| |
| |||||||
Log-Analyse und Auswertung: Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer FestplatteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
26.04.2011, 00:17
| #1 |
| |  Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Hallo, Ich benutze Windows Vista (32Bit) und habe mir am Ostersonntag zwischen 1000 und 1100 Uhr den Windows Recovery Trojaner beim Surfen mit Mozilla Firefox eingefangen. Zu dem Zeitpunkt hatte ich praktischerweise meine externe Festplatte angeschlossen auf der ich immer meine wichtigen Daten sichere. Derzeit habe ich diese externe Festplatte inzwischen getrennt und hier das erste Logfile eines Vollscans der eingebauten Festplatte mit Malwarebytes, welches in anderen Forenbeiträgen ja empfohlen wurde. (Die externe Festplatte hab ich jetzt NOCH NICHT gescanned !) Hat jemand Vorschläge, wie ich weiter verfahren soll, vor allem mit meiner externen Festplatte? Ich bin natürlich auch nur aufgrund meines aktuellen Trojaners auf dieses Forum gestossen, und habe beim Lesen anderer Beiträge gesehen wie gut einem hier offenbar geholfen werden kann. Ich bin recht aktiv bei der Freiwilligen Feuerwehr und brauche zum Glück selbst recht selten Hilfe von anderen Leuten, aber jetzt bin ich mal der dem geholfen werden kann auch wenn´s im Vergleich mit anderen Sachen nur ne Lappalie ist. Das Gefühl wenn man merkt dass Hilfe greifbar ist, das ist schon toll. Selbst falls ich auf meinen Beitrag keine Antworten erhalten sollte, möchte ich mich hier schon bei den Autoren in anderen Themen bedanken die ich gelesen habe, und die mir schon ein ganzes Stück helfen konnten! Vielen Dank! ------ Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6443 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 26.04.2011 00:50:41 mbam-log-2011-04-26 (00-50-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 416648 Laufzeit: 1 Stunde(n), 48 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 9 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iCEyocHtffAu (Trojan.FakeAlert) -> Value: iCEyocHtffAu -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Users\michi mayer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\iceyochtffau.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\43966216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\michi mayer\AppData\Local\Temp\tmp82C6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\michi mayer\AppData\Local\Temp\0.6968273654595298.exe (Malware.Gen) -> Quarantined and deleted successfully. d:\eigene dateien\CD1\eigene dateien\Internet\piapbz.exe (PUP.Joke.Zoodesk) -> Quarantined and deleted successfully. d:\eigene dateien\Internet\downloads\divxpro502gainbundle.exe (Adware.Gain) -> Quarantined and deleted successfully. c:\Users\michi mayer\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\michi mayer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. c:\Users\michi mayer\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully. Nach der Aktion mit Malwarebytes habe ich nun rkill.exe laufen lassen mit folgendem Ergebnis: ---- This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 26.04.2011 at 1:52:45. Operating System: Windows Vista (TM) Home Premium Processes terminated by Rkill or while it was running: C:\Users\MICHIM~1\AppData\Local\Temp\RtkBtMnt.exe Rkill completed on 26.04.2011 at 1:53:00. ------------------------ Da nach dem Vollscan mit Malwarebytes bei rkill.exe noch was geschlossen werden musste trau ich den quickscans nicht dass nun alles weg sein soll. Ich poste hier schon mal das OTL-Log, und werd morgen wohl nach erneutem Ausführen von rkill.exe nochmal einen Vollscan mit Malwarebytes durchführen. ----------OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.04.2011 02:05:13 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Michi Mayer\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,69 Gb Total Space | 33,27 Gb Free Space | 29,79% Space Free | Partition Type: NTFS Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Inc.) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (KiesAllShare) -- C:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe () SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\Windows\System32\drivers\sea1unic.sys (MCCI) DRV - (sea1obex) -- C:\Windows\System32\drivers\sea1obex.sys (MCCI) DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\Windows\System32\drivers\sea1nd5.sys (MCCI) DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\sea1mgmt.sys (MCCI) DRV - (sea1mdm) -- C:\Windows\System32\drivers\sea1mdm.sys (MCCI) DRV - (sea1mdfl) -- C:\Windows\System32\drivers\sea1mdfl.sys (MCCI) DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\Windows\System32\drivers\sea1bus.sys (MCCI) DRV - (DVBUSB_0064_Sevice) -- C:\Windows\System32\drivers\USB_0064.sys () DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = *** IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.***.**/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - prefs.js..network.proxy.http: "200.238.83.49" FF - prefs.js..network.proxy.http_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.29 10:36:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 10:36:52 | 000,000,000 | ---D | M] [2008.07.20 15:02:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Extensions [2011.04.25 23:57:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions [2010.04.29 18:42:36 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.08 13:58:19 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.19 00:26:13 | 000,000,000 | -H-D | M] (Cooliris) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\piclens@cooliris.com [2011.04.26 01:46:19 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-1.xml [2011.03.29 10:37:05 | 000,000,950 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-2.xml [2010.11.08 13:58:19 | 000,000,168 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.gif [2010.11.08 13:58:19 | 000,000,618 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.src [2011.02.28 18:40:45 | 000,001,056 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.xml [2011.04.10 09:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2008.08.12 19:21:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008.12.09 17:12:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.04.11 19:27:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.29 10:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.11.24 11:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.03.31 03:00:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.06 01:47:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.06 01:47:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.06 01:47:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.06 01:47:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.06 01:47:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [ALaunch] File not found O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TerraTec Remote Control] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi Mayer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O13 - gopher Prefix: missing O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg O24 - Desktop BackupWallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell - "" = AutoRun O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{dd50489c-743b-11de-a7ae-810c884b6d38}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell - "" = AutoRun O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell\AutoRun\command - "" = E:\ICM_ML.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.25 22:59:29 | 000,000,000 | ---D | C] -- C:\Users\Michi Mayer\AppData\Roaming\Malwarebytes [2011.04.25 22:59:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.25 22:59:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.22 18:07:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.22 15:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIFC-NWCG Training [2011.04.18 20:37:17 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.18 20:37:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.18 20:37:14 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.18 20:37:14 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.18 20:37:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.18 20:37:03 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.18 20:37:03 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.18 20:37:03 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.18 20:37:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.18 20:37:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.18 20:37:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.18 20:36:19 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.18 20:36:19 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.18 20:36:17 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.10 09:31:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.10 09:30:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.10 09:30:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.03.27 19:18:31 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.27 19:18:30 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2010.09.07 16:34:13 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB6B8.dll [2008.01.22 19:48:46 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2008.01.22 19:45:42 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.01.22 19:45:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2008.01.22 19:45:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.12.21 11:35:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2011.04.26 01:37:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.26 01:27:29 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.26 01:27:29 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.26 01:27:29 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.26 01:27:29 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.26 01:21:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.26 01:21:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 01:21:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 01:20:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.26 01:20:50 | 3217,498,112 | -HS- | M] () -- C:\hiberfil.sys [2011.04.26 01:18:00 | 000,001,142 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000UA.job [2011.04.25 22:59:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.25 13:02:28 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job [2011.04.24 20:07:10 | 000,000,104 | -H-- | M] () -- C:\Users\Michi Mayer\Desktop\Computer - Verknüpfung (2).lnk [2011.04.24 19:15:33 | 294,390,337 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.24 19:06:20 | 000,000,392 | -H-- | M] () -- C:\ProgramData\43966216 [2011.04.24 19:04:48 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~43966216r [2011.04.24 19:04:48 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43966216 [2011.04.24 12:18:00 | 000,001,090 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000Core.job [2011.04.24 09:29:40 | 000,002,299 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini [2011.04.24 09:29:05 | 000,198,935 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001 [2011.04.22 18:35:51 | 000,312,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.19 21:18:51 | 000,002,076 | -H-- | M] () -- C:\Users\Michi Mayer\Desktop\Google Chrome.lnk [2011.04.03 17:54:47 | 000,189,952 | -H-- | M] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2011.04.25 22:59:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.24 20:07:10 | 000,000,104 | -H-- | C] () -- C:\Users\Michi Mayer\Desktop\Computer - Verknüpfung (2).lnk [2011.04.24 19:04:48 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~43966216r [2011.04.24 19:04:48 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43966216 [2011.04.24 11:00:10 | 000,000,392 | -H-- | C] () -- C:\ProgramData\43966216 [2010.09.07 17:50:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.07 17:50:11 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.05 21:34:59 | 000,000,680 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Local\d3d9caps.dat [2010.08.10 14:19:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.07 07:54:16 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.05.07 07:54:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.05.07 07:54:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.05.07 07:54:16 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2009.11.07 00:23:56 | 000,002,299 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini [2009.09.17 20:22:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 20:22:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.04 00:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.04 00:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.03.12 16:23:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.03.12 16:23:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2008.10.20 21:51:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.30 14:55:00 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008.04.22 19:16:29 | 000,000,031 | ---- | C] () -- C:\Windows\Audiocut.ini [2008.04.22 18:15:58 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySCut.dat [2008.04.20 23:45:22 | 000,088,766 | ---- | C] () -- C:\Windows\System32\mdpeaee.dll [2008.04.11 18:45:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys [2008.04.09 22:58:01 | 000,000,099 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Local\fusioncache.dat [2008.04.06 23:40:32 | 000,000,032 | -H-- | C] () -- C:\ProgramData\ezsid.dat [2008.04.06 15:31:23 | 000,189,952 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.06 13:35:21 | 000,198,935 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001 [2008.04.06 13:34:11 | 000,198,935 | -H-- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.dat [2008.01.23 04:27:40 | 000,086,016 | ---- | C] () -- C:\Windows\Hide.exe [2008.01.23 04:27:35 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2008.01.23 04:27:22 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.01.22 19:48:46 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.01.22 19:45:42 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.01.22 19:31:39 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.01.22 