemRoot\system32\drivers\msisadrv.sys
0x805BA000 \SystemRoot\system32\drivers\pci.sys
0x805E1000 \SystemRoot\System32\drivers\partmgr.sys
0x805F0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x805F3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A401000 \SystemRoot\system32\drivers\volmgr.sys
0x8A410000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A45A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A46A000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A472000 \SystemRoot\system32\drivers\atapi.sys
0x8A47A000 \SystemRoot\system32\drivers\ataport.SYS
0x8A498000 \SystemRoot\system32\drivers\msahci.sys
0x8A4A2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A4B0000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A4E2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A4F2000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A4FB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A604000 \SystemRoot\system32\drivers\ndis.sys
0x8A70F000 \SystemRoot\system32\drivers\msrpc.sys
0x8A73A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A80A000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB16000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB4F000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB57000 \SystemRoot\System32\Drivers\mup.sys
0x8AB66000 \SystemRoot\System32\drivers\ecache.sys
0x8AB8D000 \SystemRoot\system32\drivers\disk.sys
0x8AB9E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABBF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABEA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABF5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8EC05000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F2E9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F38A000 \SystemRoot\System32\drivers\watchdog.sys
0x8F396000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F3A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F3DF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A90F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A99C000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8F603000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8F705000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F709000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F71C000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8F726000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F731000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F760000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F762000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F76D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F785000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8F78D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F796000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F7A5000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A775000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F7D4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F7DF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F3EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A7B6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A9E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A7D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A56C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A7ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F7F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A581000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A800000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A5AB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A5B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A5ED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FA04000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FC0C000 \SystemRoot\system32\drivers\portcls.sys
0x8FC39000 \SystemRoot\system32\drivers\drmk.sys
0x8FC5E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8FD84000 \SystemRoot\system32\drivers\modem.sys
0x8FD91000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FD9A000 \SystemRoot\System32\Drivers\Null.SYS
0x8FDA1000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FDA8000 \SystemRoot\System32\drivers\vga.sys
0x8FDB4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FDD5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FDDD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FDE5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FDF0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A9F7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FE01000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FE17000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FE2B000 \SystemRoot\system32\drivers\afd.sys
0x8FE73000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FEA5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FEBB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FEC9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FEDC000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FEE2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FF1E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FF28000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FF3F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8FF5B000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8FF5D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FF74000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8FF95000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8FFBD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FFC6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FFD6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FFDD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FFE5000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8ABC8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8ABD5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8ABE0000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x98000000 \SystemRoot\System32\win32k.sys
0x98607000 \SystemRoot\System32\drivers\Dxapi.sys
0x98611000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98220000 \SystemRoot\System32\TSDDD.dll
0x98240000 \SystemRoot\System32\cdd.dll
0x98620000 \SystemRoot\system32\drivers\luafv.sys
0x9863B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9864F000 \??\C:\Windows\system32\drivers\ACEDRV09.sys
0x986B2000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x986C4000 \SystemRoot\system32\DRIVERS\irda.sys
0x986E2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x986F2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9871C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98726000 \SystemRoot\system32\DRIVERS\rspndr.sys
Virustotal

Zitat:
File name: NTIOFM4.dll
Submission date: 2010-09-07 16:21:35 (UTC)
Current status: queued (#5) queued (#5) analysing finished


Result: 1/ 43 (2.3%)

AhnLab-V3 2010.09.07.01 2010.09.07 -
AntiVir 8.2.4.50 2010.09.07 -
Antiy-AVL 2.0.3.7 2010.09.07 -
Authentium 5.2.0.5 2010.09.07 -
Avast 4.8.1351.0 2010.09.07 -
Avast5 5.0.594.0 2010.09.07 -
AVG 9.0.0.851 2010.09.07 -
BitDefender 7.2 2010.09.07 -
CAT-QuickHeal 11.00 2010.09.07 -
ClamAV 0.96.2.0-git 2010.09.07 -
Comodo 6002 2010.09.07 -
DrWeb 5.0.2.03300 2010.09.07 -
Emsisoft 5.0.0.37 2010.09.07 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7839 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.07 -
Fortinet 4.1.143.0 2010.09.07 -
GData 21 2010.09.07 -
Ikarus T3.1.1.88.0 2010.09.07 -
Jiangmin 13.0.900 2010.09.07 -
K7AntiVirus 9.63.2463 2010.09.07 -
Kaspersky 7.0.0.125 2010.09.07 -
McAfee 5.400.0.1158 2010.09.07 -
McAfee-GW-Edition 2010.1B 2010.09.07 -
Microsoft 1.6103 2010.09.07 -
NOD32 5431 2010.09.07 -
Norman 6.06.05 2010.09.07 -
nProtect 2010-09-07.02 2010.09.07 -
Panda 10.0.2.7 2010.09.07 -
PCTools 7.0.3.5 2010.09.07 -
Prevx 3.0 2010.09.07 -
Rising 22.64.01.04 2010.09.07 -
Sophos 4.57.0 2010.09.07 -
Sunbelt 6842 2010.09.07 -
SUPERAntiSpyware 4.40.0.1006 2010.09.07 Rogue.Agent/Gen-Nullo[DLL]
Symantec 20101.1.1.7 2010.09.07 -
TheHacker 6.5.2.1.366 2010.09.07 -
TrendMicro 9.120.0.1004 2010.09.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.07 -
VBA32 3.12.14.0 2010.09.07 -
ViRobot 2010.8.25.4006 2010.09.07 -
VirusBuster 12.64.21.0 2010.09.07 -
Additional informationShow all
MD5 : ea51997ab890fb21338b2157f159d8dd
SHA1 : 93096f963768abc039dd15fee0af8351b34e3cda
SHA256: 8f6b86d7d9202b4fd31ad9493899d9653ee8b1e86bec26d23c82cc0fb0c8fb52
ssdeep: 3:jVTSBQj3qixiMowSdNrrb8v6m9KqJOOf+AhAtMSuguWua4u2SSeOAtMSuguWua4M:R2BQj/xi
MowuNj8vH9WAE
File size : 1024 bytes
First seen: 2010-09-07 16:21:35
Last seen : 2010-09-07 16:21:35
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
Zitat:
File name: NTIBUN5.dll
Submission date: 2010-09-07 16:26:01 (UTC)
Current status: queued queued analysing finished


