Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.04.2011, 00:17   #1
michimayer
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Cool

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Hallo,

Ich benutze Windows Vista (32Bit) und habe mir am Ostersonntag zwischen 1000 und 1100 Uhr den Windows Recovery Trojaner beim Surfen mit Mozilla Firefox eingefangen.

Zu dem Zeitpunkt hatte ich praktischerweise meine externe Festplatte angeschlossen auf der ich immer meine wichtigen Daten sichere.

Derzeit habe ich diese externe Festplatte inzwischen getrennt und hier das erste Logfile eines Vollscans der eingebauten Festplatte mit Malwarebytes, welches in anderen Forenbeiträgen ja empfohlen wurde. (Die externe Festplatte hab ich jetzt NOCH NICHT gescanned !)

Hat jemand Vorschläge, wie ich weiter verfahren soll, vor allem mit meiner externen Festplatte?

Ich bin natürlich auch nur aufgrund meines aktuellen Trojaners auf dieses Forum gestossen, und habe beim Lesen anderer Beiträge gesehen wie gut einem hier offenbar geholfen werden kann. Ich bin recht aktiv bei der Freiwilligen Feuerwehr und brauche zum Glück selbst recht selten Hilfe von anderen Leuten, aber jetzt bin ich mal der dem geholfen werden kann auch wenn´s im Vergleich mit anderen Sachen nur ne Lappalie ist. Das Gefühl wenn man merkt dass Hilfe greifbar ist, das ist schon toll.
Selbst falls ich auf meinen Beitrag keine Antworten erhalten sollte, möchte ich mich hier schon bei den Autoren in anderen Themen bedanken die ich gelesen habe, und die mir schon ein ganzes Stück helfen konnten!

Vielen Dank!



------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6443

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

26.04.2011 00:50:41
mbam-log-2011-04-26 (00-50-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 416648
Laufzeit: 1 Stunde(n), 48 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iCEyocHtffAu (Trojan.FakeAlert) -> Value: iCEyocHtffAu -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\michi mayer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\iceyochtffau.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\43966216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\michi mayer\AppData\Local\Temp\tmp82C6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\michi mayer\AppData\Local\Temp\0.6968273654595298.exe (Malware.Gen) -> Quarantined and deleted successfully.
d:\eigene dateien\CD1\eigene dateien\Internet\piapbz.exe (PUP.Joke.Zoodesk) -> Quarantined and deleted successfully.
d:\eigene dateien\Internet\downloads\divxpro502gainbundle.exe (Adware.Gain) -> Quarantined and deleted successfully.
c:\Users\michi mayer\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\michi mayer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\michi mayer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

Nach der Aktion mit Malwarebytes habe ich nun rkill.exe laufen lassen mit folgendem Ergebnis:

----
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 26.04.2011 at 1:52:45.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\MICHIM~1\AppData\Local\Temp\RtkBtMnt.exe


Rkill completed on 26.04.2011 at 1:53:00.

------------------------

Da nach dem Vollscan mit Malwarebytes bei rkill.exe noch was geschlossen werden musste trau ich den quickscans nicht dass nun alles weg sein soll.
Ich poste hier schon mal das OTL-Log, und werd morgen wohl nach erneutem Ausführen von rkill.exe nochmal einen Vollscan mit Malwarebytes durchführen.

----------OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.04.2011 02:05:13 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Michi Mayer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 33,27 Gb Free Space | 29,79% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS
 
Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Inc.)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (KiesAllShare) -- C:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\Windows\System32\drivers\sea1unic.sys (MCCI)
DRV - (sea1obex) -- C:\Windows\System32\drivers\sea1obex.sys (MCCI)
DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\Windows\System32\drivers\sea1nd5.sys (MCCI)
DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\sea1mgmt.sys (MCCI)
DRV - (sea1mdm) -- C:\Windows\System32\drivers\sea1mdm.sys (MCCI)
DRV - (sea1mdfl) -- C:\Windows\System32\drivers\sea1mdfl.sys (MCCI)
DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\Windows\System32\drivers\sea1bus.sys (MCCI)
DRV - (DVBUSB_0064_Sevice) -- C:\Windows\System32\drivers\USB_0064.sys ()
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ***
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.***.**/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.http: "200.238.83.49"
FF - prefs.js..network.proxy.http_port: 3128
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.29 10:36:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 10:36:52 | 000,000,000 | ---D | M]
 
[2008.07.20 15:02:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Extensions
[2011.04.25 23:57:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions
[2010.04.29 18:42:36 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.08 13:58:19 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.19 00:26:13 | 000,000,000 | -H-D | M] (Cooliris) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\piclens@cooliris.com
[2011.04.26 01:46:19 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-1.xml
[2011.03.29 10:37:05 | 000,000,950 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-2.xml
[2010.11.08 13:58:19 | 000,000,168 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.gif
[2010.11.08 13:58:19 | 000,000,618 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.src
[2011.02.28 18:40:45 | 000,001,056 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.xml
[2011.04.10 09:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008.08.12 19:21:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.12.09 17:12:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.11 19:27:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.29 10:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.11.24 11:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.03.31 03:00:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.06 01:47:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.06 01:47:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.06 01:47:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.06 01:47:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.06 01:47:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch]  File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel]  File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TerraTec Remote Control] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi Mayer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg
O24 - Desktop BackupWallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell - "" = AutoRun
O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{dd50489c-743b-11de-a7ae-810c884b6d38}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell - "" = AutoRun
O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell\AutoRun\command - "" = E:\ICM_ML.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.25 22:59:29 | 000,000,000 | ---D | C] -- C:\Users\Michi Mayer\AppData\Roaming\Malwarebytes
[2011.04.25 22:59:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.25 22:59:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.22 18:07:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.22 15:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIFC-NWCG Training
[2011.04.18 20:37:17 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.18 20:37:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.18 20:37:14 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.18 20:37:14 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.18 20:37:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.18 20:37:03 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.18 20:37:03 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.18 20:37:03 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.18 20:37:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.18 20:37:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.18 20:37:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.18 20:36:19 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.18 20:36:19 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.18 20:36:17 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.10 09:31:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.10 09:30:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.10 09:30:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.27 19:18:31 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.27 19:18:30 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010.09.07 16:34:13 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB6B8.dll
[2008.01.22 19:48:46 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2008.01.22 19:45:42 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.01.22 19:45:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008.01.22 19:45:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007.12.21 11:35:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.26 01:37:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.26 01:27:29 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.26 01:27:29 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.26 01:27:29 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.26 01:27:29 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 01:21:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.26 01:21:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 01:21:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 01:20:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 01:20:50 | 3217,498,112 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.26 01:18:00 | 000,001,142 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000UA.job
[2011.04.25 22:59:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.25 13:02:28 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job
[2011.04.24 20:07:10 | 000,000,104 | -H-- | M] () -- C:\Users\Michi Mayer\Desktop\Computer - Verknüpfung (2).lnk
[2011.04.24 19:15:33 | 294,390,337 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.24 19:06:20 | 000,000,392 | -H-- | M] () -- C:\ProgramData\43966216
[2011.04.24 19:04:48 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~43966216r
[2011.04.24 19:04:48 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43966216
[2011.04.24 12:18:00 | 000,001,090 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000Core.job
[2011.04.24 09:29:40 | 000,002,299 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini
[2011.04.24 09:29:05 | 000,198,935 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001
[2011.04.22 18:35:51 | 000,312,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.19 21:18:51 | 000,002,076 | -H-- | M] () -- C:\Users\Michi Mayer\Desktop\Google Chrome.lnk
[2011.04.03 17:54:47 | 000,189,952 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2011.04.25 22:59:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 20:07:10 | 000,000,104 | -H-- | C] () -- C:\Users\Michi Mayer\Desktop\Computer - Verknüpfung (2).lnk
[2011.04.24 19:04:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~43966216r
[2011.04.24 19:04:48 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43966216
[2011.04.24 11:00:10 | 000,000,392 | -H-- | C] () -- C:\ProgramData\43966216
[2010.09.07 17:50:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.09.07 17:50:11 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.05 21:34:59 | 000,000,680 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Local\d3d9caps.dat
[2010.08.10 14:19:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.07 07:54:16 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010.05.07 07:54:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010.05.07 07:54:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010.05.07 07:54:16 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009.11.07 00:23:56 | 000,002,299 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini
[2009.09.17 20:22:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.17 20:22:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.04 00:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.04 00:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.03.12 16:23:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.03.12 16:23:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2008.10.20 21:51:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.30 14:55:00 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008.04.22 19:16:29 | 000,000,031 | ---- | C] () -- C:\Windows\Audiocut.ini
[2008.04.22 18:15:58 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySCut.dat
[2008.04.20 23:45:22 | 000,088,766 | ---- | C] () -- C:\Windows\System32\mdpeaee.dll
[2008.04.11 18:45:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys
[2008.04.09 22:58:01 | 000,000,099 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Local\fusioncache.dat
[2008.04.06 23:40:32 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat
[2008.04.06 15:31:23 | 000,189,952 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.06 13:35:21 | 000,198,935 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001
[2008.04.06 13:34:11 | 000,198,935 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.dat
[2008.01.23 04:27:40 | 000,086,016 | ---- | C] () -- C:\Windows\Hide.exe
[2008.01.23 04:27:35 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2008.01.23 04:27:22 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008.01.22 19:48:46 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008.01.22 19:45:42 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.01.22 19:31:39 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.01.22 19:31:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2007.12.21 20:50:03 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.12.21 17:42:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.12.21 11:43:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.12.21 11:42:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.12.21 11:35:31 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.04.25 17:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 17:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 17:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 17:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 17:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 17:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 16:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.13 06:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,312,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.06.05 12:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2003.03.25 06:49:02 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2003.03.25 06:49:02 | 000,000,761 | ---- | C] () -- C:\Windows\m3jp2k.ini
[2003.03.25 06:49:02 | 000,000,714 | ---- | C] () -- C:\Windows\m3jpeg.ini
[2003.03.25 06:49:02 | 000,000,702 | ---- | C] () -- C:\Windows\mmtvmj.ini
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.17 13:20:02 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2008.04.06 19:31:32 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Acer
[2008.04.23 19:09:05 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Crazy Browser
[2011.04.24 09:30:43 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Dropbox
[2010.11.04 19:54:48 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\elsterformular
[2011.04.01 02:42:30 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQ
[2008.04.06 15:12:14 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQLite
[2010.09.07 23:53:54 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\PC Suite
[2010.09.07 23:44:44 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Samsung
[2008.04.11 18:38:31 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\TerraTec
[2011.04.26 01:19:28 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.25 13:02:28 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---

Und noch der 2. OTL Logfile:

--------OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2011 02:05:13 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Michi Mayer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 33,27 Gb Free Space | 29,79% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS
 
Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{192BBAE5-0F5D-4D0F-AB48-1950134ABBDA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{28C0E538-BA0D-42C1-88BD-BD0D653CE4DC}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{2FFDB921-3176-4C3D-807B-0098AB292186}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4E9D40AC-FDF5-4C4D-A775-C3DBDB6863FA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97BC1400-B926-4F5A-A112-224486B539D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C5554ED1-9A2D-4B50-8177-8BF1274A3BC7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CAE3E844-C5C5-473D-9494-5DE690AAF28B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CDFA1042-310D-4293-8F23-9AFF92959C10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEF88F9E-A80F-43B1-9A33-BE6A9207C1A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EDCC1D31-370E-44C7-B3FB-F56F92568B11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6909E3-3380-4708-89D1-E44C4F1C5BC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1229780C-C88C-4C26-86BF-2C985E0D94A4}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{152A18D4-0092-4861-8334-7D3204595BED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{184B3631-8A0F-4962-B9D4-BAC2E700869D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1A215C81-6964-4D42-BD7A-9B813304ED28}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{1AB4ED0F-060A-4596-AB3B-66BBDCF69F93}" = protocol=6 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2FA9F86E-BF69-42C0-906E-430F7A100BA9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{345B9ED8-4843-4A7E-AD53-7BB95DD339DB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{347F4B7A-70C6-4715-B4A4-F449172322C1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{42F059C4-2EAD-418C-9ED6-AFF91A149BA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{433EB33C-8F1F-48A4-9F39-16CC3EC18065}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{58325EAC-B6A2-47F9-BB97-41C257CF3A5C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{5B8CA626-45C3-4C94-9739-9CA74A55EC14}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{68ADBD6B-B3EA-40E9-B725-66359B18CD84}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6CC9A0AE-29FA-483F-B6F2-539FB86F012D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{70130E7C-0309-494C-8017-729C00483829}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{7C8AB690-315F-472C-AB09-5B66B9B258B1}" = protocol=17 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7F3622DA-DF08-4B50-B982-8A8C59CDCBAE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8CDBF3C8-43A8-45CC-B476-F5F3B7F58E4A}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{8E337B85-6C9D-4D4E-94C4-23DD34BABA83}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{90D72BE9-52FA-48AE-ACCE-3B794FE739C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{916F52A4-F270-4F1D-A6BE-4474B2B424BB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{959294DA-5026-497C-8BAF-28F97369C29C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{A2D07019-48B9-4BE8-B8EF-ADB6B0EF53A2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A84EAEB1-2E53-402B-B043-02EEB2E1A38F}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{AB8CADB8-59A5-48A1-9A1A-55CE6C520EFE}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{AE8CA0E4-9210-41C2-BAD3-09578DAD969A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E1C686B6-2548-48DE-8113-3300D90AB38E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED85FDC4-22AE-401D-9E41-B705E865CFDF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{EDDB8E53-E0DB-40A9-8CAC-373E090535B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F33B0A6F-6307-40B2-AA21-097ED10D7FFC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F538D34E-D4AE-416B-8DD0-754F699F2360}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"TCP Query User{1BFFF91D-EF69-4314-8782-44876F7EB5FD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4CC196E1-3437-428B-99B7-E22BA534EA53}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{5465294A-FF4C-4A6D-8B5E-67BE788E4FBB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{73F64C53-829C-4F50-8D5F-A7EB6506B334}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{9644BF1B-0D13-4ABB-A734-489E56161D8E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{9C31D7CF-A6D3-4048-8F18-C6A5BA3ABF18}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{9C493383-A012-4736-89A6-FFDC105C450F}C:\program files\crazy browser\crazy browser.exe" = protocol=6 | dir=in | app=c:\program files\crazy browser\crazy browser.exe | 
"TCP Query User{D2F0606A-A0CE-4AB7-8371-6946AC25338B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{E70658CF-5F34-4BBC-8BF7-B2444DFFF139}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{05F653B8-AC9F-4E9C-987D-519DC5AF9C10}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{38251208-0D9F-468B-BE10-97557280C514}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{3B40CDF7-E093-43CA-A740-461E6906D056}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{5F845B05-9A72-4DA8-A4BD-72C4188FC511}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{65C21B08-CF44-44DE-B17B-84E1248EA40E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{689F2445-A4F2-4B88-A0D7-4F94556D7CDD}C:\program files\crazy browser\crazy browser.exe" = protocol=17 | dir=in | app=c:\program files\crazy browser\crazy browser.exe | 
"UDP Query User{DE9DE0EF-0E42-468B-A6F5-B004A4F240CD}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{E1C27E66-0EBF-413C-BA3C-A647E330EEA9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{EDB49B04-2D9A-4F3E-BD8D-B5E3F8905CFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35B7368A-F721-46E6-B258-EA3CC11A6924}" = EXAM
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3EEE3134-24BF-4EB1-A62C-4E02C477B508}" = Firefighting Training S-130 Course
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B23FFF43-8D7C-424D-93A4-810A404E8564}_is1" = Aviation Test Prep 2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Checker2006_is1" = Checker2006
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crazy Browser 3.0.0 RC1_is1" = Crazy Browser version 3.0.0 RC1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 11.5.1.4843" = ElsterFormular
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"GermaniX Transcoder_is1" = GermaniX Transcoder LX v4.0
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP3 Cutter Joiner_is1" = MP3 Cutter Joiner 1.17
"NVIDIA Drivers" = NVIDIA Drivers
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.1a
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SeeYou_is1" = SeeYou Version 3.1
"SkyTest® Trainingssoftware für den FQ-Simulator_is1" = SkyTest® Trainingssoftware für den FQ-Simulator
"Star Alliance TravelDesk_is1" = Star Alliance TravelDesk
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.1.0
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"webKONRAD" = webKONRAD
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2011 07:15:04 | Computer Name = Michi | Source = ESENT | ID = 488
Description = WinMail (1264) WindowsMail0: Versuch, Datei "C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Mail\WindowsMail.pat" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
 
Error - 25.04.2011 07:15:04 | Computer Name = Michi | Source = ESENT | ID = 217
Description = WinMail (1264) WindowsMail0: Fehler (-1032) während der Sicherung 
einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore).
 Die Datenbank kann nicht wiederhergestellt werden.
 
Error - 25.04.2011 07:15:04 | Computer Name = Michi | Source = ESENT | ID = 215
Description = WinMail (1264) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 25.04.2011 18:49:27 | Computer Name = Michi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 488
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Versuch, Datei "C:\Users\Michi
 Mayer\AppData\Local\Microsoft\Windows Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\DBStore\contacts.pat"
 zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
 Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
 
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 217
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Fehler (-1032) während der
 Sicherung einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\DBStore\contacts.edb). Die
 Datenbank kann nicht wiederhergestellt werden.
 
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Die Sicherung wurde abgebrochen,
 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 488
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Versuch, Datei "C:\Users\Michi
 Mayer\AppData\Local\Microsoft\Windows Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.pat"
 zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
 Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
 
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 217
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Fehler (-1032) während der
 Sicherung einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.edb). Die
 Datenbank kann nicht wiederhergestellt werden.
 
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Die Sicherung wurde abgebrochen,
 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
[ System Events ]
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 25.04.2011 06:59:16 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.04.2011 07:03:11 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 25.04.2011 07:03:21 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 25.04.2011 07:03:29 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 25.04.2011 07:07:58 | Computer Name = Michi | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 25.04.2011 19:21:15 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---


So, nun bin ich etwas enttäuscht: Obwohl rkill zuvor noch nen Prozess gekillt hat und auch noch einige diese Fake-Meldungen kamen hat Malwarebytes auch im Vollscan nichts mehr gefunden!

----------
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6443

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

26.04.2011 14:24:53
mbam-log-2011-04-26 (14-24-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 416809
Laufzeit: 1 Stunde(n), 43 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Inzwischen habe ich unhide.exe ausgeführt und es sieht erst mal wieder alles gut aus soweit ich das beurteilen kann.

Dann hab ich versucht hxxp://support.kaspersky.com/downloads/utils/tdsskiller.exe laufen zu lassen. Die Installation scheint geklappt zu haben, aber dann rührt sich NIX wenn ich es starten will, weder durch Doppelklick, noch durch Start als Administrator, noch durch Intallation unter anderem Dateinamen.

Bin für hilfreiche Vorschläge dankbar was ich noch tun kann, vor allem auch wie ich dann mit meiner externen Festplatte verfahren sollte.

Dankeschön schon mal ;-)

Auf den ersten Blick läuft das System soweit wieder ganz stabil.

Probleme habe ich festgestellt bei bestimmten Uploads, und bestimmte Fehlermeldungen tauchen immer wieder auf ohne zutun. Hab Screenshots davon gemacht, weiß aber nicht wie ich die hier posten kann und ob das überhaupt von Interesse ist...

So ganz dürfte das Zeug wohl nicht weg sein, falls mir jemand kompetente Hilfe anbieten kann wäre ich sehr froh! ;-)

Alt 27.04.2011, 20:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Mach bitte ein Update mit Malwarebytes und einen neuen Vollscan, die ext. Platte vorher anschließen und im Vollscan mit einbeziehen.
__________________

__________________

Alt 27.04.2011, 22:45   #3
michimayer
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Servus Arne,

Danke Dir für den Ratschlag, werd ich spätestens morgen Mittag so probieren wie Du es geschrieben hast mit der externen Festplatte.

In der Zwischenzeit habe ich mir eine 30-Tage-Test-Vollversion von Kaspersky PURE runtergeladen nachdem mir sonst nichts eingefallen ist was ich tun könnte, der ist noch fleißig am scannen, hat bisher 2 Trojaner und 2 Viren gefunden, falls es da am Ende auch noch ein Log gibt werd ich das auch mal hier posten.

Gruß aus Südbayern und vielen Dank,

Michi
__________________

Alt 27.04.2011, 23:05   #4
michimayer
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Hier jetzt noch das Ergebnis von Kaspersky PURE:

Status: Gelöscht (Ereignisse: 2)
27.04.2011 19:12:36 Gelöscht trojanisches Programm Trojan.Win32.Jorik.SpyEyes.kk C:\Recycle.Bin\Recycle.Bin.exe Hoch

27.04.2011 19:27:04 Gelöscht Virus Virus.Win32.TDSS.e c:\Windows\System32\drivers\volsnap.sys Hoch


Frag mich zwar warum er erst 4 Gefundene Sachen anzeigt wenn in der Liste jetzt nur 2 Auftauchen, aber ich hab ja zum Glück (noch) kein Geld dafür bezahlt...

Alt 28.04.2011, 01:11   #5
michimayer
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Sodale, nach Aktualisierung Vollscan mit Malwarebytes durchgeführt inklusive externen Platte: Kaspersky hat tatsächlich nicht alles erwischt...

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6459

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

28.04.2011 01:57:51
mbam-log-2011-04-28 (01-57-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 461426
Laufzeit: 1 Stunde(n), 41 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
e:\eigene dateien\CD1\eigene dateien\Internet\piapbz.exe (PUP.Joke.Zoodesk) -> Quarantined and deleted successfully.
e:\eigene dateien\Internet\downloads\divxpro502gainbundle.exe (Adware.Gain) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.