19:31:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2007.12.21 20:50:03 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.12.21 17:42:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.12.21 11:43:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.12.21 11:42:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.12.21 11:35:31 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.04.25 17:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 17:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 17:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 17:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 17:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 17:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 16:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 06:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,312,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004.06.05 12:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2003.03.25 06:49:02 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll [2003.03.25 06:49:02 | 000,000,761 | ---- | C] () -- C:\Windows\m3jp2k.ini [2003.03.25 06:49:02 | 000,000,714 | ---- | C] () -- C:\Windows\m3jpeg.ini [2003.03.25 06:49:02 | 000,000,702 | ---- | C] () -- C:\Windows\mmtvmj.ini [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.17 13:20:02 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.04.06 19:31:32 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Acer [2008.04.23 19:09:05 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Crazy Browser [2011.04.24 09:30:43 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Dropbox [2010.11.04 19:54:48 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\elsterformular [2011.04.01 02:42:30 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQ [2008.04.06 15:12:14 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQLite [2010.09.07 23:53:54 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\PC Suite [2010.09.07 23:44:44 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Samsung [2008.04.11 18:38:31 | 000,000,000 | -H-D | M] -- C:\Users\Michi Mayer\AppData\Roaming\TerraTec [2011.04.26 01:19:28 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.25 13:02:28 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job ========== Purity Check ========== < End of report > Und noch der 2. OTL Logfile: --------OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.04.2011 02:05:13 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Michi Mayer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 33,27 Gb Free Space | 29,79% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS
Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{192BBAE5-0F5D-4D0F-AB48-1950134ABBDA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28C0E538-BA0D-42C1-88BD-BD0D653CE4DC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2FFDB921-3176-4C3D-807B-0098AB292186}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4E9D40AC-FDF5-4C4D-A775-C3DBDB6863FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97BC1400-B926-4F5A-A112-224486B539D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5554ED1-9A2D-4B50-8177-8BF1274A3BC7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CAE3E844-C5C5-473D-9494-5DE690AAF28B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CDFA1042-310D-4293-8F23-9AFF92959C10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEF88F9E-A80F-43B1-9A33-BE6A9207C1A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EDCC1D31-370E-44C7-B3FB-F56F92568B11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6909E3-3380-4708-89D1-E44C4F1C5BC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1229780C-C88C-4C26-86BF-2C985E0D94A4}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{152A18D4-0092-4861-8334-7D3204595BED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{184B3631-8A0F-4962-B9D4-BAC2E700869D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1A215C81-6964-4D42-BD7A-9B813304ED28}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{1AB4ED0F-060A-4596-AB3B-66BBDCF69F93}" = protocol=6 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe |
"{2FA9F86E-BF69-42C0-906E-430F7A100BA9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{345B9ED8-4843-4A7E-AD53-7BB95DD339DB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{347F4B7A-70C6-4715-B4A4-F449172322C1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{42F059C4-2EAD-418C-9ED6-AFF91A149BA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{433EB33C-8F1F-48A4-9F39-16CC3EC18065}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{58325EAC-B6A2-47F9-BB97-41C257CF3A5C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5B8CA626-45C3-4C94-9739-9CA74A55EC14}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{68ADBD6B-B3EA-40E9-B725-66359B18CD84}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6CC9A0AE-29FA-483F-B6F2-539FB86F012D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{70130E7C-0309-494C-8017-729C00483829}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7C8AB690-315F-472C-AB09-5B66B9B258B1}" = protocol=17 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe |
"{7F3622DA-DF08-4B50-B982-8A8C59CDCBAE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8CDBF3C8-43A8-45CC-B476-F5F3B7F58E4A}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{8E337B85-6C9D-4D4E-94C4-23DD34BABA83}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{90D72BE9-52FA-48AE-ACCE-3B794FE739C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{916F52A4-F270-4F1D-A6BE-4474B2B424BB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{959294DA-5026-497C-8BAF-28F97369C29C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A2D07019-48B9-4BE8-B8EF-ADB6B0EF53A2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A84EAEB1-2E53-402B-B043-02EEB2E1A38F}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{AB8CADB8-59A5-48A1-9A1A-55CE6C520EFE}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{AE8CA0E4-9210-41C2-BAD3-09578DAD969A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1C686B6-2548-48DE-8113-3300D90AB38E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED85FDC4-22AE-401D-9E41-B705E865CFDF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EDDB8E53-E0DB-40A9-8CAC-373E090535B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F33B0A6F-6307-40B2-AA21-097ED10D7FFC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F538D34E-D4AE-416B-8DD0-754F699F2360}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"TCP Query User{1BFFF91D-EF69-4314-8782-44876F7EB5FD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4CC196E1-3437-428B-99B7-E22BA534EA53}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{5465294A-FF4C-4A6D-8B5E-67BE788E4FBB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{73F64C53-829C-4F50-8D5F-A7EB6506B334}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{9644BF1B-0D13-4ABB-A734-489E56161D8E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{9C31D7CF-A6D3-4048-8F18-C6A5BA3ABF18}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{9C493383-A012-4736-89A6-FFDC105C450F}C:\program files\crazy browser\crazy browser.exe" = protocol=6 | dir=in | app=c:\program files\crazy browser\crazy browser.exe |
"TCP Query User{D2F0606A-A0CE-4AB7-8371-6946AC25338B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{E70658CF-5F34-4BBC-8BF7-B2444DFFF139}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{05F653B8-AC9F-4E9C-987D-519DC5AF9C10}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{38251208-0D9F-468B-BE10-97557280C514}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{3B40CDF7-E093-43CA-A740-461E6906D056}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{5F845B05-9A72-4DA8-A4BD-72C4188FC511}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{65C21B08-CF44-44DE-B17B-84E1248EA40E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{689F2445-A4F2-4B88-A0D7-4F94556D7CDD}C:\program files\crazy browser\crazy browser.exe" = protocol=17 | dir=in | app=c:\program files\crazy browser\crazy browser.exe |
"UDP Query User{DE9DE0EF-0E42-468B-A6F5-B004A4F240CD}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{E1C27E66-0EBF-413C-BA3C-A647E330EEA9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{EDB49B04-2D9A-4F3E-BD8D-B5E3F8905CFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35B7368A-F721-46E6-B258-EA3CC11A6924}" = EXAM
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3EEE3134-24BF-4EB1-A62C-4E02C477B508}" = Firefighting Training S-130 Course
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B23FFF43-8D7C-424D-93A4-810A404E8564}_is1" = Aviation Test Prep 2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Checker2006_is1" = Checker2006
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crazy Browser 3.0.0 RC1_is1" = Crazy Browser version 3.0.0 RC1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 11.5.1.4843" = ElsterFormular
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"GermaniX Transcoder_is1" = GermaniX Transcoder LX v4.0
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP3 Cutter Joiner_is1" = MP3 Cutter Joiner 1.17
"NVIDIA Drivers" = NVIDIA Drivers
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.1a
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SeeYou_is1" = SeeYou Version 3.1
"SkyTest® Trainingssoftware für den FQ-Simulator_is1" = SkyTest® Trainingssoftware für den FQ-Simulator
"Star Alliance TravelDesk_is1" = Star Alliance TravelDesk
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.1.0
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"webKONRAD" = webKONRAD
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2011 07:15:04 | Computer Name = Michi | Source = ESENT | ID = 488
Description = WinMail (1264) WindowsMail0: Versuch, Datei "C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Mail\WindowsMail.pat" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff
verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 25.04.2011 07:15:04 | Computer Name = Michi | Source = ESENT | ID = 217
Description = WinMail (1264) WindowsMail0: Fehler (-1032) während der Sicherung
einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore).
Die Datenbank kann nicht wiederhergestellt werden.
Error - 25.04.2011 07:15:04 | Computer Name = Michi | Source = ESENT | ID = 215
Description = WinMail (1264) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 25.04.2011 18:49:27 | Computer Name = Michi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 488
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Versuch, Datei "C:\Users\Michi
Mayer\AppData\Local\Microsoft\Windows Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\DBStore\contacts.pat"
zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 217
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Fehler (-1032) während der
Sicherung einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\DBStore\contacts.edb). Die
Datenbank kann nicht wiederhergestellt werden.
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Die Sicherung wurde abgebrochen,
weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 488
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Versuch, Datei "C:\Users\Michi
Mayer\AppData\Local\Microsoft\Windows Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.pat"
zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 217
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Fehler (-1032) während der
Sicherung einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.edb). Die
Datenbank kann nicht wiederhergestellt werden.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Die Sicherung wurde abgebrochen,
weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
[ System Events ]
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7011
Description =
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7011
Description =
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7022
Description =
Error - 24.04.2011 13:28:24 | Computer Name = Michi | Source = Service Control Manager | ID = 7011
Description =
Error - 25.04.2011 06:59:16 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
Error - 25.04.2011 07:03:11 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 25.04.2011 07:03:21 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 25.04.2011 07:03:29 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 25.04.2011 07:07:58 | Computer Name = Michi | Source = Service Control Manager | ID = 7022
Description =
Error - 25.04.2011 19:21:15 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
< End of report >
So, nun bin ich etwas enttäuscht: Obwohl rkill zuvor noch nen Prozess gekillt hat und auch noch einige diese Fake-Meldungen kamen hat Malwarebytes auch im Vollscan nichts mehr gefunden! ---------- Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6443 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 26.04.2011 14:24:53 mbam-log-2011-04-26 (14-24-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 416809 Laufzeit: 1 Stunde(n), 43 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Inzwischen habe ich unhide.exe ausgeführt und es sieht erst mal wieder alles gut aus soweit ich das beurteilen kann. Dann hab ich versucht hxxp://support.kaspersky.com/downloads/utils/tdsskiller.exe laufen zu lassen. Die Installation scheint geklappt zu haben, aber dann rührt sich NIX wenn ich es starten will, weder durch Doppelklick, noch durch Start als Administrator, noch durch Intallation unter anderem Dateinamen. Bin für hilfreiche Vorschläge dankbar was ich noch tun kann, vor allem auch wie ich dann mit meiner externen Festplatte verfahren sollte. Dankeschön schon mal ;-) Auf den ersten Blick läuft das System soweit wieder ganz stabil. Probleme habe ich festgestellt bei bestimmten Uploads, und bestimmte Fehlermeldungen tauchen immer wieder auf ohne zutun. Hab Screenshots davon gemacht, weiß aber nicht wie ich die hier posten kann und ob das überhaupt von Interesse ist... So ganz dürfte das Zeug wohl nicht weg sein, falls mir jemand kompetente Hilfe anbieten kann wäre ich sehr froh! ;-) |
|
27.04.2011, 20:02
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Mach bitte ein Update mit Malwarebytes und einen neuen Vollscan, die ext. Platte vorher anschließen und im Vollscan mit einbeziehen.
