| |
| |||||||
Log-Analyse und Auswertung: Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer FestplatteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.04.2011, 00:17
| #1 |
| |  Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Hallo, Ich benutze Windows Vista (32Bit) und habe mir am Ostersonntag zwischen 1000 und 1100 Uhr den Windows Recovery Trojaner beim Surfen mit Mozilla Firefox eingefangen. Zu dem Zeitpunkt hatte ich praktischerweise meine externe Festplatte angeschlossen auf der ich immer meine wichtigen Daten sichere. Derzeit habe ich diese externe Festplatte inzwischen getrennt und hier das erste Logfile eines Vollscans der eingebauten Festplatte mit Malwarebytes, welches in anderen Forenbeiträgen ja empfohlen wurde. (Die externe Festplatte hab ich jetzt NOCH NICHT gescanned !) Hat jemand Vorschläge, wie ich weiter verfahren soll, vor allem mit meiner externen Festplatte? Ich bin natürlich auch nur aufgrund meines aktuellen Trojaners auf dieses Forum gestossen, und habe beim Lesen anderer Beiträge gesehen wie gut einem hier offenbar geholfen werden kann. Ich bin recht aktiv bei der Freiwilligen Feuerwehr und brauche zum Glück selbst recht selten Hilfe von anderen Leuten, aber jetzt bin ich mal der dem geholfen werden kann auch wenn´s im Vergleich mit anderen Sachen nur ne Lappalie ist. Das Gefühl wenn man merkt dass Hilfe greifbar ist, das ist schon toll. Selbst falls ich auf meinen Beitrag keine Antworten erhalten sollte, möchte ich mich hier schon bei den Autoren in anderen Themen bedanken die ich gelesen habe, und die mir schon ein ganzes Stück helfen konnten! Vielen Dank! ------ Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6443 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 26.04.2011 00:50:41 mbam-log-2011-04-26 (00-50-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 416648 Laufzeit: 1 Stunde(n), 48 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 9 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iCEyocHtffAu (Trojan.FakeAlert) -> Value: iCEyocHtffAu -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\michi mayer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\iceyochtffau.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\43966216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\michi mayer\AppData\Local\Temp\tmp82C6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\michi mayer\AppData\Local\Temp\0.6968273654595298.exe (Malware.Gen) -> Quarantined and deleted successfully. d:\eigene dateien\CD1\eigene dateien\Internet\piapbz.exe (PUP.Joke.Zoodesk) -> Quarantined and deleted successfully. d:\eigene dateien\Internet\downloads\divxpro502gainbundle.exe (Adware.Gain) -> Quarantined and deleted successfully. c:\Users\michi mayer\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\michi mayer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\michi mayer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. Nach der Aktion mit Malwarebytes habe ich nun rkill.exe laufen lassen mit folgendem Ergebnis: ---- This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 26.04.2011 at 1:52:45. Operating System: Windows Vista (TM) Home Premium Processes terminated by Rkill or while it was running: C:\Users\MICHIM~1\AppData\Local\Temp\RtkBtMnt.exe Rkill completed on 26.04.2011 at 1:53:00. ------------------------ Da nach dem Vollscan mit Malwarebytes bei rkill.exe noch was geschlossen werden musste trau ich den quickscans nicht dass nun alles weg sein soll. Ich poste hier schon mal das OTL-Log, und werd morgen wohl nach erneutem Ausführen von rkill.exe nochmal einen Vollscan mit Malwarebytes durchführen. ----------OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.04.2011 02:05:13 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Michi Mayer\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,69 Gb Total Space | 33,27 Gb Free Space | 29,79% Space Free | Partition Type: NTFS Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Inc.) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (KiesAllShare) -- C:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe () SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\Windows\System32\drivers\sea1unic.sys (MCCI) DRV - (sea1obex) -- C:\Windows\System32\drivers\sea1obex.sys (MCCI) DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\Windows\System32\drivers\sea1nd5.sys (MCCI) DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\sea1mgmt.sys (MCCI) DRV - (sea1mdm) -- C:\Windows\System32\drivers\sea1mdm.sys (MCCI) DRV - (sea1mdfl) -- C:\Windows\System32\drivers\sea1mdfl.sys (MCCI) DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\Windows\System32\drivers\sea1bus.sys (MCCI) DRV - (DVBUSB_0064_Sevice) -- C:\Windows\System32\drivers\USB_0064.sys () DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = *** IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.***.**/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - prefs.js..network.proxy.http: "200.238.83.49" FF - prefs.js..network.proxy.http_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.29 10:36:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 10:36:52 | 000,000,000 | ---D | M] [2008.07.20 15:02:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Extensions [2011.04.25 23:57:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions [2010.04.29 18:42:36 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.08 13:58:19 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.19 00:26:13 | 000,000,000 | -H-D | M] (Cooliris) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\piclens@cooliris.com [2011.04.26 01:46:19 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-1.xml [2011.03.29 10:37:05 | 000,000,950 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-2.xml [2010.11.08 13:58:19 | 000,000,168 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.gif [2010.11.08 13:58:19 | 000,000,618 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.src [2011.02.28 18:40:45 | 000,001,056 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.xml [2011.04.10 09:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2008.08.12 