Result: 1/ 43 (2.3%)

AhnLab-V3 2010.09.07.01 2010.09.07 -
AntiVir 8.2.4.50 2010.09.07 -
Antiy-AVL 2.0.3.7 2010.09.07 -
Authentium 5.2.0.5 2010.09.07 -
Avast 4.8.1351.0 2010.09.07 -
Avast5 5.0.594.0 2010.09.07 -
AVG 9.0.0.851 2010.09.07 -
BitDefender 7.2 2010.09.07 -
CAT-QuickHeal 11.00 2010.09.07 -
ClamAV 0.96.2.0-git 2010.09.07 -
Comodo 6002 2010.09.07 -
DrWeb 5.0.2.03300 2010.09.07 -
Emsisoft 5.0.0.37 2010.09.07 -
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7839 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.07 -
Fortinet 4.1.143.0 2010.09.07 -
GData 21 2010.09.07 -
Ikarus T3.1.1.88.0 2010.09.07 -
Jiangmin 13.0.900 2010.09.07 -
K7AntiVirus 9.63.2463 2010.09.07 -
Kaspersky 7.0.0.125 2010.09.07 -
McAfee 5.400.0.1158 2010.09.07 -
McAfee-GW-Edition 2010.1B 2010.09.07 -
Microsoft 1.6103 2010.09.07 -
NOD32 5431 2010.09.07 -
Norman 6.06.05 2010.09.07 -
nProtect 2010-09-07.02 2010.09.07 -
Panda 10.0.2.7 2010.09.07 -
PCTools 7.0.3.5 2010.09.07 -
Prevx 3.0 2010.09.07 -
Rising 22.64.01.04 2010.09.07 -
Sophos 4.57.0 2010.09.07 -
Sunbelt 6842 2010.09.07 -
SUPERAntiSpyware 4.40.0.1006 2010.09.07 Rogue.Agent/Gen-Nullo[DLL]
Symantec 20101.1.1.7 2010.09.07 -
TheHacker 6.5.2.1.366 2010.09.07 -
TrendMicro 9.120.0.1004 2010.09.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.07 -
VBA32 3.12.14.0 2010.09.07 -
ViRobot 2010.8.25.4006 2010.09.07 -
VirusBuster 12.64.21.0 2010.09.07 -
Additional informationShow all
MD5 : f58b21a1ce2ed1faf9a2981cd4148eac
SHA1 : 95fac3232c3f695ab59514f8372f437e26dddce7
SHA256: 8a288e847a39c8c004e7e307682d931a778f27ed61960287d1481a112949e166
ssdeep: 3:LDoymoK6ack/JbG/wuyOpmP4rue48oNStOAtMSuguWua4u2SSeOAtMSuguWua4u9:I/VywuyO
yDjk
File size : 1024 bytes
First seen: 2010-09-07 16:26:01
Last seen : 2010-09-07 16:26:01
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
Datei "e:\libneap.dll" finde ich nichts. Da öffnet es das Laufwerk. Und "krnlnify.dll" finde ich auch nicht. Über den Suchtool von Windows gab ich den Dateinamen ein. Da hat es nur eine Protokoll.txt - Datei gefunden. Diesen Inhalt habe ich dann hierher kopiert.


Und bei Bootkit Remover kam folgendes raus.


Nach Press and key to quid steht nichts mehr.

Viele Grüße

Geändert von Kékfrankos (07.09.2010 um 18:31 Uhr)

Alt 08.09.2010, 09:40   #12
Chris4You
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hi,

das MBR-Log ist immer noch nicht vollständig, allerdings länger als beim ersten posting... es bricht mitten drin ab.. es fehlt das Ergebnis!