__________________
__________________ |
|
27.04.2011, 22:45
| #3 |
| | Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Servus Arne,
__________________Danke Dir für den Ratschlag, werd ich spätestens morgen Mittag so probieren wie Du es geschrieben hast mit der externen Festplatte. In der Zwischenzeit habe ich mir eine 30-Tage-Test-Vollversion von Kaspersky PURE runtergeladen nachdem mir sonst nichts eingefallen ist was ich tun könnte, der ist noch fleißig am scannen, hat bisher 2 Trojaner und 2 Viren gefunden,  falls es da am Ende auch noch ein Log gibt werd ich das auch mal hier posten.Gruß aus Südbayern und vielen Dank, Michi |
|
27.04.2011, 23:05
| #4 |
| | Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Hier jetzt noch das Ergebnis von Kaspersky PURE: Status: Gelöscht (Ereignisse: 2) 27.04.2011 19:12:36 Gelöscht trojanisches Programm Trojan.Win32.Jorik.SpyEyes.kk C:\Recycle.Bin\Recycle.Bin.exe Hoch 27.04.2011 19:27:04 Gelöscht Virus Virus.Win32.TDSS.e c:\Windows\System32\drivers\volsnap.sys Hoch Frag mich zwar warum er erst 4 Gefundene Sachen anzeigt wenn in der Liste jetzt nur 2 Auftauchen, aber ich hab ja zum Glück (noch) kein Geld dafür bezahlt... |
|
28.04.2011, 01:11
| #5 |
| | Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Sodale, nach Aktualisierung Vollscan mit Malwarebytes durchgeführt inklusive externen Platte: Kaspersky hat tatsächlich nicht alles erwischt... Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6459 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 28.04.2011 01:57:51 mbam-log-2011-04-28 (01-57-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 461426 Laufzeit: 1 Stunde(n), 41 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: e:\eigene dateien\CD1\eigene dateien\Internet\piapbz.exe (PUP.Joke.Zoodesk) -> Quarantined and deleted successfully. e:\eigene dateien\Internet\downloads\divxpro502gainbundle.exe (Adware.Gain) -> Quarantined and deleted successfully. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. |
|
28.04.2011, 01:49
| #6 |
| | Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Hier die neuen OTL Logfiles: ---------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.04.2011 02:32:21 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Michi Mayer\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,69 Gb Total Space | 31,87 Gb Free Space | 28,53% Space Free | Partition Type: NTFS Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS Drive E: | 827,18 Gb Total Space | 726,24 Gb Free Space | 87,80% Space Free | Partition Type: NTFS Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\MICHIM~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Inc.) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (KiesAllShare) -- C:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe () SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (CSObjectsSrv) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (CSCrySec) -- C:\Windows\system32\DRIVERS\CSCrySec.sys (Infowatch) DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch) DRV - (KLBG) -- C:\Windows\system32\DRIVERS\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\Windows\System32\drivers\sea1unic.sys (MCCI) DRV - (sea1obex) -- C:\Windows\System32\drivers\sea1obex.sys (MCCI) DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\Windows\System32\drivers\sea1nd5.sys (MCCI) DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\sea1mgmt.sys (MCCI) DRV - (sea1mdm) -- C:\Windows\System32\drivers\sea1mdm.sys (MCCI) DRV - (sea1mdfl) -- C:\Windows\System32\drivers\sea1mdfl.sys (MCCI) DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\Windows\System32\drivers\sea1bus.sys (MCCI) DRV - (DVBUSB_0064_Sevice) -- C:\Windows\System32\drivers\USB_0064.sys () DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.***.**/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.1.0.124 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - prefs.js..network.proxy.http: "200.238.83.49" FF - prefs.js..network.proxy.http_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.29 10:36:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 10:36:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011.04.27 15:17:02 | 000,000,000 | ---D | M] [2008.07.20 15:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Extensions [2011.04.28 00:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions [2010.11.08 13:58:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.19 00:26:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\piclens@cooliris.com [2011.04.26 01:46:19 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-1.xml [2011.03.29 10:37:05 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-2.xml [2011.04.26 18:57:29 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-3.xml [2011.02.28 18:40:45 | 000,001,056 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.xml [2011.04.27 15:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.27 15:19:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2008.08.12 19:21:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008.12.09 17:12:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.04.11 19:27:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.29 10:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.11.24 11:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.03.31 03:00:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.27 15:19:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU [2009.08.28 19:13:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.06 01:47:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.06 01:47:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.06 01:47:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.06 01:47:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.06 01:47:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.26 18:49:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [ALaunch] File not found O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TerraTec Remote Control] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi Mayer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg O24 - Desktop BackupWallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell - "" = AutoRun O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{dd50489c-743b-11de-a7ae-810c884b6d38}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell - "" = AutoRun O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell\AutoRun\command - "" = E:\ICM_ML.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.27 18:41:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.27 18:41:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.27 18:41:49 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.27 18:41:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.27 18:41:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.27 18:41:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.27 18:41:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.27 18:41:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.27 18:41:44 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.27 18:41:44 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.27 18:41:44 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.27 18:41:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.27 18:41:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.27 18:41:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.27 18:41:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.27 18:41:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.27 18:41:38 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.27 18:41:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.27 18:41:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.27 18:41:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.27 18:41:35 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.27 18:41:34 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.27 18:41:34 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.27 18:41:34 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.27 18:41:33 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.27 18:41:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.27 18:41:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.27 18:41:29 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.27 18:41:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.27 18:41:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.27 18:41:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.27 18:41:27 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.27 18:41:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.27 18:41:26 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.27 18:41:26 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.27 18:41:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.27 18:41:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.27 18:41:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.27 18:41:24 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.27 15:18:09 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys [2011.04.27 15:18:09 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2011.04.27 15:15:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InfoWatch [2011.04.27 15:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE [2011.04.27 15:15:41 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2011.04.27 15:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.04.27 15:14:57 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.04.27 14:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011.04.26 18:49:08 | 000,000,000 | ---D | C] -- C:\_OTL [2011.04.25 22:59:29 | 000,000,000 | ---D | C] -- C:\Users\Michi Mayer\AppData\Roaming\Malwarebytes [2011.04.25 22:59:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.25 22:59:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.22 15:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIFC-NWCG Training [2011.04.18 20:37:17 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.18 20:37:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.18 20:37:14 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.18 20:37:14 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.18 20:37:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.18 20:36:17 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.10 09:31:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.10 09:30:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.10 09:30:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.09.07 16:34:13 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB6B8.dll [2008.01.22 19:48:46 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2008.01.22 19:45:42 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.01.22 19:45:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2008.01.22 19:45:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.12.21 11:35:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.28 02:18:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000UA.job [2011.04.28 02:11:55 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.28 02:11:55 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.28 02:11:55 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.28 02:11:55 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.28 02:07:14 | 000,002,299 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini [2011.04.28 02:06:54 | 000,198,935 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001 [2011.04.28 02:06:11 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011.04.28 02:05:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.28 02:05:26 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 02:05:26 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 02:05:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.28 02:04:34 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2011.04.28 01:37:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.27 20:09:16 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.04.27 18:42:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.27 18:42:54 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.27 18:41:52 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.27 18:41:51 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.27 18:41:49 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.27 18:41:47 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.27 18:41:47 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.27 18:41:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.27 18:41:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.27 18:41:46 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.27 18:41:44 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.27 18:41:44 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.27 18:41:44 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.27 18:41:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.27 18:41:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.27 18:41:40 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.27 18:41:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.27 18:41:39 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.27 18:41:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.27 18:41:38 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.27 18:41:38 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.27 18:41:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.27 18:41:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.27 18:41:35 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.27 18:41:34 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.27 18:41:34 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.27 18:41:34 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.27 18:41:33 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.27 18:41:30 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.27 18:41:30 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.27 18:41:29 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.27 18:41:29 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.27 18:41:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.27 18:41:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.27 18:41:27 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.27 18:41:27 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.27 18:41:26 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.27 18:41:26 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.27 18:41:25 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.27 18:41:25 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.27 18:41:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.27 18:41:24 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.27 18:12:25 | 000,115,267 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2011.04.27 18:12:24 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2011.04.27 15:32:21 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job [2011.04.27 15:14:57 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.04.27 12:18:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000Core.job [2011.04.26 18:49:13 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011.04.26 15:05:14 | 000,312,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.25 22:59:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.24 19:15:33 | 294,390,337 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.19 21:18:51 | 000,002,076 | ---- | M] () -- C:\Users\Michi Mayer\Desktop\Google Chrome.lnk [2011.04.03 17:54:47 | 000,189,952 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 18:41:39 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.27 15:19:09 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.04.27 15:19:09 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.04.25 22:59:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.07 17:50:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.07 17:50:11 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.05 21:34:59 | 000,000,680 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\d3d9caps.dat [2010.08.10 14:19:41 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.07 07:54:16 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.05.07 07:54:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.05.07 07:54:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.05.07 07:54:16 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2009.11.07 00:23:56 | 000,002,299 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini [2009.09.17 20:22:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 20:22:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009.08.04 00:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.04 00:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.03.12 16:23:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.03.12 16:23:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2008.10.20 21:51:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.30 14:55:00 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008.04.22 19:16:29 | 000,000,031 | ---- | C] () -- C:\Windows\Audiocut.ini [2008.04.22 18:15:58 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySCut.dat [2008.04.20 23:45:22 | 000,088,766 | ---- | C] () -- C:\Windows\System32\mdpeaee.dll [2008.04.11 18:45:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys [2008.04.09 22:58:01 | 000,000,099 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\fusioncache.dat [2008.04.06 23:40:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.04.06 15:31:23 | 000,189,952 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.06 13:35:21 | 000,198,935 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001 [2008.04.06 13:34:11 | 000,198,935 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.dat [2008.01.23 04:27:40 | 000,086,016 | ---- | C] () -- C:\Windows\Hide.exe [2008.01.23 04:27:35 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2008.01.23 04:27:22 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.01.22 19:48:46 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.01.22 19:45:42 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.01.22 19:31:39 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.01.22 19:31:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2007.12.21 20:50:03 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.12.21 17:42:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.12.21 11:43:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.12.21 11:42:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.12.21 11:35:31 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.04.25 17:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 17:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 17:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 17:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 17:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 17:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 16:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 06:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,312,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004.06.05 12:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2003.03.25 06:49:02 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll [2003.03.25 06:49:02 | 000,000,761 | ---- | C] () -- C:\Windows\m3jp2k.ini [2003.03.25 06:49:02 | 000,000,714 | ---- | C] () -- C:\Windows\m3jpeg.ini [2003.03.25 06:49:02 | 000,000,702 | ---- | C] () -- C:\Windows\mmtvmj.ini [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.17 13:20:02 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.04.06 19:31:32 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Acer [2008.04.23 19:09:05 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Crazy Browser [2011.04.28 02:08:20 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Dropbox [2010.11.04 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\elsterformular [2011.04.01 02:42:30 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQ [2008.04.06 15:12:14 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQLite [2010.09.07 23:53:54 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\PC Suite [2010.09.07 23:44:44 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Samsung [2008.04.11 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\TerraTec [2011.04.28 01:59:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.27 15:32:21 | 000,000,430 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job ========== Purity Check ========== < End of report > ------------------OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.04.2011 02:32:21 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Michi Mayer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 31,87 Gb Free Space | 28,53% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS
Drive E: | 827,18 Gb Total Space | 726,24 Gb Free Space | 87,80% Space Free | Partition Type: NTFS
Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{192BBAE5-0F5D-4D0F-AB48-1950134ABBDA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28C0E538-BA0D-42C1-88BD-BD0D653CE4DC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2FFDB921-3176-4C3D-807B-0098AB292186}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4E9D40AC-FDF5-4C4D-A775-C3DBDB6863FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97BC1400-B926-4F5A-A112-224486B539D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5554ED1-9A2D-4B50-8177-8BF1274A3BC7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CAE3E844-C5C5-473D-9494-5DE690AAF28B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CDFA1042-310D-4293-8F23-9AFF92959C10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEF88F9E-A80F-43B1-9A33-BE6A9207C1A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EDCC1D31-370E-44C7-B3FB-F56F92568B11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6909E3-3380-4708-89D1-E44C4F1C5BC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1229780C-C88C-4C26-86BF-2C985E0D94A4}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{152A18D4-0092-4861-8334-7D3204595BED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{184B3631-8A0F-4962-B9D4-BAC2E700869D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1A215C81-6964-4D42-BD7A-9B813304ED28}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{1AB4ED0F-060A-4596-AB3B-66BBDCF69F93}" = protocol=6 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe |
"{2FA9F86E-BF69-42C0-906E-430F7A100BA9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{345B9ED8-4843-4A7E-AD53-7BB95DD339DB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{347F4B7A-70C6-4715-B4A4-F449172322C1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{42F059C4-2EAD-418C-9ED6-AFF91A149BA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{433EB33C-8F1F-48A4-9F39-16CC3EC18065}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{58325EAC-B6A2-47F9-BB97-41C257CF3A5C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5B8CA626-45C3-4C94-9739-9CA74A55EC14}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{68ADBD6B-B3EA-40E9-B725-66359B18CD84}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6CC9A0AE-29FA-483F-B6F2-539FB86F012D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{70130E7C-0309-494C-8017-729C00483829}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7C8AB690-315F-472C-AB09-5B66B9B258B1}" = protocol=17 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe |
"{7F3622DA-DF08-4B50-B982-8A8C59CDCBAE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8CDBF3C8-43A8-45CC-B476-F5F3B7F58E4A}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{8E337B85-6C9D-4D4E-94C4-23DD34BABA83}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{90D72BE9-52FA-48AE-ACCE-3B794FE739C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{916F52A4-F270-4F1D-A6BE-4474B2B424BB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{959294DA-5026-497C-8BAF-28F97369C29C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A2D07019-48B9-4BE8-B8EF-ADB6B0EF53A2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A84EAEB1-2E53-402B-B043-02EEB2E1A38F}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{AB8CADB8-59A5-48A1-9A1A-55CE6C520EFE}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{AE8CA0E4-9210-41C2-BAD3-09578DAD969A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1C686B6-2548-48DE-8113-3300D90AB38E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED85FDC4-22AE-401D-9E41-B705E865CFDF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EDDB8E53-E0DB-40A9-8CAC-373E090535B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F33B0A6F-6307-40B2-AA21-097ED10D7FFC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F538D34E-D4AE-416B-8DD0-754F699F2360}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"TCP Query User{1BFFF91D-EF69-4314-8782-44876F7EB5FD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4CC196E1-3437-428B-99B7-E22BA534EA53}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{5465294A-FF4C-4A6D-8B5E-67BE788E4FBB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{73F64C53-829C-4F50-8D5F-A7EB6506B334}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{9644BF1B-0D13-4ABB-A734-489E56161D8E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{9C31D7CF-A6D3-4048-8F18-C6A5BA3ABF18}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{9C493383-A012-4736-89A6-FFDC105C450F}C:\program files\crazy browser\crazy browser.exe" = protocol=6 | dir=in | app=c:\program files\crazy browser\crazy browser.exe |
"TCP Query User{D2F0606A-A0CE-4AB7-8371-6946AC25338B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{E70658CF-5F34-4BBC-8BF7-B2444DFFF139}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{05F653B8-AC9F-4E9C-987D-519DC5AF9C10}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{38251208-0D9F-468B-BE10-97557280C514}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{3B40CDF7-E093-43CA-A740-461E6906D056}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{5F845B05-9A72-4DA8-A4BD-72C4188FC511}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{65C21B08-CF44-44DE-B17B-84E1248EA40E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{689F2445-A4F2-4B88-A0D7-4F94556D7CDD}C:\program files\crazy browser\crazy browser.exe" = protocol=17 | dir=in | app=c:\program files\crazy browser\crazy browser.exe |
"UDP Query User{DE9DE0EF-0E42-468B-A6F5-B004A4F240CD}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{E1C27E66-0EBF-413C-BA3C-A647E330EEA9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{EDB49B04-2D9A-4F3E-BD8D-B5E3F8905CFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35B7368A-F721-46E6-B258-EA3CC11A6924}" = EXAM
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEE3134-24BF-4EB1-A62C-4E02C477B508}" = Firefighting Training S-130 Course
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B23FFF43-8D7C-424D-93A4-810A404E8564}_is1" = Aviation Test Prep 2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Checker2006_is1" = Checker2006
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crazy Browser 3.0.0 RC1_is1" = Crazy Browser version 3.0.0 RC1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 11.5.1.4843" = ElsterFormular
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"GermaniX Transcoder_is1" = GermaniX Transcoder LX v4.0
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP3 Cutter Joiner_is1" = MP3 Cutter Joiner 1.17
"NVIDIA Drivers" = NVIDIA Drivers
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.1a
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SeeYou_is1" = SeeYou Version 3.1
"SkyTest® Trainingssoftware für den FQ-Simulator_is1" = SkyTest® Trainingssoftware für den FQ-Simulator
"Star Alliance TravelDesk_is1" = Star Alliance TravelDesk
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.1.0
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"webKONRAD" = webKONRAD
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Die Sicherung wurde abgebrochen,
weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 488
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Versuch, Datei "C:\Users\Michi
Mayer\AppData\Local\Microsoft\Windows Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.pat"
zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 217
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Fehler (-1032) während der
Sicherung einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.edb). Die
Datenbank kann nicht wiederhergestellt werden.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Die Sicherung wurde abgebrochen,
weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 26.04.2011 06:29:42 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Skype.exe, Version 5.1.0.112, Zeitstempel 0x4d4037c2,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xe0fafafa, Fehleroffset 0x00000000, Prozess-ID 0x14bc, Anwendungsstartzeit 01cc03f93c29fae1.
Error - 26.04.2011 12:49:57 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung OTL.exe, Version 3.2.22.3, Zeitstempel 0x2a425e19,
fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436, Ausnahmecode
0xc0000005, Fehleroffset 0x0004a132, Prozess-ID 0x12b4, Anwendungsstartzeit 01cc0431d236cc36.
Error - 27.04.2011 08:59:47 | Computer Name = Michi | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
Error - 27.04.2011 09:02:26 | Computer Name = Michi | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
Error - 27.04.2011 13:01:20 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x022f1860, Prozess-ID 0x1870, Anwendungsstartzeit
01cc04fc9a75d0fc.
Error - 27.04.2011 18:01:10 | Computer Name = Michi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 26.04.2011 12:49:09 | Computer Name = Michi | Source = Service Control Manager | ID = 7031
Description =
Error - 26.04.2011 12:49:09 | Computer Name = Michi | Source = Service Control Manager | ID = 7034
Description =
Error - 26.04.2011 12:52:28 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
Error - 26.04.2011 12:56:10 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 27.04.2011 05:13:55 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
Error - 27.04.2011 09:12:02 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
Error - 27.04.2011 09:12:46 | Computer Name = Michi | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 27.04.2011 13:23:17 | Computer Name = Michi | Source = Service Control Manager | ID = 7023
Description =
Error - 27.04.2011 13:26:35 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
Error - 27.04.2011 20:05:48 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
28.04.2011, 01:50
| #7 |
| | Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Hier die neuen OTL Logfiles: ---------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.04.2011 02:32:21 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Michi Mayer\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,69 Gb Total Space | 31,87 Gb Free Space | 28,53% Space Free | Partition Type: NTFS Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS Drive E: | 827,18 Gb Total Space | 726,24 Gb Free Space | 87,80% Space Free | Partition Type: NTFS Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\MICHIM~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Inc.) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Michi Mayer\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (KiesAllShare) -- C:\Programme\Samsung\Kies\WiselinkPro\WiselinkPro.exe () SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (CSObjectsSrv) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (CSCrySec) -- C:\Windows\system32\DRIVERS\CSCrySec.sys (Infowatch) DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch) DRV - (KLBG) -- C:\Windows\system32\DRIVERS\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\Windows\System32\drivers\sea1unic.sys (MCCI) DRV - (sea1obex) -- C:\Windows\System32\drivers\sea1obex.sys (MCCI) DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\Windows\System32\drivers\sea1nd5.sys (MCCI) DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\sea1mgmt.sys (MCCI) DRV - (sea1mdm) -- C:\Windows\System32\drivers\sea1mdm.sys (MCCI) DRV - (sea1mdfl) -- C:\Windows\System32\drivers\sea1mdfl.sys (MCCI) DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\Windows\System32\drivers\sea1bus.sys (MCCI) DRV - (DVBUSB_0064_Sevice) -- C:\Windows\System32\drivers\USB_0064.sys () DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.***.**/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36605 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.1.0.124 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - prefs.js..network.proxy.http: "200.238.83.49" FF - prefs.js..network.proxy.http_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.29 10:36:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 10:36:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011.04.27 15:17:02 | 000,000,000 | ---D | M] [2008.07.20 15:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Extensions [2011.04.28 00:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions [2010.11.08 13:58:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.19 00:26:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Michi Mayer\AppData\Roaming\mozilla\Firefox\Profiles\bo7380gq.default\extensions\piclens@cooliris.com [2011.04.26 01:46:19 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-1.xml [2011.03.29 10:37:05 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-2.xml [2011.04.26 18:57:29 | 000,000,950 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin-3.xml [2011.02.28 18:40:45 | 000,001,056 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\searchplugins\icqplugin.xml [2011.04.27 15:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.27 15:19:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2008.08.12 19:21:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008.12.09 17:12:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.04.11 19:27:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.29 10:09:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.11.24 11:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.03.31 03:00:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.06 02:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.07 11:21:30 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.13 08:03:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.07 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.10 09:31:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.27 15:19:18 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU [2009.08.28 19:13:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.06 01:47:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.06 01:47:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.06 01:47:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.06 01:47:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.06 01:47:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.26 18:49:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [ALaunch] File not found O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TerraTec Remote Control] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi Mayer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg O24 - Desktop BackupWallPaper: D:\Bilder\Eigene Bilder\Andere Fliegerei\Flugzeuge (Sonstige)\SASB737abovethealps-full.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell - "" = AutoRun O33 - MountPoints2\{a33621cd-70d3-11df-bcbd-f1d3a65c70a5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{dd50489c-743b-11de-a7ae-810c884b6d38}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell - "" = AutoRun O33 - MountPoints2\{f293fe57-c23b-11df-9c7f-001b24f778a3}\Shell\AutoRun\command - "" = E:\ICM_ML.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.27 18:41:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.27 18:41:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.27 18:41:49 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.27 18:41:47 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.27 18:41:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.27 18:41:47 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.27 18:41:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.27 18:41:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.27 18:41:44 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.27 18:41:44 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.27 18:41:44 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.27 18:41:42 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.27 18:41:42 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.27 18:41:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.27 18:41:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.27 18:41:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.27 18:41:38 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.27 18:41:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.27 18:41:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.27 18:41:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.27 18:41:35 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.27 18:41:34 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.27 18:41:34 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.27 18:41:34 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.27 18:41:33 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.27 18:41:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.27 18:41:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.27 18:41:29 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.27 18:41:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.27 18:41:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.27 18:41:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.27 18:41:27 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.27 18:41:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.27 18:41:26 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.27 18:41:26 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.27 18:41:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.27 18:41:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.27 18:41:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.27 18:41:24 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.27 15:18:09 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys [2011.04.27 15:18:09 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2011.04.27 15:15:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InfoWatch [2011.04.27 15:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE [2011.04.27 15:15:41 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab [2011.04.27 15:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.04.27 15:14:57 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.04.27 14:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2011.04.26 18:49:08 | 000,000,000 | ---D | C] -- C:\_OTL [2011.04.25 22:59:29 | 000,000,000 | ---D | C] -- C:\Users\Michi Mayer\AppData\Roaming\Malwarebytes [2011.04.25 22:59:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.25 22:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.25 22:59:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.22 15:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIFC-NWCG Training [2011.04.18 20:37:17 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.18 20:37:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.18 20:37:14 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.18 20:37:14 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.18 20:37:11 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.18 20:36:17 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.10 09:31:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.10 09:30:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.10 09:30:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.09.07 16:34:13 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB6B8.dll [2008.01.22 19:48:46 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2008.01.22 19:45:42 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.01.22 19:45:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2008.01.22 19:45:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.12.21 11:35:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.28 02:18:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000UA.job [2011.04.28 02:11:55 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.28 02:11:55 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.28 02:11:55 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.28 02:11:55 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.28 02:07:14 | 000,002,299 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini [2011.04.28 02:06:54 | 000,198,935 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001 [2011.04.28 02:06:11 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011.04.28 02:05:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.28 02:05:26 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 02:05:26 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 02:05:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.28 02:04:34 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2011.04.28 01:37:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.27 20:09:16 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.04.27 18:42:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.27 18:42:54 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.27 18:41:52 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.27 18:41:51 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.27 18:41:49 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.27 18:41:47 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.27 18:41:47 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.27 18:41:47 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.27 18:41:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.27 18:41:46 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.27 18:41:44 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.27 18:41:44 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.27 18:41:44 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.27 18:41:42 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.27 18:41:42 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.27 18:41:40 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.27 18:41:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.27 18:41:39 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.27 18:41:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.27 18:41:38 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.27 18:41:38 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.27 18:41:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.27 18:41:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.27 18:41:35 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.27 18:41:34 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.27 18:41:34 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.27 18:41:34 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.27 18:41:33 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.27 18:41:30 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.27 18:41:30 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.27 18:41:29 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.27 18:41:29 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.27 18:41:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.27 18:41:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.27 18:41:27 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.27 18:41:27 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.27 18:41:26 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.27 18:41:26 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.27 18:41:25 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.27 18:41:25 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.27 18:41:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.27 18:41:24 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.27 18:12:25 | 000,115,267 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2011.04.27 18:12:24 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2011.04.27 15:32:21 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job [2011.04.27 15:14:57 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2011.04.27 12:18:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000Core.job [2011.04.26 18:49:13 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011.04.26 15:05:14 | 000,312,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.25 22:59:21 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.24 19:15:33 | 294,390,337 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.19 21:18:51 | 000,002,076 | ---- | M] () -- C:\Users\Michi Mayer\Desktop\Google Chrome.lnk [2011.04.03 17:54:47 | 000,189,952 | ---- | M] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 18:41:39 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.27 15:19:09 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.04.27 15:19:09 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.04.25 22:59:21 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.07 17:50:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.07 17:50:11 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.05 21:34:59 | 000,000,680 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\d3d9caps.dat [2010.08.10 14:19:41 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.07 07:54:16 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.05.07 07:54:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.05.07 07:54:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.05.07 07:54:16 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2009.11.07 00:23:56 | 000,002,299 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\acervcmtmp.ini [2009.09.17 20:22:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 20:22:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009.08.04 00:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.04 00:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.03.12 16:23:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.03.12 16:23:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2008.10.20 21:51:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.30 14:55:00 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2008.04.22 19:16:29 | 000,000,031 | ---- | C] () -- C:\Windows\Audiocut.ini [2008.04.22 18:15:58 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySCut.dat [2008.04.20 23:45:22 | 000,088,766 | ---- | C] () -- C:\Windows\System32\mdpeaee.dll [2008.04.11 18:45:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys [2008.04.09 22:58:01 | 000,000,099 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\fusioncache.dat [2008.04.06 23:40:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.04.06 15:31:23 | 000,189,952 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.06 13:35:21 | 000,198,935 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.001 [2008.04.06 13:34:11 | 000,198,935 | ---- | C] () -- C:\Users\Michi Mayer\AppData\Roaming\nvModes.dat [2008.01.23 04:27:40 | 000,086,016 | ---- | C] () -- C:\Windows\Hide.exe [2008.01.23 04:27:35 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2008.01.23 04:27:22 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.01.22 19:48:46 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.01.22 19:45:42 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.01.22 19:31:39 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.01.22 19:31:39 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2007.12.21 20:50:03 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.12.21 17:42:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.12.21 11:43:39 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.12.21 11:42:55 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.12.21 11:35:31 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.04.25 17:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 17:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 17:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 17:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 17:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 17:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 16:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 06:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 17:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,312,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2004.06.05 12:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2003.03.25 06:49:02 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll [2003.03.25 06:49:02 | 000,000,761 | ---- | C] () -- C:\Windows\m3jp2k.ini [2003.03.25 06:49:02 | 000,000,714 | ---- | C] () -- C:\Windows\m3jpeg.ini [2003.03.25 06:49:02 | 000,000,702 | ---- | C] () -- C:\Windows\mmtvmj.ini [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.17 13:20:02 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2008.04.06 19:31:32 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Acer [2008.04.23 19:09:05 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Crazy Browser [2011.04.28 02:08:20 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Dropbox [2010.11.04 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\elsterformular [2011.04.01 02:42:30 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQ [2008.04.06 15:12:14 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\ICQLite [2010.09.07 23:53:54 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\PC Suite [2010.09.07 23:44:44 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\Samsung [2008.04.11 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Michi Mayer\AppData\Roaming\TerraTec [2011.04.28 01:59:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.27 15:32:21 | 000,000,430 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B0923A9E-50D5-4057-A137-0ACEE04E2344}.job ========== Purity Check ========== < End of report > ------------------OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.04.2011 02:32:21 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Michi Mayer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,69 Gb Total Space | 31,87 Gb Free Space | 28,53% Space Free | Partition Type: NTFS
Drive D: | 108,19 Gb Total Space | 10,11 Gb Free Space | 9,34% Space Free | Partition Type: NTFS
Drive E: | 827,18 Gb Total Space | 726,24 Gb Free Space | 87,80% Space Free | Partition Type: NTFS
Computer Name: MICHI | User Name: Michi Mayer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{192BBAE5-0F5D-4D0F-AB48-1950134ABBDA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28C0E538-BA0D-42C1-88BD-BD0D653CE4DC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2FFDB921-3176-4C3D-807B-0098AB292186}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4E9D40AC-FDF5-4C4D-A775-C3DBDB6863FA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97BC1400-B926-4F5A-A112-224486B539D9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5554ED1-9A2D-4B50-8177-8BF1274A3BC7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CAE3E844-C5C5-473D-9494-5DE690AAF28B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CDFA1042-310D-4293-8F23-9AFF92959C10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CEF88F9E-A80F-43B1-9A33-BE6A9207C1A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EDCC1D31-370E-44C7-B3FB-F56F92568B11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6909E3-3380-4708-89D1-E44C4F1C5BC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1229780C-C88C-4C26-86BF-2C985E0D94A4}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{152A18D4-0092-4861-8334-7D3204595BED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{184B3631-8A0F-4962-B9D4-BAC2E700869D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1A215C81-6964-4D42-BD7A-9B813304ED28}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{1AB4ED0F-060A-4596-AB3B-66BBDCF69F93}" = protocol=6 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe |
"{2FA9F86E-BF69-42C0-906E-430F7A100BA9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{345B9ED8-4843-4A7E-AD53-7BB95DD339DB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{347F4B7A-70C6-4715-B4A4-F449172322C1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{42F059C4-2EAD-418C-9ED6-AFF91A149BA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{433EB33C-8F1F-48A4-9F39-16CC3EC18065}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{58325EAC-B6A2-47F9-BB97-41C257CF3A5C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5B8CA626-45C3-4C94-9739-9CA74A55EC14}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{68ADBD6B-B3EA-40E9-B725-66359B18CD84}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6CC9A0AE-29FA-483F-B6F2-539FB86F012D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{70130E7C-0309-494C-8017-729C00483829}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7C8AB690-315F-472C-AB09-5B66B9B258B1}" = protocol=17 | dir=in | app=c:\users\michi mayer\appdata\roaming\dropbox\bin\dropbox.exe |
"{7F3622DA-DF08-4B50-B982-8A8C59CDCBAE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8CDBF3C8-43A8-45CC-B476-F5F3B7F58E4A}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{8E337B85-6C9D-4D4E-94C4-23DD34BABA83}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{90D72BE9-52FA-48AE-ACCE-3B794FE739C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{916F52A4-F270-4F1D-A6BE-4474B2B424BB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{959294DA-5026-497C-8BAF-28F97369C29C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A2D07019-48B9-4BE8-B8EF-ADB6B0EF53A2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A84EAEB1-2E53-402B-B043-02EEB2E1A38F}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{AB8CADB8-59A5-48A1-9A1A-55CE6C520EFE}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{AE8CA0E4-9210-41C2-BAD3-09578DAD969A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E1C686B6-2548-48DE-8113-3300D90AB38E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED85FDC4-22AE-401D-9E41-B705E865CFDF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EDDB8E53-E0DB-40A9-8CAC-373E090535B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F33B0A6F-6307-40B2-AA21-097ED10D7FFC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F538D34E-D4AE-416B-8DD0-754F699F2360}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"TCP Query User{1BFFF91D-EF69-4314-8782-44876F7EB5FD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4CC196E1-3437-428B-99B7-E22BA534EA53}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{5465294A-FF4C-4A6D-8B5E-67BE788E4FBB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{73F64C53-829C-4F50-8D5F-A7EB6506B334}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{9644BF1B-0D13-4ABB-A734-489E56161D8E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{9C31D7CF-A6D3-4048-8F18-C6A5BA3ABF18}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{9C493383-A012-4736-89A6-FFDC105C450F}C:\program files\crazy browser\crazy browser.exe" = protocol=6 | dir=in | app=c:\program files\crazy browser\crazy browser.exe |
"TCP Query User{D2F0606A-A0CE-4AB7-8371-6946AC25338B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{E70658CF-5F34-4BBC-8BF7-B2444DFFF139}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{05F653B8-AC9F-4E9C-987D-519DC5AF9C10}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{38251208-0D9F-468B-BE10-97557280C514}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{3B40CDF7-E093-43CA-A740-461E6906D056}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{5F845B05-9A72-4DA8-A4BD-72C4188FC511}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{65C21B08-CF44-44DE-B17B-84E1248EA40E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{689F2445-A4F2-4B88-A0D7-4F94556D7CDD}C:\program files\crazy browser\crazy browser.exe" = protocol=17 | dir=in | app=c:\program files\crazy browser\crazy browser.exe |
"UDP Query User{DE9DE0EF-0E42-468B-A6F5-B004A4F240CD}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{E1C27E66-0EBF-413C-BA3C-A647E330EEA9}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{EDB49B04-2D9A-4F3E-BD8D-B5E3F8905CFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{35B7368A-F721-46E6-B258-EA3CC11A6924}" = EXAM
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EEE3134-24BF-4EB1-A62C-4E02C477B508}" = Firefighting Training S-130 Course
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}" = Orion
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B23FFF43-8D7C-424D-93A4-810A404E8564}_is1" = Aviation Test Prep 2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Checker2006_is1" = Checker2006
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Crazy Browser 3.0.0 RC1_is1" = Crazy Browser version 3.0.0 RC1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 11.5.1.4843" = ElsterFormular
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"GermaniX Transcoder_is1" = GermaniX Transcoder LX v4.0
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP3 Cutter Joiner_is1" = MP3 Cutter Joiner 1.17
"NVIDIA Drivers" = NVIDIA Drivers
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.1a
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SeeYou_is1" = SeeYou Version 3.1
"SkyTest® Trainingssoftware für den FQ-Simulator_is1" = SkyTest® Trainingssoftware für den FQ-Simulator
"Star Alliance TravelDesk_is1" = Star Alliance TravelDesk
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.1.0
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"webKONRAD" = webKONRAD
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2011 19:06:39 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (2732) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{67534f40-20bd-40d2-89c6-2770d0d669aa}\: Die Sicherung wurde abgebrochen,
weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 488
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Versuch, Datei "C:\Users\Michi
Mayer\AppData\Local\Microsoft\Windows Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.pat"
zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.
Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 217
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Fehler (-1032) während der
Sicherung einer Datenbank (Datei C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\DBStore\contacts.edb). Die
Datenbank kann nicht wiederhergestellt werden.
Error - 25.04.2011 19:28:56 | Computer Name = Michi | Source = ESENT | ID = 215
Description = wlcomm (5444) C:\Users\Michi Mayer\AppData\Local\Microsoft\Windows
Live Contacts\{eaa655d4-c163-4926-ada7-5deb44227855}\: Die Sicherung wurde abgebrochen,
weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 26.04.2011 06:29:42 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Skype.exe, Version 5.1.0.112, Zeitstempel 0x4d4037c2,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xe0fafafa, Fehleroffset 0x00000000, Prozess-ID 0x14bc, Anwendungsstartzeit 01cc03f93c29fae1.
Error - 26.04.2011 12:49:57 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung OTL.exe, Version 3.2.22.3, Zeitstempel 0x2a425e19,
fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436, Ausnahmecode
0xc0000005, Fehleroffset 0x0004a132, Prozess-ID 0x12b4, Anwendungsstartzeit 01cc0431d236cc36.
Error - 27.04.2011 08:59:47 | Computer Name = Michi | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
Error - 27.04.2011 09:02:26 | Computer Name = Michi | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
Error - 27.04.2011 13:01:20 | Computer Name = Michi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b14e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x022f1860, Prozess-ID 0x1870, Anwendungsstartzeit
01cc04fc9a75d0fc.
Error - 27.04.2011 18:01:10 | Computer Name = Michi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 26.04.2011 12:49:09 | Computer Name = Michi | Source = Service Control Manager | ID = 7031
Description =
Error - 26.04.2011 12:49:09 | Computer Name = Michi | Source = Service Control Manager | ID = 7034
Description =
Error - 26.04.2011 12:52:28 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
Error - 26.04.2011 12:56:10 | Computer Name = Michi | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 27.04.2011 05:13:55 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
Error - 27.04.2011 09:12:02 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
Error - 27.04.2011 09:12:46 | Computer Name = Michi | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 27.04.2011 13:23:17 | Computer Name = Michi | Source = Service Control Manager | ID = 7023
Description =
Error - 27.04.2011 13:26:35 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
Error - 27.04.2011 20:05:48 | Computer Name = Michi | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
28.04.2011, 02:02
| #8 |
| | Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Inzwischen funktioniert auch plötzlich der TDSSKiller (Liegt das daran dass ich Kaspersky PURE installiert habe oder hat der Virus das vorher verhindert?) Hat aber nix gefunden, hier der Report davon: ---------- 2011/04/28 02:58:18.0800 4692 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/28 02:58:19.0190 4692 ================================================================================ 2011/04/28 02:58:19.0190 4692 SystemInfo: 2011/04/28 02:58:19.0190 4692 2011/04/28 02:58:19.0190 4692 OS Version: 6.0.6002 ServicePack: 2.0 2011/04/28 02:58:19.0190 4692 Product type: Workstation 2011/04/28 02:58:19.0190 4692 ComputerName: MICHI 2011/04/28 02:58:19.0190 4692 UserName: Michi Mayer 2011/04/28 02:58:19.0190 4692 Windows directory: C:\Windows 2011/04/28 02:58:19.0190 4692 System windows directory: C:\Windows 2011/04/28 02:58:19.0190 4692 Processor architecture: Intel x86 2011/04/28 02:58:19.0190 4692 Number of processors: 2 2011/04/28 02:58:19.0190 4692 Page size: 0x1000 2011/04/28 02:58:19.0190 4692 Boot type: Normal boot 2011/04/28 02:58:19.0190 4692 ================================================================================ 2011/04/28 02:58:19.0534 4692 Initialize success 2011/04/28 02:58:22.0279 5760 ================================================================================ 2011/04/28 02:58:22.0279 5760 Scan started 2011/04/28 02:58:22.0279 5760 Mode: Manual; 2011/04/28 02:58:22.0279 5760 ================================================================================ 2011/04/28 02:58:22.0856 5760 A310 (97bd2e0ac8484705fcbe88aa006f0a94) C:\Windows\system32\DRIVERS\AVerA310USB.sys 2011/04/28 02:58:22.0934 5760 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/04/28 02:58:22.0981 5760 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/04/28 02:58:23.0059 5760 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/04/28 02:58:23.0106 5760 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/04/28 02:58:23.0122 5760 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/04/28 02:58:23.0215 5760 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/04/28 02:58:23.0309 5760 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/04/28 02:58:23.0371 5760 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/28 02:58:23.0449 5760 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/04/28 02:58:23.0480 5760 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/04/28 02:58:23.0527 5760 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/04/28 02:58:23.0574 5760 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/04/28 02:58:23.0605 5760 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/04/28 02:58:23.0652 5760 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/04/28 02:58:23.0699 5760 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/04/28 02:58:23.0792 5760 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/28 02:58:23.0839 5760 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/04/28 02:58:23.0933 5760 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/28 02:58:23.0964 5760 BDASwCap (9805c435f9f58e782bffbdd623daa007) C:\Windows\system32\drivers\AVerA310Cap.sys 2011/04/28 02:58:24.0026 5760 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/28 02:58:24.0136 5760 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/28 02:58:24.0167 5760 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/28 02:58:24.0198 5760 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/28 02:58:24.0229 5760 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/28 02:58:24.0245 5760 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/28 02:58:24.0292 5760 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/28 02:58:24.0307 5760 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/28 02:58:24.0338 5760 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/28 02:58:24.0448 5760 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/28 02:58:24.0510 5760 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/28 02:58:24.0572 5760 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 2011/04/28 02:58:24.0650 5760 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/04/28 02:58:24.0744 5760 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/28 02:58:24.0791 5760 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/04/28 02:58:24.0853 5760 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/28 02:58:24.0884 5760 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/04/28 02:58:24.0916 5760 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/04/28 02:58:24.0994 5760 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\Windows\system32\DRIVERS\CSCrySec.sys 2011/04/28 02:58:25.0087 5760 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys 2011/04/28 02:58:25.0150 5760 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/04/28 02:58:25.0228 5760 dgderdrv (3be1651c63954067940e7f473498ad70) C:\Windows\system32\drivers\dgderdrv.sys 2011/04/28 02:58:25.0368 5760 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/04/28 02:58:25.0415 5760 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 2011/04/28 02:58:25.0477 5760 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/28 02:58:25.0540 5760 DVBUSB_0064_Sevice (e02bf27b7660714357fd8db4c0b74d7c) C:\Windows\system32\DRIVERS\usb_0064.sys 2011/04/28 02:58:25.0602 5760 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/28 02:58:25.0649 5760 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/28 02:58:25.0742 5760 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/04/28 02:58:25.0852 5760 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/04/28 02:58:26.0132 5760 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/04/28 02:58:26.0210 5760 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/04/28 02:58:26.0273 5760 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/28 02:58:26.0335 5760 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/28 02:58:26.0366 5760 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/28 02:58:26.0398 5760 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/28 02:58:26.0460 5760 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/04/28 02:58:26.0554 5760 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys 2011/04/28 02:58:26.0632 5760 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS 2011/04/28 02:58:26.0694 5760 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/28 02:58:26.0741 5760 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/28 02:58:26.0834 5760 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/28 02:58:26.0912 5760 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/28 02:58:26.0959 5760 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/28 02:58:27.0022 5760 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 2011/04/28 02:58:27.0068 5760 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/28 02:58:27.0115 5760 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/04/28 02:58:27.0146 5760 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/04/28 02:58:27.0209 5760 HSF_DPV (347385d69c15e3d045aa1cb46e4cb86d) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/04/28 02:58:27.0271 5760 HSXHWAZL (919337d853703267da203e79a0ac1f2b) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/04/28 02:58:27.0334 5760 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/04/28 02:58:27.0365 5760 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/04/28 02:58:27.0427 5760 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/28 02:58:27.0490 5760 iaStor (5df93509037399b53d3ecaa8a67b6c58) C:\Windows\system32\DRIVERS\iaStor.sys 2011/04/28 02:58:27.0536 5760 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/04/28 02:58:27.0630 5760 IDSvix86 (78432a57d085328cf8baf125985425d2) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys 2011/04/28 02:58:27.0802 5760 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/28 02:58:27.0895 5760 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys 2011/04/28 02:58:28.0036 5760 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/28 02:58:28.0114 5760 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/28 02:58:28.0160 5760 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/28 02:58:28.0254 5760 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/28 02:58:28.0316 5760 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/28 02:58:28.0363 5760 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/28 02:58:28.0379 5760 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/04/28 02:58:28.0441 5760 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/28 02:58:28.0472 5760 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/28 02:58:28.0504 5760 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/28 02:58:28.0550 5760 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/28 02:58:28.0613 5760 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/28 02:58:28.0831 5760 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys 2011/04/28 02:58:28.0878 5760 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\DRIVERS\klbg.sys 2011/04/28 02:58:28.0940 5760 KLIF (723f185c945c0a6d2e21c2bb26a46fe7) C:\Windows\system32\DRIVERS\klif.sys 2011/04/28 02:58:28.0972 5760 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys 2011/04/28 02:58:29.0003 5760 klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys 2011/04/28 02:58:29.0081 5760 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/28 02:58:29.0174 5760 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/28 02:58:29.0252 5760 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/28 02:58:29.0268 5760 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/28 02:58:29.0299 5760 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/28 02:58:29.0362 5760 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/28 02:58:29.0424 5760 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/04/28 02:58:29.0455 5760 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/04/28 02:58:29.0518 5760 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/28 02:58:29.0580 5760 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/28 02:58:29.0627 5760 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/28 02:58:29.0674 5760 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/28 02:58:29.0752 5760 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/28 02:58:29.0814 5760 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/04/28 02:58:29.0876 5760 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/28 02:58:29.0908 5760 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/28 02:58:29.0970 5760 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/28 02:58:30.0017 5760 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/28 02:58:30.0064 5760 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/28 02:58:30.0079 5760 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/28 02:58:30.0110 5760 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/04/28 02:58:30.0142 5760 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/04/28 02:58:30.0204 5760 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/28 02:58:30.0266 5760 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/28 02:58:30.0329 5760 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/28 02:58:30.0360 5760 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/28 02:58:30.0407 5760 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/28 02:58:30.0469 5760 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/04/28 02:58:30.0516 5760 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/28 02:58:30.0547 5760 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/28 02:58:30.0578 5760 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/04/28 02:58:30.0656 5760 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/28 02:58:30.0750 5760 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/04/28 02:58:30.0812 5760 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/28 02:58:30.0875 5760 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/28 02:58:30.0937 5760 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/28 02:58:31.0000 5760 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/28 02:58:31.0031 5760 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/28 02:58:31.0109 5760 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/28 02:58:31.0265 5760 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/04/28 02:58:31.0405 5760 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys 2011/04/28 02:58:31.0452 5760 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/28 02:58:31.0514 5760 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/04/28 02:58:31.0577 5760 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/28 02:58:31.0670 5760 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/04/28 02:58:31.0717 5760 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 2011/04/28 02:58:31.0748 5760 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/28 02:58:31.0826 5760 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys 2011/04/28 02:58:31.0858 5760 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/28 02:58:32.0092 5760 nvlddmkm (fd0ee4fa45ff58f6c9932b4265a83ba4) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/28 02:58:32.0185 5760 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/04/28 02:58:32.0216 5760 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/04/28 02:58:32.0232 5760 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/04/28 02:58:32.0357 5760 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/28 02:58:32.0466 5760 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/28 02:58:32.0528 5760 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/04/28 02:58:32.0560 5760 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/28 