19:21:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008.12.09 17:12:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.04.11 19:27:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.29 10:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.11.24 11:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.03.31 03:00:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.06 01:47:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.06 01:47:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.06 01:47:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.06 01:47:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.06 01:47:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [ALaunch] File not found O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TerraTec Remote Control] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi Mayer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O13 - gopher Prefix: missing O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg O24 - Desktop BackupWallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell - "" = AutoRun O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{dd50489c-743b-11de-a7ae-810c884b6d38}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell - "" = AutoRun O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell\AutoRun\command - "" = E:\ICM_ML.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.25 22:59:29 | 000,000,000 | ---D | C] -- C:\Users\Michi Mayer\AppData\Roaming\Malwarebytes [2011.04.25 22:59:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.25 22:59:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.22 18:07:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.22 15:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIFC-NWCG Training [2011.04.18 20:37:17 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.18 20:37:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.18 20:37:14 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.18 20:37:14 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.18 20:37:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.18 20:37:03 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.18 20:37:03 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.18 20:37:03 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.18 20:37:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.18 20:37:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.18 20:37:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.18 20:36:19 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.18 20:36:19 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.18 20:36:17 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.10 09:31:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.10 09:30:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.10 09:30:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.03.27 19:18:31 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.27 19:18:30 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2010.09.07 16:34:13 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB6B8.dll [2008.01.22 19:48:46 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2008.01.22 19:45:42 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.01.22 19:45:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2008.01.22 19:45:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.12.21 11:35:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2011.04.26 01:37:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.26 01:27:29 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.26 01:27:29 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.26 01:27:29 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.26 01:27:29 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.26 01:21:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.26 01:21:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 01:21:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 01:20:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.26 01:20:50 | 3217,498,112 | -HS- | M] () -- C:\hiberfil.sys [2011.04.26 01:18:00 | 000,001,142 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000UA.job [2011.04.25 22:59:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.25 13:02:28 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job [2011.04.24 20:07:10 | 000,000,104 | -H-- | M] () -- C:\Users\Michi Mayer\Desktop\Computer - Verknüpfung (2).lnk [2011.04.24 19:15:33 | 294,390,337 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.24 19:06:20 | 000,000,392 | -H-- | M] () -- C:\ProgramData\43966216 [2011.04.24 19:04:48 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~43966216r [2011.04.24 19:04:48 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43966216 [2011.04.24 12:18:00 | 000,001,090 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000Core.job [2011.04.24 09:29:40 | 000,002,299 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini [2011.04.24 09:29:05 | 000,198,935 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001 [2011.04.22 18:35:51 | 000,312,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.19 21:18:51 | 000,002,076 | -H-- | M] () -- C:\Users\Michi Mayer\Desktop\Google Chrome.lnk [2011.04.03 17:54:47 | 000,189,952 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2011.04.25 22:59:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.24 20:07:10 | 000,000,104 | -H-- | C] () -- C:\Users\Michi Mayer\Desktop\Computer - Verknüpfung (2).lnk [2011.04.24 19:04:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~43966216r [2011.04.24 19:04:48 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43966216 [2011.04.24 11:00:10 | 000,000,392 | -H-- | C] () -- C:\ProgramData\43966216 [2010.09.07 17:50:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.07 17:50:11 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.05 21:34:59 | 000,000,680 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Local\d3d9caps.dat [2010.08.10 14:19:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.07 07:54:16 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.05.07 