Alt 28.04.2011, 01:49   #6
michimayer
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Hier die neuen OTL Logfiles:

---------------------OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.04.2011 02:32:21 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Michi Mayer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 31,87 Gb Free Space | 28,53% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS
Drive E: | 827,18 Gb Total Space | 726,24 Gb Free Space | 87,80% Space Free | Partition Type: NTFS
 
Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MICHIM~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Inc.)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (KiesAllShare) -- C:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (CSObjectsSrv) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (CSCrySec) -- C:\Windows\system32\DRIVERS\CSCrySec.sys (Infowatch)
DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV - (KLBG) -- C:\Windows\system32\DRIVERS\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\Windows\System32\drivers\sea1unic.sys (MCCI)
DRV - (sea1obex) -- C:\Windows\System32\drivers\sea1obex.sys (MCCI)
DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\Windows\System32\drivers\sea1nd5.sys (MCCI)
DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\sea1mgmt.sys (MCCI)
DRV - (sea1mdm) -- C:\Windows\System32\drivers\sea1mdm.sys (MCCI)
DRV - (sea1mdfl) -- C:\Windows\System32\drivers\sea1mdfl.sys (MCCI)
DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\Windows\System32\drivers\sea1bus.sys (MCCI)
DRV - (DVBUSB_0064_Sevice) -- C:\Windows\System32\drivers\USB_0064.sys ()
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.***.**/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.1.0.124
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.http: "200.238.83.49"
FF - prefs.js..network.proxy.http_port: 3128
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.29 10:36:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 10:36:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011.04.27 15:17:02 | 000,000,000 | ---D | M]
 
[2008.07.20 15:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Extensions
[2011.04.28 00:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions
[2010.11.08 13:58:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.19 00:26:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\piclens@cooliris.com
[2011.04.26 01:46:19 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-1.xml
[2011.03.29 10:37:05 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-2.xml
[2011.04.26 18:57:29 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-3.xml
[2011.02.28 18:40:45 | 000,001,056 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.xml
[2011.04.27 15:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.27 15:19:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2008.08.12 19:21:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.12.09 17:12:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.11 19:27:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.29 10:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.11.24 11:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.03.31 03:00:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.27 15:19:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU
[2009.08.28 19:13:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.06 01:47:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.06 01:47:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.06 01:47:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.06 01:47:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.06 01:47:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.26 18:49:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch]  File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel]  File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TerraTec Remote Control] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi Mayer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg
O24 - Desktop BackupWallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell - "" = AutoRun
O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{dd50489c-743b-11de-a7ae-810c884b6d38}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell - "" = AutoRun
O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell\AutoRun\command - "" = E:\ICM_ML.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.27 18:41:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.27 18:41:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.27 18:41:49 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.27 18:41:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.27 18:41:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.27 18:41:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.27 18:41:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.27 18:41:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.27 18:41:44 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.27 18:41:44 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.27 18:41:44 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.27 18:41:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.27 18:41:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.27 18:41:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.27 18:41:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.27 18:41:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.27 18:41:38 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.27 18:41:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.27 18:41:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.27 18:41:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.27 18:41:35 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.27 18:41:34 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.27 18:41:34 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.27 18:41:34 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.27 18:41:33 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.27 18:41:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.27 18:41:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.27 18:41:29 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.27 18:41:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.27 18:41:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.27 18:41:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.27 18:41:27 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.27 18:41:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.27 18:41:26 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.27 18:41:26 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.27 18:41:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.27 18:41:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.27 18:41:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.27 18:41:24 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.27 15:18:09 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2011.04.27 15:18:09 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2011.04.27 15:15:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InfoWatch
[2011.04.27 15:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE
[2011.04.27 15:15:41 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2011.04.27 15:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.04.27 15:14:57 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.04.27 14:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011.04.26 18:49:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.25 22:59:29 | 000,000,000 | ---D | C] -- C:\Users\Michi Mayer\AppData\Roaming\Malwarebytes
[2011.04.25 22:59:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.25 22:59:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.22 15:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIFC-NWCG Training
[2011.04.18 20:37:17 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.18 20:37:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.18 20:37:14 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.18 20:37:14 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.18 20:37:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.18 20:36:17 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.10 09:31:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.10 09:30:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.10 09:30:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.07 16:34:13 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB6B8.dll
[2008.01.22 19:48:46 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2008.01.22 19:45:42 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.01.22 19:45:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008.01.22 19:45:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007.12.21 11:35:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.28 02:18:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000UA.job
[2011.04.28 02:11:55 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.28 02:11:55 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.28 02:11:55 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.28 02:11:55 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.28 02:07:14 | 000,002,299 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini
[2011.04.28 02:06:54 | 000,198,935 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001
[2011.04.28 02:06:11 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.04.28 02:05:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.28 02:05:26 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 02:05:26 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 02:05:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.28 02:04:34 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.28 01:37:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.27 20:09:16 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.04.27 18:42:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.27 18:42:54 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.27 18:41:52 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.27 18:41:51 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.27 18:41:49 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.27 18:41:47 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.27 18:41:47 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.27 18:41:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.27 18:41:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.27 18:41:46 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.27 18:41:44 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.27 18:41:44 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.27 18:41:44 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.27 18:41:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.27 18:41:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.27 18:41:40 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.27 18:41:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.27 18:41:39 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.27 18:41:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.27 18:41:38 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.27 18:41:38 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.27 18:41:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.27 18:41:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.27 18:41:35 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.27 18:41:34 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.27 18:41:34 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.27 18:41:34 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.27 18:41:33 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.27 18:41:30 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.27 18:41:30 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.27 18:41:29 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.27 18:41:29 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.27 18:41:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.27 18:41:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.27 18:41:27 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.27 18:41:27 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.27 18:41:26 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.27 18:41:26 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.27 18:41:25 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.27 18:41:25 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.27 18:41:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.27 18:41:24 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.27 18:12:25 | 000,115,267 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.04.27 18:12:24 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.04.27 15:32:21 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job
[2011.04.27 15:14:57 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.04.27 12:18:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000Core.job
[2011.04.26 18:49:13 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.04.26 15:05:14 | 000,312,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 22:59:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 19:15:33 | 294,390,337 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.19 21:18:51 | 000,002,076 | ---- | M] () -- C:\Users\Michi Mayer\Desktop\Google Chrome.lnk
[2011.04.03 17:54:47 | 000,189,952 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 18:41:39 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.27 15:19:09 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.04.27 15:19:09 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.04.25 22:59:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.07 17:50:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.09.07 17:50:11 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.05 21:34:59 | 000,000,680 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\d3d9caps.dat
[2010.08.10 14:19:41 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.07 07:54:16 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010.05.07 07:54:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010.05.07 07:54:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010.05.07 07:54:16 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009.11.07 00:23:56 | 000,002,299 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini
[2009.09.17 20:22:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.17 20:22:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.08.04 00:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.04 00:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.03.12 16:23:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.03.12 16:23:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2008.10.20 21:51:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.30 14:55:00 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008.04.22 19:16:29 | 000,000,031 | ---- | C] () -- C:\Windows\Audiocut.ini
[2008.04.22 18:15:58 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySCut.dat
[2008.04.20 23:45:22 | 000,088,766 | ---- | C] () -- C:\Windows\System32\mdpeaee.dll
[2008.04.11 18:45:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys
[2008.04.09 22:58:01 | 000,000,099 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\fusioncache.dat
[2008.04.06 23:40:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.04.06 15:31:23 | 000,189,952 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.06 13:35:21 | 000,198,935 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001
[2008.04.06 13:34:11 | 000,198,935 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.dat
[2008.01.23 04:27:40 | 000,086,016 | ---- | C] () -- C:\Windows\Hide.exe
[2008.01.23 04:27:35 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2008.01.23 04:27:22 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008.01.22 19:48:46 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008.01.22 19:45:42 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.01.22 19:31:39 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.01.22 19:31:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2007.12.21 20:50:03 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.12.21 17:42:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.12.21 11:43:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.12.21 11:42:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.12.21 11:35:31 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.04.25 17:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 17:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 17:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 17:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 17:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 17:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 16:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.13 06:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,312,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.06.05 12:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2003.03.25 06:49:02 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2003.03.25 06:49:02 | 000,000,761 | ---- | C] () -- C:\Windows\m3jp2k.ini
[2003.03.25 06:49:02 | 000,000,714 | ---- | C] () -- C:\Windows\m3jpeg.ini
[2003.03.25 06:49:02 | 000,000,702 | ---- | C] () -- C:\Windows\mmtvmj.ini
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.17 13:20:02 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2008.04.06 19:31:32 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Acer
[2008.04.23 19:09:05 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Crazy Browser
[2011.04.28 02:08:20 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Dropbox
[2010.11.04 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\elsterformular
[2011.04.01 02:42:30 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQ
[2008.04.06 15:12:14 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQLite
[2010.09.07 23:53:54 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\PC Suite
[2010.09.07 23:44:44 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Samsung
[2008.04.11 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\TerraTec
[2011.04.28 01:59:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.27 15:32:21 | 000,000,430 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.04.2011 02:32:21 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Michi Mayer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 31,87 Gb Free Space | 28,53% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS
Drive E: | 827,18 Gb Total Space | 726,24 Gb Free Space | 87,80% Space Free | Partition Type: NTFS
 
Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{192BBAE5-0F5D-4D0F-AB48-1950134ABBDA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{28C0E538-BA0D-42C1-88BD-BD0D653CE4DC}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{2FFDB921-3176-4C3D-807B-0098AB292186}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4E9D40AC-FDF5-4C4D-A775-C3DBDB6863FA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97BC1400-B926-4F5A-A112-224486B539D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C5554ED1-9A2D-4B50-8177-8BF1274A3BC7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CAE3E844-C5C5-473D-9494-5DE690AAF28B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CDFA1042-310D-4293-8F23-9AFF92959C10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEF88F9E-A80F-43B1-9A33-BE6A9207C1A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EDCC1D31-370E-44C7-B3FB-F56F92568B11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6909E3-3380-4708-89D1-E44C4F1C5BC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1229780C-C88C-4C26-86BF-2C985E0D94A4}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{152A18D4-0092-4861-8334-7D3204595BED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{184B3631-8A0F-4962-B9D4-BAC2E700869D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1A215C81-6964-4D42-BD7A-9B813304ED28}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{1AB4ED0F-060A-4596-AB3B-66BBDCF69F93}" = protocol=6 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2FA9F86E-BF69-42C0-906E-430F7A100BA9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{345B9ED8-4843-4A7E-AD53-7BB95DD339DB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{347F4B7A-70C6-4715-B4A4-F449172322C1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{42F059C4-2EAD-418C-9ED6-AFF91A149BA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{433EB33C-8F1F-48A4-9F39-16CC3EC18065}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{58325EAC-B6A2-47F9-BB97-41C257CF3A5C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{5B8CA626-45C3-4C94-9739-9CA74A55EC14}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{68ADBD6B-B3EA-40E9-B725-66359B18CD84}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6CC9A0AE-29FA-483F-B6F2-539FB86F012D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{70130E7C-0309-494C-8017-729C00483829}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{7C8AB690-315F-472C-AB09-5B66B9B258B1}" = protocol=17 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7F3622DA-DF08-4B50-B982-8A8C59CDCBAE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8CDBF3C8-43A8-45CC-B476-F5F3B7F58E4A}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{8E337B85-6C9D-4D4E-94C4-23DD34BABA83}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{90D72BE9-52FA-48AE-ACCE-3B794FE739C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{916F52A4-F270-4F1D-A6BE-4474B2B424BB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{959294DA-5026-497C-8BAF-28F97369C29C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{A2D07019-48B9-4BE8-B8EF-ADB6B0EF53A2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A84EAEB1-2E53-402B-B043-02EEB2E1A38F}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{AB8CADB8-59A5-48A1-9A1A-55CE6C520EFE}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{AE8CA0E4-9210-41C2-BAD3-09578DAD969A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E1C686B6-2548-48DE-8113-3300D90AB38E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED85FDC4-22AE-401D-9E41-B705E865CFDF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{EDDB8E53-E0DB-40A9-8CAC-373E090535B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F33B0A6F-6307-40B2-AA21-097ED10D7FFC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F538D34E-D4AE-416B-8DD0-754F699F2360}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"TCP Query User{1BFFF91D-EF69-4314-8782-44876F7EB5FD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4CC196E1-3437-428B-99B7-E22BA534EA53}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{5465294A-FF4C-4A6D-8B5E-67BE788E4FBB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{73F64C53-829C-4F50-8D5F-A7EB6506B334}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{9644BF1B-0D13-4ABB-A734-489E56161D8E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{9C31D7CF-A6D3-4048-8F18-C6A5BA3ABF18}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{9C493383-A012-4736-89A6-FFDC105C450F}C:\program files\crazy browser\crazy browser.exe" = protocol=6 | dir=in | app=c:\program files\crazy browser\crazy browser.exe | 
"TCP Query User{D2F0606A-A0CE-4AB7-8371-6946AC25338B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{E70658CF-5F34-4BBC-8BF7-B2444DFFF139}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{05F653B8-AC9F-4E9C-987D-519DC5AF9C10}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{38251208-0D9F-468B-BE10-97557280C514}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{3B40CDF7-E093-43CA-A740-461E6906D056}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{5F845B05-9A72-4DA8-A4BD-72C4188FC511}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{65C21B08-CF44-44DE-B17B-84E1248EA40E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{689F2445-A4F2-4B88-A0D7-4F94556D7CDD}C:\program files\crazy browser\crazy browser.exe" = protocol=17 | dir=in | app=c:\program files\crazy browser\crazy browser.exe | 
"UDP Query User{DE9DE0EF-0E42-468B-A6F5-B004A4F240CD}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{E1C27E66-0EBF-413C-BA3C-A647E330EEA9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{EDB49B04-2D9A-4F3E-BD8D-B5E3F8905CFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35B7368A-F721-46E6-B258-EA3CC11A6924}" = EXAM
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEE3134-24BF-4EB1-A62C-4E02C477B508}" = Firefighting Training S-130 Course
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B23FFF43-8D7C-424D-93A4-810A404E8564}_is1" = Aviation Test Prep 2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Checker2006_is1" = Checker2006
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crazy Browser 3.0.0 RC1_is1" = Crazy Browser version 3.0.0 RC1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 11.5.1.4843" = ElsterFormular
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"GermaniX Transcoder_is1" = GermaniX Transcoder LX v4.0
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP3 Cutter Joiner_is1" = MP3 Cutter Joiner 1.17
"NVIDIA Drivers" = NVIDIA Drivers
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.1a
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SeeYou_is1" = SeeYou Version 3.1
"SkyTest® Trainingssoftware für den FQ-Simulator_is1" = SkyTest® Trainingssoftware für den FQ-Simulator
"Star Alliance TravelDesk_is1" = Star Alliance TravelDesk
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.1.0
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"webKONRAD" = webKONRAD
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Die Sicherung wurde abgebrochen,
 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 488
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Versuch, Datei "C:\Users\Michi
 Mayer\AppData\Local\Microsoft\Windows Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.pat"
 zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
 Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
 
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 217
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Fehler (-1032) während der
 Sicherung einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.edb). Die
 Datenbank kann nicht wiederhergestellt werden.
 
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Die Sicherung wurde abgebrochen,
 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 26.04.2011 06:29:42 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Skype.exe, Version 5.1.0.112, Zeitstempel 0x4d4037c2,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xe0fafafa, Fehleroffset 0x00000000,  Prozess-ID 0x14bc, Anwendungsstartzeit 01cc03f93c29fae1.
 
Error - 26.04.2011 12:49:57 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung OTL.exe, Version 3.2.22.3, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436, Ausnahmecode
 0xc0000005, Fehleroffset 0x0004a132,  Prozess-ID 0x12b4, Anwendungsstartzeit 01cc0431d236cc36.
 
Error - 27.04.2011 08:59:47 | Computer Name = Michi | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = 
 
Error - 27.04.2011 09:02:26 | Computer Name = Michi | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = 
 
Error - 27.04.2011 13:01:20 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x022f1860,  Prozess-ID 0x1870, Anwendungsstartzeit
 01cc04fc9a75d0fc.
 
Error - 27.04.2011 18:01:10 | Computer Name = Michi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 26.04.2011 12:49:09 | Computer Name = Michi | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 26.04.2011 12:49:09 | Computer Name = Michi | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 26.04.2011 12:52:28 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.04.2011 12:56:10 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 27.04.2011 05:13:55 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 09:12:02 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 09:12:46 | Computer Name = Michi | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 27.04.2011 13:23:17 | Computer Name = Michi | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 27.04.2011 13:26:35 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 20:05:48 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

Alt 28.04.2011, 01:50   #7
michimayer
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Hier die neuen OTL Logfiles:

---------------------OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.04.2011 02:32:21 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Michi Mayer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 31,87 Gb Free Space | 28,53% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS
Drive E: | 827,18 Gb Total Space | 726,24 Gb Free Space | 87,80% Space Free | Partition Type: NTFS
 
Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MICHIM~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Inc.)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (KiesAllShare) -- C:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (CSObjectsSrv) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (CSCrySec) -- C:\Windows\system32\DRIVERS\CSCrySec.sys (Infowatch)
DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV - (KLBG) -- C:\Windows\system32\DRIVERS\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\Windows\System32\drivers\sea1unic.sys (MCCI)
DRV - (sea1obex) -- C:\Windows\System32\drivers\sea1obex.sys (MCCI)
DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\Windows\System32\drivers\sea1nd5.sys (MCCI)
DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\sea1mgmt.sys (MCCI)
DRV - (sea1mdm) -- C:\Windows\System32\drivers\sea1mdm.sys (MCCI)
DRV - (sea1mdfl) -- C:\Windows\System32\drivers\sea1mdfl.sys (MCCI)
DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\Windows\System32\drivers\sea1bus.sys (MCCI)
DRV - (DVBUSB_0064_Sevice) -- C:\Windows\System32\drivers\USB_0064.sys ()
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.***.**/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.1.0.124
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.http: "200.238.83.49"
FF - prefs.js..network.proxy.http_port: 3128
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.29 10:36:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 10:36:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011.04.27 15:17:02 | 000,000,000 | ---D | M]
 