02:58:32.0622 5760 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 2011/04/28 02:58:32.0684 5760 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/04/28 02:58:32.0731 5760 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2011/04/28 02:58:32.0794 5760 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/28 02:58:32.0872 5760 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/28 02:58:32.0996 5760 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/28 02:58:33.0028 5760 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/04/28 02:58:33.0106 5760 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/28 02:58:33.0137 5760 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys 2011/04/28 02:58:33.0168 5760 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys 2011/04/28 02:58:33.0199 5760 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys 2011/04/28 02:58:33.0262 5760 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/04/28 02:58:33.0293 5760 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/28 02:58:33.0355 5760 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/28 02:58:33.0418 5760 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/28 02:58:33.0480 5760 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/28 02:58:33.0542 5760 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/28 02:58:33.0605 5760 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/28 02:58:33.0667 5760 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/28 02:58:33.0730 5760 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/28 02:58:33.0808 5760 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/04/28 02:58:33.0839 5760 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/28 02:58:33.0870 5760 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/04/28 02:58:33.0948 5760 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/04/28 02:58:33.0979 5760 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/04/28 02:58:34.0026 5760 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/04/28 02:58:34.0104 5760 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/28 02:58:34.0166 5760 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys 2011/04/28 02:58:34.0229 5760 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys 2011/04/28 02:58:34.0260 5760 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys 2011/04/28 02:58:34.0307 5760 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys 2011/04/28 02:58:34.0338 5760 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys 2011/04/28 02:58:34.0354 5760 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys 2011/04/28 02:58:34.0385 5760 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys 2011/04/28 02:58:34.0447 5760 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/28 02:58:34.0525 5760 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/04/28 02:58:34.0572 5760 sea1bus (d2654321192037bae90204e2fa6697ce) C:\Windows\system32\DRIVERS\sea1bus.sys 2011/04/28 02:58:34.0634 5760 sea1mdfl (8146d9ec5142bd364956d3807f09ca9a) C:\Windows\system32\DRIVERS\sea1mdfl.sys 2011/04/28 02:58:34.0681 5760 sea1mdm (afe065da777dc4408c64df5c87472bb9) C:\Windows\system32\DRIVERS\sea1mdm.sys 2011/04/28 02:58:34.0744 5760 sea1mgmt (a0bbd60222ad053d52f3a5c4f79904c7) C:\Windows\system32\DRIVERS\sea1mgmt.sys 2011/04/28 02:58:34.0790 5760 sea1nd5 (6549babfc3362f1621a8c0eff288fb14) C:\Windows\system32\DRIVERS\sea1nd5.sys 2011/04/28 02:58:34.0837 5760 sea1obex (957510ab44e84497733f53322351f6e8) C:\Windows\system32\DRIVERS\sea1obex.sys 2011/04/28 02:58:34.0853 5760 sea1unic (c1517e6a7ce1191ab076472bdf1b0e6e) C:\Windows\system32\DRIVERS\sea1unic.sys 2011/04/28 02:58:34.0915 5760 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/28 02:58:34.0962 5760 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/28 02:58:34.0978 5760 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/28 02:58:35.0009 5760 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/28 02:58:35.0087 5760 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/04/28 02:58:35.0102 5760 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/28 02:58:35.0165 5760 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/04/28 02:58:35.0180 5760 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/28 02:58:35.0243 5760 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/04/28 02:58:35.0274 5760 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/04/28 02:58:35.0321 5760 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/04/28 02:58:35.0383 5760 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/04/28 02:58:35.0492 5760 SNP2UVC (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys 2011/04/28 02:58:35.0570 5760 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/28 02:58:35.0633 5760 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/04/28 02:58:35.0711 5760 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/28 02:58:35.0742 5760 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/28 02:58:35.0804 5760 sscebus (b2063ce662af3ab20045121a5b716df6) C:\Windows\system32\DRIVERS\sscebus.sys 2011/04/28 02:58:35.0867 5760 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\Windows\system32\DRIVERS\sscemdfl.sys 2011/04/28 02:58:35.0929 5760 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\Windows\system32\DRIVERS\sscemdm.sys 2011/04/28 02:58:36.0038 5760 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/28 02:58:36.0101 5760 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/28 02:58:36.0148 5760 SymEvent (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS 2011/04/28 02:58:36.0179 5760 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/28 02:58:36.0210 5760 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/28 02:58:36.0257 5760 SynTP (c5f25d490d0915732508fd421bf76d93) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/28 02:58:36.0366 5760 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/04/28 02:58:36.0413 5760 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/28 02:58:36.0475 5760 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/28 02:58:36.0522 5760 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/28 02:58:36.0553 5760 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/28 02:58:36.0616 5760 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/28 02:58:36.0662 5760 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/28 02:58:36.0740 5760 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/28 02:58:36.0803 5760 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/28 02:58:36.0850 5760 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/28 02:58:36.0896 5760 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/04/28 02:58:36.0959 5760 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/28 02:58:37.0006 5760 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/28 02:58:37.0052 5760 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/04/28 02:58:37.0084 5760 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/28 02:58:37.0115 5760 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/28 02:58:37.0162 5760 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/28 02:58:37.0240 5760 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/04/28 02:58:37.0286 5760 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/28 02:58:37.0318 5760 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/28 02:58:37.0364 5760 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/28 02:58:37.0427 5760 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/28 02:58:37.0458 5760 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/28 02:58:37.0505 5760 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/28 02:58:37.0552 5760 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/28 02:58:37.0583 5760 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/28 02:58:37.0630 5760 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/28 02:58:37.0708 5760 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/28 02:58:37.0754 5760 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/28 02:58:37.0801 5760 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/28 02:58:37.0832 5760 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/04/28 02:58:37.0879 5760 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/04/28 02:58:37.0895 5760 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/04/28 02:58:37.0957 5760 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/28 02:58:38.0035 5760 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/04/28 02:58:38.0082 5760 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/04/28 02:58:38.0129 5760 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/04/28 02:58:38.0160 5760 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/28 02:58:38.0222 5760 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/28 02:58:38.0238 5760 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/28 02:58:38.0285 5760 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/04/28 02:58:38.0347 5760 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/28 02:58:38.0456 5760 winachsf (3344b5c3209e538291398ff12f895155) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/04/28 02:58:38.0488 5760 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys 2011/04/28 02:58:38.0581 5760 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys 2011/04/28 02:58:38.0644 5760 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/28 02:58:38.0737 5760 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/28 02:58:38.0815 5760 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/28 02:58:38.0893 5760 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/28 02:58:38.0956 5760 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys 2011/04/28 02:58:39.0034 5760 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl 2011/04/28 02:58:39.0112 5760 ================================================================================ 2011/04/28 02:58:39.0112 5760 Scan finished 2011/04/28 02:58:39.0112 5760 ================================================================================ |
|
28.04.2011, 14:58
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
29.04.2011, 14:34
| #10 |
| | Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Servus Arne, Danke nochmal für Deine Hilfe! Habe jetzt CoboFix laufen lassen und das Log dazu. Ist noch irgendwas weiteres zu tun? Schöne Grüße, Michi ----------------------Combofix Logfile: Code:
ATTFilter ComboFix 11-04-28.03 - Michi Mayer 29.04.2011 14:56:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.2008 [GMT 2:00]
ausgeführt von:: c:\users\Michi Mayer\Downloads\Cufi.exe
AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeB6B8.dll
c:\windows\hide.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-28 bis 2011-04-29 ))))))))))))))))))))))))))))))
.
.
2011-04-29 13:06 . 2011-04-29 13:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-29 08:35 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99FB70AE-3DC1-4D4A-A004-A0239D215B7F}\mpengine.dll
2011-04-28 10:03 . 2009-04-11 06:32 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-04-27 22:01 . 2011-04-27 22:01 1186056 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-27 13:19 . 2010-10-01 20:05 162392 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-04-27 13:19 . 2011-04-27 16:12 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-04-27 13:19 . 2011-04-27 16:12 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-04-27 13:18 . 2009-12-14 10:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-04-27 13:18 . 2009-12-14 10:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-04-27 13:15 . 2011-04-27 13:15 -------- d-----w- c:\program files\Common Files\InfoWatch
2011-04-27 13:15 . 2011-04-27 13:15 -------- d-----w- c:\program files\Kaspersky Lab
2011-04-27 13:15 . 2011-04-29 08:28 -------- d-----w- c:\programdata\Kaspersky Lab
2011-04-27 13:09 . 2011-04-27 13:09 -------- d-----w- C:\kleaner.tmp
2011-04-27 12:53 . 2011-04-27 12:53 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-04-26 16:49 . 2011-04-27 22:01 -------- d-----w- C:\_OTL
2011-04-25 20:59 . 2011-04-25 20:59 -------- d-----w- c:\users\Michi Mayer\AppData\Roaming\Malwarebytes
2011-04-25 20:59 . 2011-04-25 20:59 -------- d-----w- c:\programdata\Malwarebytes
2011-04-25 20:59 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 20:59 . 2011-04-25 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-22 13:00 . 2000-01-04 04:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-04-18 18:36 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-18 18:36 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-18 18:36 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 14:13 . 2011-03-27 17:18 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-27 17:18 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-27 17:18 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 19:40 . 2010-05-06 00:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-03 09:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michi Mayer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michi Mayer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Michi Mayer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 20:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-10-27 3365176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 4702208]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-12-14 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-12-05 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-14 174616]
"TerraTec Remote Control"="c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe" [2006-12-07 1032192]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Skytel"="Skytel.exe" [2007-12-14 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
.
c:\users\Michi Mayer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michi Mayer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-17 23343848]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-27 97680]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-1-22 1216512]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-21 535336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 135664]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2007-07-10 26368]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2007-07-10 42240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 135664]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-11-21 202872]
R3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [2010-05-04 9241088]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2007-01-04 61536]
R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2007-01-04 9360]
R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2007-01-04 97088]
R3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sea1mgmt.sys [2007-01-04 88624]
R3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\DRIVERS\sea1nd5.sys [2007-01-04 18704]
R3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\sea1obex.sys [2007-01-04 86432]
R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2007-01-04 90800]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-12-05 41456]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-12-14 179712]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 18120]
S3 DVBUSB_0064_Sevice;Cinergy S USB service;c:\windows\system32\DRIVERS\usb_0064.sys [2006-12-29 98304]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-05-01 36640]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-12-14 43008]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 02:10]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 02:10]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000Core.job
- c:\users\Michi Mayer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-18 10:50]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1813840738-645344233-2856780986-1000UA.job
- c:\users\Michi Mayer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-18 10:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.***.**/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! Deutschland
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Michi Mayer\AppData\Roaming\Mozilla\Firefox\Profiles\bo7380gq.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.***.**/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Acer Tour Reminder - (no file)
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-29 15:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-29 15:11:34
ComboFix-quarantined-files.txt 2011-04-29 13:11
.