07:54:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.05.07 07:54:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.05.07 07:54:16 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2009.11.07 00:23:56 | 000,002,299 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini [2009.09.17 20:22:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 20:22:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.04 00:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.04 00:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.03.12 16:23:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.03.12 16:23:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2008.10.20 21:51:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.30 14:55:00 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008.04.22 19:16:29 | 000,000,031 | ---- | C] () -- C:\Windows\Audiocut.ini [2008.04.22 18:15:58 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySCut.dat [2008.04.20 23:45:22 | 000,088,766 | ---- | C] () -- C:\Windows\System32\mdpeaee.dll [2008.04.11 18:45:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys [2008.04.09 22:58:01 | 000,000,099 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Local\fusioncache.dat [2008.04.06 23:40:32 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat [2008.04.06 15:31:23 | 000,189,952 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.06 13:35:21 | 000,198,935 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001 [2008.04.06 13:34:11 | 000,198,935 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.dat [2008.01.23 04:27:40 | 000,086,016 | ---- | C] () -- C:\Windows\Hide.exe [2008.01.23 04:27:35 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2008.01.23 04:27:22 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.01.22 19:48:46 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.01.22 19:45:42 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.01.22 19:31:39 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.01.22 19:31:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2007.12.21 20:50:03 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.12.21 17:42:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.12.21 11:43:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.12.21 11:42:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.12.21 11:35:31 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.04.25 17:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 17:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 17:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 17:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 17:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 17:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 16:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 06:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,312,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004.06.05 12:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2003.03.25 06:49:02 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll [2003.03.25 06:49:02 | 000,000,761 | ---- | C] () -- C:\Windows\m3jp2k.ini [2003.03.25 06:49:02 | 000,000,714 | ---- | C] () -- C:\Windows\m3jpeg.ini [2003.03.25 06:49:02 | 000,000,702 | ---- | C] () -- C:\Windows\mmtvmj.ini [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.17 13:20:02 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.04.06 19:31:32 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Acer [2008.04.23 19:09:05 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Crazy Browser [2011.04.24 09:30:43 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Dropbox [2010.11.04 19:54:48 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\elsterformular [2011.04.01 02:42:30 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQ [2008.04.06 15:12:14 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQLite [2010.09.07 23:53:54 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\PC Suite [2010.09.07 23:44:44 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Samsung [2008.04.11 18:38:31 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\TerraTec [2011.04.26 01:19:28 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.25 13:02:28 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job ========== Purity Check ========== < End of report > Und noch der 2. OTL Logfile: --------OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.04.2011 02:05:13 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Michi Mayer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 33,27 Gb Free Space | 29,79% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS
Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{192BBAE5-0F5D-4D0F-AB48-1950134ABBDA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28C0E538-BA0D-42C1-88BD-BD0D653CE4DC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2FFDB921-3176-4C3D-807B-0098AB292186}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4E9D40AC-FDF5-4C4D-A775-C3DBDB6863FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97BC1400-B926-4F5A-A112-224486B539D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5554ED1-9A2D-4B50-8177-8BF1274A3BC7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CAE3E844-C5C5-473D-9494-5DE690AAF28B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CDFA1042-310D-4293-8F23-9AFF92959C10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEF88F9E-A80F-43B1-9A33-BE6A9207C1A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EDCC1D31-370E-44C7-B3FB-F56F92568B11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6909E3-3380-4708-89D1-E44C4F1C5BC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1229780C-C88C-4C26-86BF-2C985E0D94A4}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{152A18D4-0092-4861-8334-7D3204595BED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{184B3631-8A0F-4962-B9D4-BAC2E700869D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1A215C81-6964-4D42-BD7A-9B813304ED28}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{1AB4ED0F-060A-4596-AB3B-66BBDCF69F93}" = protocol=6 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe |
"{2FA9F86E-BF69-42C0-906E-430F7A100BA9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{345B9ED8-4843-4A7E-AD53-7BB95DD339DB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{347F4B7A-70C6-4715-B4A4-F449172322C1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{42F059C4-2EAD-418C-9ED6-AFF91A149BA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{433EB33C-8F1F-48A4-9F39-16CC3EC18065}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{58325EAC-B6A2-47F9-BB97-41C257CF3A5C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5B8CA626-45C3-4C94-9739-9CA74A55EC14}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{68ADBD6B-B3EA-40E9-B725-66359B18CD84}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6CC9A0AE-29FA-483F-B6F2-539FB86F012D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{70130E7C-0309-494C-8017-729C00483829}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7C8AB690-315F-472C-AB09-5B66B9B258B1}" = protocol=17 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe |
"{7F3622DA-DF08-4B50-B982-8A8C59CDCBAE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8CDBF3C8-43A8-45CC-B476-F5F3B7F58E4A}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{8E337B85-6C9D-4D4E-94C4-23DD34BABA83}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{90D72BE9-52FA-48AE-ACCE-3B794FE739C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{916F52A4-F270-4F1D-A6BE-4474B2B424BB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{959294DA-5026-497C-8BAF-28F97369C29C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A2D07019-48B9-4BE8-B8EF-ADB6B0EF53A2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A84EAEB1-2E53-402B-B043-02EEB2E1A38F}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{AB8CADB8-59A5-48A1-9A1A-55CE6C520EFE}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{AE8CA0E4-9210-41C2-BAD3-09578DAD969A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1C686B6-2548-48DE-8113-3300D90AB38E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED85FDC4-22AE-401D-9E41-B705E865CFDF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EDDB8E53-E0DB-40A9-8CAC-373E090535B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F33B0A6F-6307-40B2-AA21-097ED10D7FFC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F538D34E-D4AE-416B-8DD0-754F699F2360}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"TCP Query User{1BFFF91D-EF69-4314-8782-44876F7EB5FD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4CC196E1-3437-428B-99B7-E22BA534EA53}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{5465294A-FF4C-4A6D-8B5E-67BE788E4FBB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{73F64C53-829C-4F50-8D5F-A7EB6506B334}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{9644BF1B-0D13-4ABB-A734-489E56161D8E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{9C31D7CF-A6D3-4048-8F18-C6A5BA3ABF18}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{9C493383-A012-4736-89A6-FFDC105C450F}C:\program files\crazy browser\crazy browser.exe" = protocol=6 | dir=in | app=c:\program files\crazy browser\crazy browser.exe |
"TCP Query User{D2F0606A-A0CE-4AB7-8371-6946AC25338B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{E70658CF-5F34-4BBC-8BF7-B2444DFFF139}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{05F653B8-AC9F-4E9C-987D-519DC5AF9C10}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{38251208-0D9F-468B-BE10-97557280C514}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{3B40CDF7-E093-43CA-A740-461E6906D056}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{5F845B05-9A72-4DA8-A4BD-72C4188FC511}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{65C21B08-CF44-44DE-B17B-84E1248EA40E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{689F2445-A4F2-4B88-A0D7-4F94556D7CDD}C:\program files\crazy browser\crazy browser.exe" = protocol=17 | dir=in | app=c:\program files\crazy browser\crazy browser.exe |
"UDP Query User{DE9DE0EF-0E42-468B-A6F5-B004A4F240CD}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{E1C27E66-0EBF-413C-BA3C-A647E330EEA9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{EDB49B04-2D9A-4F3E-BD8D-B5E3F8905CFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35B7368A-F721-46E6-B258-EA3CC11A6924}" = EXAM
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3EEE3134-24BF-4EB1-A62C-4E02C477B508}" = Firefighting Training S-130 Course
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B23FFF43-8D7C-424D-93A4-810A404E8564}_is1" = Aviation Test Prep 2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Checker2006_is1" = Checker2006
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crazy Browser 3.0.0 RC1_is1" = Crazy Browser version 3.0.0 RC1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 11.5.1.4843" = ElsterFormular
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"GermaniX Transcoder_is1" = GermaniX Transcoder LX v4.0
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP3 Cutter Joiner_is1" = MP3 Cutter Joiner 1.17
"NVIDIA Drivers" = NVIDIA Drivers
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.1a
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SeeYou_is1" = SeeYou Version 3.1
"SkyTest® Trainingssoftware für den FQ-Simulator_is1" = SkyTest® Trainingssoftware für den FQ-Simulator
"Star Alliance TravelDesk_is1" = Star Alliance TravelDesk
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.1.0
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"webKONRAD" = webKONRAD
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2011 07:15:04 | Computer Name = Michi | Source = ESENT | ID = 488
Description = WinMail (1264) WindowsMail0: Versuch, Datei "C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Mail\WindowsMail.pat" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff
verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 25.04.2011 07:15:04 | Computer Name = Michi | Source = ESENT | ID = 217
Description = WinMail (1264) WindowsMail0: Fehler (-1032) während der Sicherung
einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore).