[2008.07.20 15:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Extensions
[2011.04.28 00:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions
[2010.11.08 13:58:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.19 00:26:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\piclens@cooliris.com
[2011.04.26 01:46:19 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-1.xml
[2011.03.29 10:37:05 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-2.xml
[2011.04.26 18:57:29 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-3.xml
[2011.02.28 18:40:45 | 000,001,056 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.xml
[2011.04.27 15:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.27 15:19:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2008.08.12 19:21:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.12.09 17:12:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.11 19:27:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.29 10:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.11.24 11:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.03.31 03:00:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.27 15:19:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU
[2009.08.28 19:13:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.06 01:47:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.06 01:47:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.06 01:47:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.06 01:47:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.06 01:47:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.26 18:49:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch]  File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel]  File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TerraTec Remote Control] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi Mayer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg
O24 - Desktop BackupWallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell - "" = AutoRun
O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{dd50489c-743b-11de-a7ae-810c884b6d38}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell - "" = AutoRun
O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell\AutoRun\command - "" = E:\ICM_ML.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.27 18:41:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.27 18:41:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.27 18:41:49 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.27 18:41:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.27 18:41:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.27 18:41:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.27 18:41:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.27 18:41:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.27 18:41:44 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.27 18:41:44 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.27 18:41:44 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.27 18:41:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.27 18:41:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.27 18:41:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.27 18:41:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.27 18:41:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.27 18:41:38 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.27 18:41:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.27 18:41:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.27 18:41:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.27 18:41:35 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.27 18:41:34 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.27 18:41:34 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.27 18:41:34 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.27 18:41:33 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.27 18:41:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.27 18:41:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.27 18:41:29 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.27 18:41:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.27 18:41:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.27 18:41:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.27 18:41:27 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.27 18:41:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.27 18:41:26 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.27 18:41:26 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.27 18:41:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.27 18:41:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.27 18:41:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.27 18:41:24 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.27 15:18:09 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys
[2011.04.27 15:18:09 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
[2011.04.27 15:15:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InfoWatch
[2011.04.27 15:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE
[2011.04.27 15:15:41 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2011.04.27 15:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.04.27 15:14:57 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.04.27 14:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011.04.26 18:49:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.25 22:59:29 | 000,000,000 | ---D | C] -- C:\Users\Michi Mayer\AppData\Roaming\Malwarebytes
[2011.04.25 22:59:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.25 22:59:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.22 15:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIFC-NWCG Training
[2011.04.18 20:37:17 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.18 20:37:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.18 20:37:14 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.18 20:37:14 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.18 20:37:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.18 20:36:17 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.10 09:31:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.10 09:30:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.10 09:30:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.07 16:34:13 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB6B8.dll
[2008.01.22 19:48:46 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2008.01.22 19:45:42 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.01.22 19:45:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008.01.22 19:45:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007.12.21 11:35:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.28 02:18:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000UA.job
[2011.04.28 02:11:55 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.28 02:11:55 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.28 02:11:55 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.28 02:11:55 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.28 02:07:14 | 000,002,299 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini
[2011.04.28 02:06:54 | 000,198,935 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001
[2011.04.28 02:06:11 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.04.28 02:05:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.28 02:05:26 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 02:05:26 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 02:05:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.28 02:04:34 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.28 01:37:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.27 20:09:16 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.04.27 18:42:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.27 18:42:54 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.27 18:41:52 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.27 18:41:51 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.27 18:41:49 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.27 18:41:47 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.27 18:41:47 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.27 18:41:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.27 18:41:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.27 18:41:46 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.27 18:41:44 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.27 18:41:44 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.27 18:41:44 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.27 18:41:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.27 18:41:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.27 18:41:40 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.27 18:41:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.27 18:41:39 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.27 18:41:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.27 18:41:38 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.27 18:41:38 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.27 18:41:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.27 18:41:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.27 18:41:35 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.27 18:41:34 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.27 18:41:34 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.27 18:41:34 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.27 18:41:33 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.27 18:41:30 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.27 18:41:30 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.27 18:41:29 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.27 18:41:29 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.27 18:41:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.27 18:41:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.27 18:41:27 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.27 18:41:27 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.27 18:41:26 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.27 18:41:26 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.27 18:41:25 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.27 18:41:25 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.27 18:41:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.27 18:41:24 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.27 18:12:25 | 000,115,267 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2011.04.27 18:12:24 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2011.04.27 15:32:21 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job
[2011.04.27 15:14:57 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2011.04.27 12:18:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000Core.job
[2011.04.26 18:49:13 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.04.26 15:05:14 | 000,312,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 22:59:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.24 19:15:33 | 294,390,337 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.19 21:18:51 | 000,002,076 | ---- | M] () -- C:\Users\Michi Mayer\Desktop\Google Chrome.lnk
[2011.04.03 17:54:47 | 000,189,952 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 18:41:39 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.27 15:19:09 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.04.27 15:19:09 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.04.25 22:59:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.07 17:50:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.09.07 17:50:11 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.05 21:34:59 | 000,000,680 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\d3d9caps.dat
[2010.08.10 14:19:41 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.07 07:54:16 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010.05.07 07:54:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010.05.07 07:54:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010.05.07 07:54:16 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009.11.07 00:23:56 | 000,002,299 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini
[2009.09.17 20:22:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.17 20:22:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.08.04 00:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.04 00:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.03.12 16:23:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.03.12 16:23:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2008.10.20 21:51:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.30 14:55:00 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008.04.22 19:16:29 | 000,000,031 | ---- | C] () -- C:\Windows\Audiocut.ini
[2008.04.22 18:15:58 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySCut.dat
[2008.04.20 23:45:22 | 000,088,766 | ---- | C] () -- C:\Windows\System32\mdpeaee.dll
[2008.04.11 18:45:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys
[2008.04.09 22:58:01 | 000,000,099 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\fusioncache.dat
[2008.04.06 23:40:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.04.06 15:31:23 | 000,189,952 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.06 13:35:21 | 000,198,935 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001
[2008.04.06 13:34:11 | 000,198,935 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.dat
[2008.01.23 04:27:40 | 000,086,016 | ---- | C] () -- C:\Windows\Hide.exe
[2008.01.23 04:27:35 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2008.01.23 04:27:22 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008.01.22 19:48:46 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008.01.22 19:45:42 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.01.22 19:31:39 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.01.22 19:31:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2007.12.21 20:50:03 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.12.21 17:42:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.12.21 11:43:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.12.21 11:42:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.12.21 11:35:31 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.04.25 17:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 17:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 17:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 17:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 17:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 17:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 16:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.13 06:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,312,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.06.05 12:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2003.03.25 06:49:02 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2003.03.25 06:49:02 | 000,000,761 | ---- | C] () -- C:\Windows\m3jp2k.ini
[2003.03.25 06:49:02 | 000,000,714 | ---- | C] () -- C:\Windows\m3jpeg.ini
[2003.03.25 06:49:02 | 000,000,702 | ---- | C] () -- C:\Windows\mmtvmj.ini
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.17 13:20:02 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2008.04.06 19:31:32 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Acer
[2008.04.23 19:09:05 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Crazy Browser
[2011.04.28 02:08:20 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Dropbox
[2010.11.04 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\elsterformular
[2011.04.01 02:42:30 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQ
[2008.04.06 15:12:14 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQLite
[2010.09.07 23:53:54 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\PC Suite
[2010.09.07 23:44:44 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Samsung
[2008.04.11 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\TerraTec
[2011.04.28 01:59:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.27 15:32:21 | 000,000,430 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.04.2011 02:32:21 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Michi Mayer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 31,87 Gb Free Space | 28,53% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS
Drive E: | 827,18 Gb Total Space | 726,24 Gb Free Space | 87,80% Space Free | Partition Type: NTFS
 
Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{192BBAE5-0F5D-4D0F-AB48-1950134ABBDA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{28C0E538-BA0D-42C1-88BD-BD0D653CE4DC}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{2FFDB921-3176-4C3D-807B-0098AB292186}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4E9D40AC-FDF5-4C4D-A775-C3DBDB6863FA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97BC1400-B926-4F5A-A112-224486B539D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C5554ED1-9A2D-4B50-8177-8BF1274A3BC7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CAE3E844-C5C5-473D-9494-5DE690AAF28B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CDFA1042-310D-4293-8F23-9AFF92959C10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEF88F9E-A80F-43B1-9A33-BE6A9207C1A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EDCC1D31-370E-44C7-B3FB-F56F92568B11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6909E3-3380-4708-89D1-E44C4F1C5BC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1229780C-C88C-4C26-86BF-2C985E0D94A4}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{152A18D4-0092-4861-8334-7D3204595BED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{184B3631-8A0F-4962-B9D4-BAC2E700869D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1A215C81-6964-4D42-BD7A-9B813304ED28}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{1AB4ED0F-060A-4596-AB3B-66BBDCF69F93}" = protocol=6 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2FA9F86E-BF69-42C0-906E-430F7A100BA9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{345B9ED8-4843-4A7E-AD53-7BB95DD339DB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{347F4B7A-70C6-4715-B4A4-F449172322C1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{42F059C4-2EAD-418C-9ED6-AFF91A149BA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{433EB33C-8F1F-48A4-9F39-16CC3EC18065}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{58325EAC-B6A2-47F9-BB97-41C257CF3A5C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{5B8CA626-45C3-4C94-9739-9CA74A55EC14}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{68ADBD6B-B3EA-40E9-B725-66359B18CD84}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6CC9A0AE-29FA-483F-B6F2-539FB86F012D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{70130E7C-0309-494C-8017-729C00483829}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{7C8AB690-315F-472C-AB09-5B66B9B258B1}" = protocol=17 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7F3622DA-DF08-4B50-B982-8A8C59CDCBAE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{8CDBF3C8-43A8-45CC-B476-F5F3B7F58E4A}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{8E337B85-6C9D-4D4E-94C4-23DD34BABA83}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{90D72BE9-52FA-48AE-ACCE-3B794FE739C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{916F52A4-F270-4F1D-A6BE-4474B2B424BB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{959294DA-5026-497C-8BAF-28F97369C29C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{A2D07019-48B9-4BE8-B8EF-ADB6B0EF53A2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A84EAEB1-2E53-402B-B043-02EEB2E1A38F}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{AB8CADB8-59A5-48A1-9A1A-55CE6C520EFE}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{AE8CA0E4-9210-41C2-BAD3-09578DAD969A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E1C686B6-2548-48DE-8113-3300D90AB38E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED85FDC4-22AE-401D-9E41-B705E865CFDF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{EDDB8E53-E0DB-40A9-8CAC-373E090535B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F33B0A6F-6307-40B2-AA21-097ED10D7FFC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F538D34E-D4AE-416B-8DD0-754F699F2360}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"TCP Query User{1BFFF91D-EF69-4314-8782-44876F7EB5FD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4CC196E1-3437-428B-99B7-E22BA534EA53}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{5465294A-FF4C-4A6D-8B5E-67BE788E4FBB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{73F64C53-829C-4F50-8D5F-A7EB6506B334}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{9644BF1B-0D13-4ABB-A734-489E56161D8E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{9C31D7CF-A6D3-4048-8F18-C6A5BA3ABF18}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{9C493383-A012-4736-89A6-FFDC105C450F}C:\program files\crazy browser\crazy browser.exe" = protocol=6 | dir=in | app=c:\program files\crazy browser\crazy browser.exe | 
"TCP Query User{D2F0606A-A0CE-4AB7-8371-6946AC25338B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{E70658CF-5F34-4BBC-8BF7-B2444DFFF139}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{05F653B8-AC9F-4E9C-987D-519DC5AF9C10}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{38251208-0D9F-468B-BE10-97557280C514}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{3B40CDF7-E093-43CA-A740-461E6906D056}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{5F845B05-9A72-4DA8-A4BD-72C4188FC511}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{65C21B08-CF44-44DE-B17B-84E1248EA40E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{689F2445-A4F2-4B88-A0D7-4F94556D7CDD}C:\program files\crazy browser\crazy browser.exe" = protocol=17 | dir=in | app=c:\program files\crazy browser\crazy browser.exe | 
"UDP Query User{DE9DE0EF-0E42-468B-A6F5-B004A4F240CD}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{E1C27E66-0EBF-413C-BA3C-A647E330EEA9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{EDB49B04-2D9A-4F3E-BD8D-B5E3F8905CFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35B7368A-F721-46E6-B258-EA3CC11A6924}" = EXAM
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEE3134-24BF-4EB1-A62C-4E02C477B508}" = Firefighting Training S-130 Course
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B23FFF43-8D7C-424D-93A4-810A404E8564}_is1" = Aviation Test Prep 2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Checker2006_is1" = Checker2006
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crazy Browser 3.0.0 RC1_is1" = Crazy Browser version 3.0.0 RC1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 11.5.1.4843" = ElsterFormular
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"GermaniX Transcoder_is1" = GermaniX Transcoder LX v4.0
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP3 Cutter Joiner_is1" = MP3 Cutter Joiner 1.17
"NVIDIA Drivers" = NVIDIA Drivers
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.1a
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SeeYou_is1" = SeeYou Version 3.1
"SkyTest® Trainingssoftware für den FQ-Simulator_is1" = SkyTest® Trainingssoftware für den FQ-Simulator
"Star Alliance TravelDesk_is1" = Star Alliance TravelDesk
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.1.0
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"webKONRAD" = webKONRAD
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Die Sicherung wurde abgebrochen,
 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 488
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Versuch, Datei "C:\Users\Michi
 Mayer\AppData\Local\Microsoft\Windows Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.pat"
 zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
 Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
 
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 217
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Fehler (-1032) während der
 Sicherung einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.edb). Die
 Datenbank kann nicht wiederhergestellt werden.
 
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
 Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Die Sicherung wurde abgebrochen,
 weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 26.04.2011 06:29:42 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Skype.exe, Version 5.1.0.112, Zeitstempel 0x4d4037c2,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xe0fafafa, Fehleroffset 0x00000000,  Prozess-ID 0x14bc, Anwendungsstartzeit 01cc03f93c29fae1.
 
Error - 26.04.2011 12:49:57 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung OTL.exe, Version 3.2.22.3, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436, Ausnahmecode
 0xc0000005, Fehleroffset 0x0004a132,  Prozess-ID 0x12b4, Anwendungsstartzeit 01cc0431d236cc36.
 
Error - 27.04.2011 08:59:47 | Computer Name = Michi | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = 
 
Error - 27.04.2011 09:02:26 | Computer Name = Michi | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = 
 
Error - 27.04.2011 13:01:20 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x022f1860,  Prozess-ID 0x1870, Anwendungsstartzeit
 01cc04fc9a75d0fc.
 