Lass MBRCheck.exe nochmal laufen, die Frage mit yes beantworten,
dann 1, zu dumpende Festplatte 0 und Dateiname mbr.dat.
Den gesicherten MBR (die mbr.dat) dann bitte hier hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html

Superantispyware:
Anleitung&Download hier: http://www.trojaner-board.de/51871-a...tispyware.html

Der MBR wird dann untersucht (Dauer ca. 1 Tag)...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 08.09.2010, 10:46   #13
Kékfrankos
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Hallo,

Danke für deine Antwort. Also MBRCheck hab ich nochmal laufen lassen. In den sich zuöffneten, schwarzen Fenster habe ich die "1" gedrückt und dann Enter. Nun steht noch etwas mehr.
Eine Frage, die ich mit yes beantworten muss, kam nicht. Und das....

Zitat:
zu dumpende Festplatte 0 und Dateiname mbr.dat.
....verstehe ich leider garnicht. Sorry.
Habe die neue MBR-Datei hochgeladen.

SuperAntiSpyware führe ich nun auch aus.
Vielen Dank und viele Grüße.

Übrigens.......das mit den Tans bei Onlinebanking (wurde hier auch vor kurzen bearbeitet) habe ich auch. Auch bei mir öffnet sich so ein Sicherheitsfenster mit den Tans.

Alt 08.09.2010, 11:28   #14
Chris4You
 
Backdoorprogramm auf Laptop - Icon17

Backdoorprogramm auf Laptop



Hi,

hier das noch mal als Bildchen, bitte die mbr.dat hochladen, nicht die Textdatei!


Wenn Du auch noch den Bankingtrojaner drauf hast, dann müssen wir anderst an das Thema ran gehen...

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet!

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 08.09.2010, 11:34   #15
Kékfrankos
 
Backdoorprogramm auf Laptop - Standard

Backdoorprogramm auf Laptop



Zitat:
Zitat von Chris4You Beitrag anzeigen

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!
Das klingt gefährlich. Hab keine Betriebssystem-CD mehr.



Viele Grüße

Geändert von Kékfrankos (08.09.2010 um 11:44 Uhr)

Antwort

Themen zu Backdoorprogramm auf Laptop
backdoorprogramm, bild, ellung, folge, folgendes, greift, hinweis, inter, interne, internet, kleiner, laptop, nichts, ordner, seite, seiten, systemwiederherstellung, wieder weg, öffnen, öffnet



Ähnliche Themen: Backdoorprogramm auf Laptop


  1. Backdoorprogramm BDS/Papras.VZ
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (12)
  2. Gefährliches Backdoorprogramm
    Log-Analyse und Auswertung - 18.07.2010 (21)
  3. Backdoorprogramm BDS/Papras.JE
    Log-Analyse und Auswertung - 10.07.2010 (5)
  4. backdoorprogramm ausgeführt
    Plagegeister aller Art und deren Bekämpfung - 19.08.2009 (7)
  5. Gefährliches backdoorprogramm
    Plagegeister aller Art und deren Bekämpfung - 23.03.2009 (10)
  6. Backdoorprogramm BDS/Agent.tgg
    Plagegeister aller Art und deren Bekämpfung - 19.10.2008 (0)
  7. Agent.ced Backdoorprogramm
    Mülltonne - 20.10.2007 (0)
  8. BDS/Haxdoor.LJ.1 gefährliches backdoorprogramm...?
    Antiviren-, Firewall- und andere Schutzprogramme - 24.08.2007 (5)
  9. Winhealer.dll Backdoorprogramm?!!
    Log-Analyse und Auswertung - 01.05.2007 (2)
  10. BDS Backdoorprogramm entdeckt
    Plagegeister aller Art und deren Bekämpfung - 30.08.2006 (5)
  11. Backdoorprogramm BDS/Ra.AS in Firefox
    Plagegeister aller Art und deren Bekämpfung - 01.08.2006 (2)
  12. Backdoorprogramm BDS/Dumador.AZ.1
    Log-Analyse und Auswertung - 28.07.2005 (3)
  13. HILFE backdoorprogramm BDS/Graybird.N.1
    Plagegeister aller Art und deren Bekämpfung - 20.07.2005 (7)
  14. Backdoorprogramm BDS/Small.FP.2
    Log-Analyse und Auswertung - 22.06.2005 (2)
  15. Backdoorprogramm BDS/Agent.AY
    Log-Analyse und Auswertung - 01.04.2005 (8)
  16. Backdoorprogramm BDS/Bancodor.x.DLL
    Plagegeister aller Art und deren Bekämpfung - 04.02.2005 (9)
  17. Backdoorprogramm BDS/Agent.AY
    Plagegeister aller Art und deren Bekämpfung - 04.01.2005 (7)

Zum Thema Backdoorprogramm auf Laptop - Hallo, ich habe folgendes Problem. Beim öffnen der meisten Ordner, Seiten im Internet etc. öffnet sich ein kleiner Hinweis ( siehe Bild unten ). Nun meine Frage. Wie bekomme ich - Backdoorprogramm auf Laptop...
Archiv
Du betrachtest: Backdoorprogramm auf Laptop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.