Die Datenbank kann nicht wiederhergestellt werden.
Error - 25.04.2011 07:15:04 | Computer Name = Michi | Source = ESENT | ID = 215
Description = WinMail (1264) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 25.04.2011 18:49:27 | Computer Name = Michi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 488
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Versuch, Datei "C:\Users\Michi
Mayer\AppData\Local\Microsoft\Windows Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\DBStore\contacts.pat"
zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 217
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Fehler (-1032) während der
Sicherung einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\DBStore\contacts.edb). Die
Datenbank kann nicht wiederhergestellt werden.
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Die Sicherung wurde abgebrochen,
weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 488
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Versuch, Datei "C:\Users\Michi
Mayer\AppData\Local\Microsoft\Windows Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.pat"
zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 217
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Fehler (-1032) während der
Sicherung einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.edb). Die
Datenbank kann nicht wiederhergestellt werden.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Die Sicherung wurde abgebrochen,
weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
[ System Events ]
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7011
Description =
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7011
Description =
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7022
Description =
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7011
Description =
Error - 25.04.2011 06:59:16 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
Error - 25.04.2011 07:03:11 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 25.04.2011 07:03:21 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 25.04.2011 07:03:29 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 25.04.2011 07:07:58 | Computer Name = Michi | Source = Service Control Manager | ID = 7022
Description =
Error - 25.04.2011 19:21:15 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
< End of report >
So, nun bin ich etwas enttäuscht: Obwohl rkill zuvor noch nen Prozess gekillt hat und auch noch einige diese Fake-Meldungen kamen hat Malwarebytes auch im Vollscan nichts mehr gefunden! ---------- Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6443 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 26.04.2011 14:24:53 mbam-log-2011-04-26 (14-24-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 416809 Laufzeit: 1 Stunde(n), 43 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Inzwischen habe ich unhide.exe ausgeführt und es sieht erst mal wieder alles gut aus soweit ich das beurteilen kann. Dann hab ich versucht hxxp://support.kaspersky.com/downloads/utils/tdsskiller.exe laufen zu lassen. Die Installation scheint geklappt zu haben, aber dann rührt sich NIX wenn ich es starten will, weder durch Doppelklick, noch durch Start als Administrator, noch durch Intallation unter anderem Dateinamen. Bin für hilfreiche Vorschläge dankbar was ich noch tun kann, vor allem auch wie ich dann mit meiner externen Festplatte verfahren sollte. Dankeschön schon mal ;-) Auf den ersten Blick läuft das System soweit wieder ganz stabil. Probleme habe ich festgestellt bei bestimmten Uploads, und bestimmte Fehlermeldungen tauchen immer wieder auf ohne zutun. Hab Screenshots davon gemacht, weiß aber nicht wie ich die hier posten kann und ob das überhaupt von Interesse ist... So ganz dürfte das Zeug wohl nicht weg sein, falls mir jemand kompetente Hilfe anbieten kann wäre ich sehr froh! ;-) |
| Themen zu Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte |
| aktiv, alles weg, anti-malware, browser.exe, dateien, desktop, eigene bilder, excel.exe, explorer, externe festplatte, festplatte, firefox, forum, frage, iceyochtffau.exe, install.exe, launch, location, logfile, malware.gen, malwarebytes, microsoft, microsoft office word, mozilla, nvlddmkm.sys, office 2007, oldtimer, otl-log, plug-in, pop-up-blocker, remote control, saver, searchplugins, security scan, security update, shortcut, skype.exe, software, start, start menu, studio, surfen, temp, tmp, trojan.fakealert, trojan.fakeav, trojaner, vista, visual studio, vorschläge, windows, windows recovery, windows recovery malwarebytes, windows vista |
Baum-Darstellung