Error - 27.04.2011 18:01:10 | Computer Name = Michi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 26.04.2011 12:49:09 | Computer Name = Michi | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 26.04.2011 12:49:09 | Computer Name = Michi | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 26.04.2011 12:52:28 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.04.2011 12:56:10 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 27.04.2011 05:13:55 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 09:12:02 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 09:12:46 | Computer Name = Michi | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 27.04.2011 13:23:17 | Computer Name = Michi | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 27.04.2011 13:26:35 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.04.2011 20:05:48 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

Alt 28.04.2011, 02:02   #8
michimayer
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Inzwischen funktioniert auch plötzlich der TDSSKiller (Liegt das daran dass ich Kaspersky PURE installiert habe oder hat der Virus das vorher verhindert?)

Hat aber nix gefunden, hier der Report davon:

----------
2011/04/28 02:58:18.0800 4692 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/28 02:58:19.0190 4692 ================================================================================
2011/04/28 02:58:19.0190 4692 SystemInfo:
2011/04/28 02:58:19.0190 4692
2011/04/28 02:58:19.0190 4692 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/28 02:58:19.0190 4692 Product type: Workstation
2011/04/28 02:58:19.0190 4692 ComputerName: MICHI
2011/04/28 02:58:19.0190 4692 UserName: Michi Mayer
2011/04/28 02:58:19.0190 4692 Windows directory: C:\Windows
2011/04/28 02:58:19.0190 4692 System windows directory: C:\Windows
2011/04/28 02:58:19.0190 4692 Processor architecture: Intel x86
2011/04/28 02:58:19.0190 4692 Number of processors: 2
2011/04/28 02:58:19.0190 4692 Page size: 0x1000
2011/04/28 02:58:19.0190 4692 Boot type: Normal boot
2011/04/28 02:58:19.0190 4692 ================================================================================
2011/04/28 02:58:19.0534 4692 Initialize success
2011/04/28 02:58:22.0279 5760 ================================================================================
2011/04/28 02:58:22.0279 5760 Scan started
2011/04/28 02:58:22.0279 5760 Mode: Manual;
2011/04/28 02:58:22.0279 5760 ================================================================================
2011/04/28 02:58:22.0856 5760 A310 (97bd2e0ac8484705fcbe88aa006f0a94) C:\Windows\system32\DRIVERS\AVerA310USB.sys
2011/04/28 02:58:22.0934 5760 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/28 02:58:22.0981 5760 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/28 02:58:23.0059 5760 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/28 02:58:23.0106 5760 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/28 02:58:23.0122 5760 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/28 02:58:23.0215 5760 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/28 02:58:23.0309 5760 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/28 02:58:23.0371 5760 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/28 02:58:23.0449 5760 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/28 02:58:23.0480 5760 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/28 02:58:23.0527 5760 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/28 02:58:23.0574 5760 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/28 02:58:23.0605 5760 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/28 02:58:23.0652 5760 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/28 02:58:23.0699 5760 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/28 02:58:23.0792 5760 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/28 02:58:23.0839 5760 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/28 02:58:23.0933 5760 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/28 02:58:23.0964 5760 BDASwCap (9805c435f9f58e782bffbdd623daa007) C:\Windows\system32\drivers\AVerA310Cap.sys
2011/04/28 02:58:24.0026 5760 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/28 02:58:24.0136 5760 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/28 02:58:24.0167 5760 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/28 02:58:24.0198 5760 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/28 02:58:24.0229 5760 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/28 02:58:24.0245 5760 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/28 02:58:24.0292 5760 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/28 02:58:24.0307 5760 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/28 02:58:24.0338 5760 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/28 02:58:24.0448 5760 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/28 02:58:24.0510 5760 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/28 02:58:24.0572 5760 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/28 02:58:24.0650 5760 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/28 02:58:24.0744 5760 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/28 02:58:24.0791 5760 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/28 02:58:24.0853 5760 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/28 02:58:24.0884 5760 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/28 02:58:24.0916 5760 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/28 02:58:24.0994 5760 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\Windows\system32\DRIVERS\CSCrySec.sys
2011/04/28 02:58:25.0087 5760 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
2011/04/28 02:58:25.0150 5760 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/28 02:58:25.0228 5760 dgderdrv (3be1651c63954067940e7f473498ad70) C:\Windows\system32\drivers\dgderdrv.sys
2011/04/28 02:58:25.0368 5760 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/28 02:58:25.0415 5760 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/04/28 02:58:25.0477 5760 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/28 02:58:25.0540 5760 DVBUSB_0064_Sevice (e02bf27b7660714357fd8db4c0b74d7c) C:\Windows\system32\DRIVERS\usb_0064.sys
2011/04/28 02:58:25.0602 5760 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/28 02:58:25.0649 5760 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/28 02:58:25.0742 5760 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/28 02:58:25.0852 5760 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/28 02:58:26.0132 5760 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/28 02:58:26.0210 5760 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/28 02:58:26.0273 5760 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/28 02:58:26.0335 5760 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/28 02:58:26.0366 5760 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/28 02:58:26.0398 5760 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/28 02:58:26.0460 5760 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/28 02:58:26.0554 5760 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/28 02:58:26.0632 5760 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
2011/04/28 02:58:26.0694 5760 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/28 02:58:26.0741 5760 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/28 02:58:26.0834 5760 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/28 02:58:26.0912 5760 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/28 02:58:26.0959 5760 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/28 02:58:27.0022 5760 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/28 02:58:27.0068 5760 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/28 02:58:27.0115 5760 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/28 02:58:27.0146 5760 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/28 02:58:27.0209 5760 HSF_DPV (347385d69c15e3d045aa1cb46e4cb86d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/04/28 02:58:27.0271 5760 HSXHWAZL (919337d853703267da203e79a0ac1f2b) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/04/28 02:58:27.0334 5760 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/28 02:58:27.0365 5760 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/28 02:58:27.0427 5760 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/28 02:58:27.0490 5760 iaStor (5df93509037399b53d3ecaa8a67b6c58) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/28 02:58:27.0536 5760 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/28 02:58:27.0630 5760 IDSvix86 (78432a57d085328cf8baf125985425d2) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys
2011/04/28 02:58:27.0802 5760 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/28 02:58:27.0895 5760 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/04/28 02:58:28.0036 5760 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/28 02:58:28.0114 5760 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/28 02:58:28.0160 5760 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/28 02:58:28.0254 5760 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/28 02:58:28.0316 5760 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/28 02:58:28.0363 5760 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/28 02:58:28.0379 5760 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/28 02:58:28.0441 5760 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/28 02:58:28.0472 5760 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/28 02:58:28.0504 5760 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/28 02:58:28.0550 5760 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/28 02:58:28.0613 5760 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/28 02:58:28.0831 5760 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
2011/04/28 02:58:28.0878 5760 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\DRIVERS\klbg.sys
2011/04/28 02:58:28.0940 5760 KLIF (723f185c945c0a6d2e21c2bb26a46fe7) C:\Windows\system32\DRIVERS\klif.sys
2011/04/28 02:58:28.0972 5760 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
2011/04/28 02:58:29.0003 5760 klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/04/28 02:58:29.0081 5760 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/28 02:58:29.0174 5760 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/28 02:58:29.0252 5760 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/28 02:58:29.0268 5760 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/28 02:58:29.0299 5760 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/28 02:58:29.0362 5760 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/28 02:58:29.0424 5760 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/28 02:58:29.0455 5760 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/28 02:58:29.0518 5760 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/28 02:58:29.0580 5760 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/28 02:58:29.0627 5760 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/28 02:58:29.0674 5760 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/28 02:58:29.0752 5760 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/28 02:58:29.0814 5760 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/28 02:58:29.0876 5760 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/28 02:58:29.0908 5760 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/28 02:58:29.0970 5760 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/28 02:58:30.0017 5760 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/28 02:58:30.0064 5760 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/28 02:58:30.0079 5760 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/28 02:58:30.0110 5760 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/28 02:58:30.0142 5760 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/28 02:58:30.0204 5760 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/28 02:58:30.0266 5760 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/28 02:58:30.0329 5760 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/28 02:58:30.0360 5760 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/28 02:58:30.0407 5760 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/28 02:58:30.0469 5760 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/28 02:58:30.0516 5760 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/28 02:58:30.0547 5760 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/28 02:58:30.0578 5760 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/28 02:58:30.0656 5760 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/28 02:58:30.0750 5760 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/28 02:58:30.0812 5760 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/28 02:58:30.0875 5760 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/28 02:58:30.0937 5760 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/28 02:58:31.0000 5760 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/28 02:58:31.0031 5760 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/28 02:58:31.0109 5760 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/28 02:58:31.0265 5760 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/04/28 02:58:31.0405 5760 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/04/28 02:58:31.0452 5760 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/28 02:58:31.0514 5760 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/28 02:58:31.0577 5760 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/28 02:58:31.0670 5760 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/28 02:58:31.0717 5760 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/04/28 02:58:31.0748 5760 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/28 02:58:31.0826 5760 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/04/28 02:58:31.0858 5760 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/28 02:58:32.0092 5760 nvlddmkm (fd0ee4fa45ff58f6c9932b4265a83ba4) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/28 02:58:32.0185 5760 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/28 02:58:32.0216 5760 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/28 02:58:32.0232 5760 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/28 02:58:32.0357 5760 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/28 02:58:32.0466 5760 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/28 02:58:32.0528 5760 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/28 02:58:32.0560 5760 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/28 02:58:32.0622 5760 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/04/28 02:58:32.0684 5760 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/28 02:58:32.0731 5760 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/04/28 02:58:32.0794 5760 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/28 02:58:32.0872 5760 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/28 02:58:32.0996 5760 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/28 02:58:33.0028 5760 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/28 02:58:33.0106 5760 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/28 02:58:33.0137 5760 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/04/28 02:58:33.0168 5760 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
2011/04/28 02:58:33.0199 5760 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
2011/04/28 02:58:33.0262 5760 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/28 02:58:33.0293 5760 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/28 02:58:33.0355 5760 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/28 02:58:33.0418 5760 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/28 02:58:33.0480 5760 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/28 02:58:33.0542 5760 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/28 02:58:33.0605 5760 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/28 02:58:33.0667 5760 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/28 02:58:33.0730 5760 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/28 02:58:33.0808 5760 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/28 02:58:33.0839 5760 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/28 02:58:33.0870 5760 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/28 02:58:33.0948 5760 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/04/28 02:58:33.0979 5760 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/04/28 02:58:34.0026 5760 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/04/28 02:58:34.0104 5760 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/28 02:58:34.0166 5760 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/04/28 02:58:34.0229 5760 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/04/28 02:58:34.0260 5760 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/04/28 02:58:34.0307 5760 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/04/28 02:58:34.0338 5760 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/04/28 02:58:34.0354 5760 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/04/28 02:58:34.0385 5760 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/04/28 02:58:34.0447 5760 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/28 02:58:34.0525 5760 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/28 02:58:34.0572 5760 sea1bus (d2654321192037bae90204e2fa6697ce) C:\Windows\system32\DRIVERS\sea1bus.sys
2011/04/28 02:58:34.0634 5760 sea1mdfl (8146d9ec5142bd364956d3807f09ca9a) C:\Windows\system32\DRIVERS\sea1mdfl.sys
2011/04/28 02:58:34.0681 5760 sea1mdm (afe065da777dc4408c64df5c87472bb9) C:\Windows\system32\DRIVERS\sea1mdm.sys
2011/04/28 02:58:34.0744 5760 sea1mgmt (a0bbd60222ad053d52f3a5c4f79904c7) C:\Windows\system32\DRIVERS\sea1mgmt.sys
2011/04/28 02:58:34.0790 5760 sea1nd5 (6549babfc3362f1621a8c0eff288fb14) C:\Windows\system32\DRIVERS\sea1nd5.sys
2011/04/28 02:58:34.0837 5760 sea1obex (957510ab44e84497733f53322351f6e8) C:\Windows\system32\DRIVERS\sea1obex.sys
2011/04/28 02:58:34.0853 5760 sea1unic (c1517e6a7ce1191ab076472bdf1b0e6e) C:\Windows\system32\DRIVERS\sea1unic.sys
2011/04/28 02:58:34.0915 5760 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/28 02:58:34.0962 5760 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/28 02:58:34.0978 5760 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/28 02:58:35.0009 5760 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/28 02:58:35.0087 5760 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/28 02:58:35.0102 5760 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/28 02:58:35.0165 5760 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/28 02:58:35.0180 5760 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/28 02:58:35.0243 5760 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/28 02:58:35.0274 5760 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/28 02:58:35.0321 5760 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/28 02:58:35.0383 5760 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/28 02:58:35.0492 5760 SNP2UVC (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/04/28 02:58:35.0570 5760 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/28 02:58:35.0633 5760 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/28 02:58:35.0711 5760 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/28 02:58:35.0742 5760 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/28 02:58:35.0804 5760 sscebus (b2063ce662af3ab20045121a5b716df6) C:\Windows\system32\DRIVERS\sscebus.sys
2011/04/28 02:58:35.0867 5760 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\Windows\system32\DRIVERS\sscemdfl.sys
2011/04/28 02:58:35.0929 5760 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\Windows\system32\DRIVERS\sscemdm.sys
2011/04/28 02:58:36.0038 5760 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/28 02:58:36.0101 5760 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/28 02:58:36.0148 5760 SymEvent (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/04/28 02:58:36.0179 5760 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/28 02:58:36.0210 5760 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/28 02:58:36.0257 5760 SynTP (c5f25d490d0915732508fd421bf76d93) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/28 02:58:36.0366 5760 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/28 02:58:36.0413 5760 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/28 02:58:36.0475 5760 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/28 02:58:36.0522 5760 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/28 02:58:36.0553 5760 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/28 02:58:36.0616 5760 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/28 02:58:36.0662 5760 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/28 02:58:36.0740 5760 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/28 02:58:36.0803 5760 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/28 02:58:36.0850 5760 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/28 02:58:36.0896 5760 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/28 02:58:36.0959 5760 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/28 02:58:37.0006 5760 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/28 02:58:37.0052 5760 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/28 02:58:37.0084 5760 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/28 02:58:37.0115 5760 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/28 02:58:37.0162 5760 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/28 02:58:37.0240 5760 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/28 02:58:37.0286 5760 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/28 02:58:37.0318 5760 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/28 02:58:37.0364 5760 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/28 02:58:37.0427 5760 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/28 02:58:37.0458 5760 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/28 02:58:37.0505 5760 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/28 02:58:37.0552 5760 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/28 02:58:37.0583 5760 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/28 02:58:37.0630 5760 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/28 02:58:37.0708 5760 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/28 02:58:37.0754 5760 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/28 02:58:37.0801 5760 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/28 02:58:37.0832 5760 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/28 02:58:37.0879 5760 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/28 02:58:37.0895 5760 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/28 02:58:37.0957 5760 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/28 02:58:38.0035 5760 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/28 02:58:38.0082 5760 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/28 02:58:38.0129 5760 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/28 02:58:38.0160 5760 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/28 02:58:38.0222 5760 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 02:58:38.0238 5760 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 02:58:38.0285 5760 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/28 02:58:38.0347 5760 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/28 02:58:38.0456 5760 winachsf (3344b5c3209e538291398ff12f895155) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/04/28 02:58:38.0488 5760 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
2011/04/28 02:58:38.0581 5760 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/04/28 02:58:38.0644 5760 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/28 02:58:38.0737 5760 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/28 02:58:38.0815 5760 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/28 02:58:38.0893 5760 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/28 02:58:38.0956 5760 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
2011/04/28 02:58:39.0034 5760 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
2011/04/28 02:58:39.0112 5760 ================================================================================
2011/04/28 02:58:39.0112 5760 Scan finished
2011/04/28 02:58:39.0112 5760 ================================================================================

Alt 28.04.2011, 14:58   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Alt 29.04.2011, 14:34   #10
michimayer
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Servus Arne,

Danke nochmal für Deine Hilfe!

Habe jetzt CoboFix laufen lassen und das Log dazu. Ist noch irgendwas weiteres zu tun?

Schöne Grüße,

Michi

----------------------Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-28.03 - Michi Mayer 29.04.2011  14:56:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.2008 [GMT 2:00]
ausgeführt von:: c:\users\Michi Mayer\Downloads\Cufi.exe
AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeB6B8.dll
c:\windows\hide.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-28 bis 2011-04-29  ))))))))))))))))))))))))))))))
.
.
2011-04-29 13:06 . 2011-04-29 13:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-29 08:35 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{99FB70AE-3DC1-4D4A-A004-A0239D215B7F}\mpengine.dll
2011-04-28 10:03 . 2009-04-11 06:32	226280	----a-w-	c:\windows\system32\drivers\volsnap.sys
2011-04-27 22:01 . 2011-04-27 22:01	1186056	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-27 13:19 . 2010-10-01 20:05	162392	----a-w-	c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-04-27 13:19 . 2011-04-27 16:12	115267	----a-w-	c:\windows\system32\drivers\klin.dat
2011-04-27 13:19 . 2011-04-27 16:12	97859	----a-w-	c:\windows\system32\drivers\klick.dat
2011-04-27 13:18 . 2009-12-14 10:44	88632	----a-w-	c:\windows\system32\drivers\CSCrySec.sys
2011-04-27 13:18 . 2009-12-14 10:44	39352	----a-w-	c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-04-27 13:15 . 2011-04-27 13:15	--------	d-----w-	c:\program files\Common Files\InfoWatch
2011-04-27 13:15 . 2011-04-27 13:15	--------	d-----w-	c:\program files\Kaspersky Lab
2011-04-27 13:15 . 2011-04-29 08:28	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-04-27 13:09 . 2011-04-27 13:09	--------	d-----w-	C:\kleaner.tmp
2011-04-27 12:53 . 2011-04-27 12:53	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2011-04-26 16:49 . 2011-04-27 22:01	--------	d-----w-	C:\_OTL
2011-04-25 20:59 . 2011-04-25 20:59	--------	d-----w-	c:\users\Michi Mayer\AppData\Roaming\Malwarebytes
2011-04-25 20:59 . 2011-04-25 20:59	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-25 20:59 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 20:59 . 2011-04-25 20:59	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-22 13:00 . 2000-01-04 04:39	212992	----a-w-	c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-04-18 18:36 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-18 18:36 . 2011-03-03 13:25	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-04-18 18:36 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 14:13 . 2011-03-27 17:18	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-27 17:18	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-27 17:18	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-02-02 19:40 . 2010-05-06 00:40	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-03 09:32	222080	------w-	c:\windows\system32\MpSigStub.exe
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Michi Mayer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Michi Mayer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Michi Mayer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 20:05	129624	----a-w-	c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-10-27 3365176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 4702208]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-12-14 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-12-05 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-14 174616]
"TerraTec Remote Control"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2006-12-07 1032192]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Skytel"="Skytel.exe" [2007-12-14 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
.
c:\users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michi Mayer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-27 97680]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-1-22 1216512]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-21 535336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 135664]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2007-07-10 26368]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2007-07-10 42240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 135664]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-11-21 202872]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [2010-05-04 9241088]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2007-01-04 61536]
R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2007-01-04 9360]
R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2007-01-04 97088]
R3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sea1mgmt.sys [2007-01-04 88624]
R3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\DRIVERS\sea1nd5.sys [2007-01-04 18704]
R3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\sea1obex.sys [2007-01-04 86432]
R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2007-01-04 90800]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-12-05 41456]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-12-14 179712]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 18120]
S3 DVBUSB_0064_Sevice;Cinergy S USB service;c:\windows\system32\DRIVERS\usb_0064.sys [2006-12-29 98304]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-05-01 36640]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-12-14 43008]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 02:10]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 02:10]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000Core.job
- c:\users\Michi Mayer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-18 10:50]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000UA.job
- c:\users\Michi Mayer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-18 10:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.***.**/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! Deutschland
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.***.**/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Acer Tour Reminder - (no file)
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-29 15:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-29  15:11:34
ComboFix-quarantined-files.txt  2011-04-29 13:11
.
Vor Suchlauf: 24 Verzeichnis(se), 36.563.988.480 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 37.825.474.560 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DAA5536AB81949236D66B0E178F1A056
         
--- --- ---

Alt 29.04.2011, 20:24   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Alt 29.04.2011, 21:11   #12
michimayer
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Oooookay...

GMER ist beim ersten Versuch während des Ausführens irgendwann abgestürzt, beim zweiten Versuch ist gleich am Anfang der ganze PC abgestürzt und musste neu booten.

OSAM will sich irgendwie schon gar nicht richtig entpacken, geschweige denn ausführen lassen.

MBRCheck hat irgendeine Meldung mit "Unknown MBR Code" usw. ausgegeben wonach ich schon dachte das funktioniert auch nicht, es war dann aber dennoch das .txt Dokument da:

------------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 5920G
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 175):
0x82840000 \SystemRoot\system32\ntkrnlpa.exe
0x8280D000 \SystemRoot\system32\hal.dll
0x80608000 \SystemRoot\system32\kdcom.dll
0x8060F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067F000 \SystemRoot\system32\PSHED.dll
0x80690000 \SystemRoot\system32\BOOTVID.dll
0x80698000 \SystemRoot\system32\CLFS.SYS
0x806D9000 \SystemRoot\system32\CI.dll
0x82E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E7C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E89000 \SystemRoot\system32\drivers\acpi.sys
0x82ECF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82ED8000 \SystemRoot\system32\drivers\msisadrv.sys
0x82EE0000 \SystemRoot\system32\drivers\pci.sys
0x82F07000 \SystemRoot\system32\DRIVERS\CSCrySec.sys
0x82F1B000 \SystemRoot\System32\drivers\partmgr.sys
0x82F2A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82F2D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82F37000 \SystemRoot\system32\drivers\volmgr.sys
0x82F46000 \SystemRoot\System32\drivers\volmgrx.sys
0x82F90000 \SystemRoot\system32\drivers\intelide.sys
0x82F97000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82FA5000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AA0A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8AAC8000 \SystemRoot\system32\drivers\atapi.sys
0x8AAD0000 \SystemRoot\system32\drivers\ataport.SYS
0x8AAEE000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AB20000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AB30000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8AB39000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AC0D000 \SystemRoot\system32\drivers\ndis.sys
0x8AD18000 \SystemRoot\system32\drivers\msrpc.sys
0x8AD43000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AE07000 \SystemRoot\System32\drivers\tcpip.sys
0x8AEF1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B006000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B116000 \SystemRoot\system32\drivers\volsnap.sys
0x8B14F000 \SystemRoot\System32\Drivers\spldr.sys
0x8B157000 \SystemRoot\system32\drivers\psdvdisk.sys
0x8B169000 \SystemRoot\system32\drivers\PSDNServ.sys
0x8B172000 \SystemRoot\System32\Drivers\mup.sys
0x8B181000 \SystemRoot\system32\DRIVERS\klbg.sys
0x8B18E000 \SystemRoot\System32\drivers\ecache.sys
0x8B1B5000 \SystemRoot\system32\drivers\disk.sys
0x8B1C6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B1E7000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AFCA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AFD5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AFDE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F20D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F954000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F9F4000 \SystemRoot\System32\drivers\watchdog.sys
0x8F200000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8AD7E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AFED000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FC06000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FE01000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x9002A000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x90059000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90069000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90077000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90091000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x900A2000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x900B6000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x90108000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x9011D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90130000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x9013A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90145000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90173000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90175000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x9017E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90189000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x901A1000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x901A3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x901A7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x901B0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FC93000 \SystemRoot\system32\DRIVERS\storport.sys
0x901DF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FCD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x901EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FCEB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FD0E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FD1D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FD31000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FD46000 \SystemRoot\system32\DRIVERS\termdd.sys
0x901F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FD56000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FD80000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8FD8E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FD98000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FDA5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FDDA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9040D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8ADBC000 \SystemRoot\system32\drivers\portcls.sys
0x8ABAA000 \SystemRoot\system32\drivers\drmk.sys
0x82FB5000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x9060D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90710000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x907C5000 \SystemRoot\system32\drivers\modem.sys
0x907D2000 \SystemRoot\system32\DRIVERS\hidir.sys
0x907DD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x907ED000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x907F4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90600000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90A0B000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x90BB2000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x90BBF000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x9180B000 \SystemRoot\system32\DRIVERS\klif.sys
0x9185C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91865000 \SystemRoot\System32\Drivers\Null.SYS
0x9186C000 \SystemRoot\System32\Drivers\Beep.SYS
0x91873000 \SystemRoot\System32\drivers\vga.sys
0x9187F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x918A0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x918A8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x918B0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x918BB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x918C9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x918D2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91A08000 \SystemRoot\system32\DRIVERS\kl1.sys
0x91F28000 \SystemRoot\system32\DRIVERS\usb_0064.sys
0x91F43000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x91F46000 \SystemRoot\system32\DRIVERS\smb.sys
0x91F5A000 \SystemRoot\system32\drivers\afd.sys
0x91FA2000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91FD4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91FEA000 \SystemRoot\system32\DRIVERS\klim6.sys
0x91FF1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x918E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x918FB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91937000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91941000 \SystemRoot\System32\Drivers\dfsc.sys
0x91A00000 \SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys
0x91958000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9196F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91978000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x9197F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8AF0C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9B8C0000 \SystemRoot\System32\win32k.sys
0x9198C000 \SystemRoot\System32\drivers\Dxapi.sys
0x91996000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9BAE0000 \SystemRoot\System32\TSDDD.dll
0x9BB00000 \SystemRoot\System32\cdd.dll
0x919A5000 \SystemRoot\system32\drivers\luafv.sys
0xA2805000 \SystemRoot\system32\drivers\spsys.sys
0xA28B5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA28C5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA28EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA28F9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA290C000 \SystemRoot\system32\drivers\HTTP.sys
0xA2979000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA2996000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA29AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA29C4000 \SystemRoot\system32\drivers\mrxdav.sys
0x919C8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x90BC6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA29E5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8ABCF000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA4206000 \SystemRoot\System32\DRIVERS\srv.sys
0xA426D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4283000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA428A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA428E000 \SystemRoot\system32\drivers\peauth.sys
0xA436C000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA4376000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4382000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA438A000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
0xA43A7000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA43CD000 \SystemRoot\System32\drivers\dgderdrv.sys
0xA43D0000 \SystemRoot\system32\drivers\tdtcp.sys
0xA43DB000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x807B9000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA43E7000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0x76F20000 \Windows\System32\ntdll.dll

Processes (total 91):
0 System Idle Process
4 SYSTEM
544 C:\Windows\System32\smss.exe
676 csrss.exe
728 C:\Windows\System32\wininit.exe
736 csrss.exe
772 C:\Windows\System32\services.exe
816 C:\Windows\System32\lsass.exe
824 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\winlogon.exe
992 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\audiodg.exe
1284 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\SLsvc.exe
1344 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\svchost.exe
1876 C:\Windows\System32\spoolsv.exe
1900 C:\Windows\System32\svchost.exe
488 C:\Acer\ALaunch\ALaunchSvc.exe
808 C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
536 C:\Windows\System32\dgdersvc.exe
1000 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
976 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
1712 C:\Acer\Empowering Technology\eNet\eNet Service.exe
344 C:\Windows\System32\FsUsbExService.Exe
796 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2076 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2140 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2160 C:\Acer\Mobility Center\MobilityService.exe
2200 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2252 C:\Windows\System32\svchost.exe
2276 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2292 C:\Program Files\Acer\Acer VCM\RS_Service.exe
2332 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2404 C:\Windows\System32\svchost.exe
2476 C:\Windows\System32\svchost.exe
2504 C:\Windows\System32\SearchIndexer.exe
2544 C:\Windows\System32\drivers\XAudio.exe
2572 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2608 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2688 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
2912 WmiPrvSE.exe
2984 WmiPrvSE.exe
3092 unsecapp.exe
3492 C:\Windows\System32\alg.exe
3328 C:\Windows\System32\taskeng.exe
3828 C:\Windows\System32\svchost.exe
3140 C:\Windows\System32\taskeng.exe
1816 C:\Windows\System32\dwm.exe
3584 C:\Windows\explorer.exe
3472 C:\Windows\System32\svchost.exe
3176 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
2840 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
1584 C:\Acer\Empowering Technology\eAudio\eAudio.exe
1232 C:\Windows\RtHDVCpl.exe
4276 C:\Program Files\Launch Manager\QtZgAcer.EXE
4284 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4296 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
4340 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
4348 C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe
4356 C:\Windows\WindowsMobile\wmdSync.exe
4416 C:\Windows\System32\rundll32.exe
4444 C:\Program Files\FreePDF_XP\fpassist.exe
4456 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4524 C:\Program Files\Windows Sidebar\sidebar.exe
4560 C:\Windows\ehome\ehtray.exe
4632 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
4656 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
4760 C:\Program Files\Windows Sidebar\sidebar.exe
4856 C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
4876 C:\Windows\System32\rundll32.exe
4960 C:\Users\MICHIM~1\AppData\Local\Temp\RtkBtMnt.exe
4992 C:\Windows\ehome\ehmsas.exe
5120 C:\Acer\Empowering Technology\eNet\eNMTray.exe
5296 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
5336 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
5392 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
5556 C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
4008 C:\Program Files\Acer\Acer VCM\acp2HID.exe
4196 taskeng.exe
5168 C:\Windows\System32\conime.exe
4868 C:\Windows\System32\SearchProtocolHost.exe
5800 C:\Windows\System32\SearchFilterHost.exe
3732 dllhost.exe
4432 dllhost.exe
2488 C:\Users\Michi Mayer\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5ce00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 31171527C24A94682C92F34EB1E387CDC8AD21FC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

Alt 30.04.2011, 01:28   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Standard

Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte



Für OSAM brauchst du WinRAR oder 7zip!

Antwort

Themen zu Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte
aktiv, alles weg, anti-malware, browser.exe, dateien, desktop, eigene bilder, excel.exe, explorer, externe festplatte, festplatte, firefox, forum, frage, iceyochtffau.exe, install.exe, launch, location, logfile, malware.gen, malwarebytes, microsoft, microsoft office word, mozilla, nvlddmkm.sys, office 2007, oldtimer, otl-log, plug-in, pop-up-blocker, remote control, saver, searchplugins, security scan, security update, shortcut, skype.exe, software, start, start menu, studio, surfen, temp, tmp, trojan.fakealert, trojan.fakeav, trojaner, vista, visual studio, vorschläge, windows, windows recovery, windows recovery malwarebytes, windows vista



Ähnliche Themen: Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte


  1. Verdacht: Trojaner auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 09.04.2014 (17)
  2. Trojaner Sirefef.Ag.9/Pidief.hck auf 2 PCs + externer Festplatte
    Log-Analyse und Auswertung - 26.02.2013 (3)
  3. Frage zu externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (3)
  4. Dropper und Trojaner in Externer Festplatte - Fake Meldung?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (4)
  5. Trojaner versteckt Dateien auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (1)
  6. Trojaner auf externer Festplatte - Aus Ordnern wurden Verlinkungen
    Plagegeister aller Art und deren Bekämpfung - 31.01.2012 (3)
  7. ordner in externer festplatte nur verknüpfungen?! Windows cannot find `K: RECYCLER/ 470a1245. hilfe!
    Log-Analyse und Auswertung - 19.12.2011 (13)
  8. Bundespolizei Trojaner - "Erste Rep erfolgt", Recovery möglich ?
    Plagegeister aller Art und deren Bekämpfung - 13.09.2011 (1)
  9. Trojaner auf Externer Festplatte - Kein zuriff auf Ordner
    Plagegeister aller Art und deren Bekämpfung - 05.08.2011 (34)
  10. Windows Vista Recovery(Festplatte Defekt)Trojaner dazu schwarzer Bildschirm und alle Daten versteckt
    Log-Analyse und Auswertung - 31.05.2011 (7)
  11. Gefahr für Mac durch Trojaner/Malware auf externer Festplatte?
    Alles rund um Mac OSX & Linux - 07.04.2011 (39)
  12. Trojaner im Recycler auf externer Festplatte gefunden: TR/Autorun.nt
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (3)
  13. Sparkassen-Trojaner (40 TANs) von externer Festplatte entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.08.2010 (16)
  14. Virus (Trojaner Win32 Fake/AV) auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 03.02.2010 (1)
  15. Trojaner (trojan.downloader) auf externer Festplatte.
    Log-Analyse und Auswertung - 18.05.2009 (0)
  16. Trojaner auf externer Festplatte
    Mülltonne - 03.07.2008 (0)
  17. Frage zu Viren auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 29.09.2007 (1)

Zum Thema Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte - Hallo, Ich benutze Windows Vista (32Bit) und habe mir am Ostersonntag zwischen 1000 und 1100 Uhr den Windows Recovery Trojaner beim Surfen mit Mozilla Firefox eingefangen. Zu dem Zeitpunkt hatte - Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte...
Archiv
Du betrachtest: Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.