Vor Suchlauf: 24 Verzeichnis(se), 36.563.988.480 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 37.825.474.560 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DAA5536AB81949236D66B0E178F1A056
|
|
29.04.2011, 20:24
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
29.04.2011, 21:11
| #12 |
| | Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Oooookay... GMER ist beim ersten Versuch während des Ausführens irgendwann abgestürzt, beim zweiten Versuch ist gleich am Anfang der ganze PC abgestürzt und musste neu booten. OSAM will sich irgendwie schon gar nicht richtig entpacken, geschweige denn ausführen lassen. MBRCheck hat irgendeine Meldung mit "Unknown MBR Code" usw. ausgegeben wonach ich schon dachte das funktioniert auch nicht, es war dann aber dennoch das .txt Dokument da: ------------ MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Acer, Inc. BIOS Manufacturer: Acer System Manufacturer: Acer, inc. System Product Name: Aspire 5920G Logical Drives Mask: 0x0000002c Kernel Drivers (total 175): 0x82840000 \SystemRoot\system32\ntkrnlpa.exe 0x8280D000 \SystemRoot\system32\hal.dll 0x80608000 \SystemRoot\system32\kdcom.dll 0x8060F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8067F000 \SystemRoot\system32\PSHED.dll 0x80690000 \SystemRoot\system32\BOOTVID.dll 0x80698000 \SystemRoot\system32\CLFS.SYS 0x806D9000 \SystemRoot\system32\CI.dll 0x82E00000 \SystemRoot\system32\drivers\Wdf01000.sys 0x82E7C000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x82E89000 \SystemRoot\system32\drivers\acpi.sys 0x82ECF000 \SystemRoot\system32\drivers\WMILIB.SYS 0x82ED8000 \SystemRoot\system32\drivers\msisadrv.sys 0x82EE0000 \SystemRoot\system32\drivers\pci.sys 0x82F07000 \SystemRoot\system32\DRIVERS\CSCrySec.sys 0x82F1B000 \SystemRoot\System32\drivers\partmgr.sys 0x82F2A000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x82F2D000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x82F37000 \SystemRoot\system32\drivers\volmgr.sys 0x82F46000 \SystemRoot\System32\drivers\volmgrx.sys 0x82F90000 \SystemRoot\system32\drivers\intelide.sys 0x82F97000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x82FA5000 \SystemRoot\System32\drivers\mountmgr.sys 0x8AA0A000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8AAC8000 \SystemRoot\system32\drivers\atapi.sys 0x8AAD0000 \SystemRoot\system32\drivers\ataport.SYS 0x8AAEE000 \SystemRoot\system32\drivers\fltmgr.sys 0x8AB20000 \SystemRoot\system32\drivers\fileinfo.sys 0x8AB30000 \SystemRoot\system32\DRIVERS\psdfilter.sys 0x8AB39000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8AC0D000 \SystemRoot\system32\drivers\ndis.sys 0x8AD18000 \SystemRoot\system32\drivers\msrpc.sys 0x8AD43000 \SystemRoot\system32\drivers\NETIO.SYS 0x8AE07000 \SystemRoot\System32\drivers\tcpip.sys 0x8AEF1000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B006000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B116000 \SystemRoot\system32\drivers\volsnap.sys 0x8B14F000 \SystemRoot\System32\Drivers\spldr.sys 0x8B157000 \SystemRoot\system32\drivers\psdvdisk.sys 0x8B169000 \SystemRoot\system32\drivers\PSDNServ.sys 0x8B172000 \SystemRoot\System32\Drivers\mup.sys 0x8B181000 \SystemRoot\system32\DRIVERS\klbg.sys 0x8B18E000 \SystemRoot\System32\drivers\ecache.sys 0x8B1B5000 \SystemRoot\system32\drivers\disk.sys 0x8B1C6000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8B1E7000 \SystemRoot\system32\drivers\crcdisk.sys 0x8AFCA000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8AFD5000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8AFDE000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8F20D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8F954000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8F9F4000 \SystemRoot\System32\drivers\watchdog.sys 0x8F200000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8AD7E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8AFED000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8FC06000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8FE01000 \SystemRoot\system32\DRIVERS\NETw4v32.sys 0x9002A000 \SystemRoot\system32\DRIVERS\b57nd60x.sys 0x90059000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x90069000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x90077000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x90091000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x900A2000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x900B6000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x90108000 \SystemRoot\system32\DRIVERS\winbondcir.sys 0x9011D000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x90130000 \SystemRoot\system32\DRIVERS\DKbFltr.sys 0x9013A000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x90145000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x90173000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x90175000 \SystemRoot\system32\DRIVERS\klmouflt.sys 0x9017E000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x90189000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x901A1000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys 0x901A3000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x901A7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x901B0000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8FC93000 \SystemRoot\system32\DRIVERS\storport.sys 0x901DF000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8FCD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x901EA000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8FCEB000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8FD0E000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8FD1D000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8FD31000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8FD46000 \SystemRoot\system32\DRIVERS\termdd.sys 0x901F5000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8FD56000 \SystemRoot\system32\DRIVERS\ks.sys 0x8FD80000 \SystemRoot\system32\DRIVERS\circlass.sys 0x8FD8E000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8FD98000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8FDA5000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8FDDA000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9040D000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8ADBC000 \SystemRoot\system32\drivers\portcls.sys 0x8ABAA000 \SystemRoot\system32\drivers\drmk.sys 0x82FB5000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x9060D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x90710000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x907C5000 \SystemRoot\system32\drivers\modem.sys 0x907D2000 \SystemRoot\system32\DRIVERS\hidir.sys 0x907DD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x907ED000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x907F4000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x90600000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x90A0B000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x90BB2000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x90BBF000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x9180B000 \SystemRoot\system32\DRIVERS\klif.sys 0x9185C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x91865000 \SystemRoot\System32\Drivers\Null.SYS 0x9186C000 \SystemRoot\System32\Drivers\Beep.SYS 0x91873000 \SystemRoot\System32\drivers\vga.sys 0x9187F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x918A0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x918A8000 \SystemRoot\system32\drivers\rdpencdd.sys 0x918B0000 \SystemRoot\System32\Drivers\Msfs.SYS 0x918BB000 \SystemRoot\System32\Drivers\Npfs.SYS 0x918C9000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x918D2000 \SystemRoot\system32\DRIVERS\tdx.sys 0x91A08000 \SystemRoot\system32\DRIVERS\kl1.sys 0x91F28000 \SystemRoot\system32\DRIVERS\usb_0064.sys 0x91F43000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0x91F46000 \SystemRoot\system32\DRIVERS\smb.sys 0x91F5A000 \SystemRoot\system32\drivers\afd.sys 0x91FA2000 \SystemRoot\System32\DRIVERS\netbt.sys 0x91FD4000 \SystemRoot\system32\DRIVERS\pacer.sys 0x91FEA000 \SystemRoot\system32\DRIVERS\klim6.sys 0x91FF1000 \SystemRoot\system32\DRIVERS\netbios.sys 0x918E8000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x918FB000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x91937000 \SystemRoot\system32\drivers\nsiproxy.sys 0x91941000 \SystemRoot\System32\Drivers\dfsc.sys 0x91A00000 \SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys 0x91958000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x9196F000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x91978000 \SystemRoot\system32\DRIVERS\NuidFltr.sys 0x9197F000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8AF0C000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x9B8C0000 \SystemRoot\System32\win32k.sys 0x9198C000 \SystemRoot\System32\drivers\Dxapi.sys 0x91996000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9BAE0000 \SystemRoot\System32\TSDDD.dll 0x9BB00000 \SystemRoot\System32\cdd.dll 0x919A5000 \SystemRoot\system32\drivers\luafv.sys 0xA2805000 \SystemRoot\system32\drivers\spsys.sys 0xA28B5000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA28C5000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA28EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA28F9000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA290C000 \SystemRoot\system32\drivers\HTTP.sys 0xA2979000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA2996000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA29AF000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA29C4000 \SystemRoot\system32\drivers\mrxdav.sys 0x919C8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x90BC6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA29E5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x8ABCF000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA4206000 \SystemRoot\System32\DRIVERS\srv.sys 0xA426D000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA4283000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys 0xA428A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xA428E000 \SystemRoot\system32\drivers\peauth.sys 0xA436C000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA4376000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA4382000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xA438A000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl 0xA43A7000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xA43CD000 \SystemRoot\System32\drivers\dgderdrv.sys 0xA43D0000 \SystemRoot\system32\drivers\tdtcp.sys 0xA43DB000 \SystemRoot\System32\DRIVERS\tssecsrv.sys 0x807B9000 \SystemRoot\System32\Drivers\RDPWD.SYS 0xA43E7000 \??\C:\Windows\system32\FsUsbExDisk.SYS 0x76F20000 \Windows\System32\ntdll.dll Processes (total 91): 0 System Idle Process 4 SYSTEM 544 C:\Windows\System32\smss.exe 676 csrss.exe 728 C:\Windows\System32\wininit.exe 736 csrss.exe 772 C:\Windows\System32\services.exe 816 C:\Windows\System32\lsass.exe 824 C:\Windows\System32\lsm.exe 864 C:\Windows\System32\winlogon.exe 992 C:\Windows\System32\svchost.exe 1052 C:\Windows\System32\svchost.exe 1088 C:\Windows\System32\svchost.exe 1140 C:\Windows\System32\svchost.exe 1168 C:\Windows\System32\svchost.exe 1192 C:\Windows\System32\svchost.exe 1264 C:\Windows\System32\audiodg.exe 1284 C:\Windows\System32\svchost.exe 1300 C:\Windows\System32\SLsvc.exe 1344 C:\Windows\System32\svchost.exe 1632 C:\Windows\System32\svchost.exe 1876 C:\Windows\System32\spoolsv.exe 1900 C:\Windows\System32\svchost.exe 488 C:\Acer\ALaunch\ALaunchSvc.exe 808 C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe 536 C:\Windows\System32\dgdersvc.exe 1000 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 976 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 1712 C:\Acer\Empowering Technology\eNet\eNet Service.exe 344 C:\Windows\System32\FsUsbExService.Exe 796 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2076 C:\Program Files\ICQ6Toolbar\ICQ Service.exe 2140 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2160 C:\Acer\Mobility Center\MobilityService.exe 2200 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe 2252 C:\Windows\System32\svchost.exe 2276 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2292 C:\Program Files\Acer\Acer VCM\RS_Service.exe 2332 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2404 C:\Windows\System32\svchost.exe 2476 C:\Windows\System32\svchost.exe 2504 C:\Windows\System32\SearchIndexer.exe 2544 C:\Windows\System32\drivers\XAudio.exe 2572 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2608 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 2688 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 2912 WmiPrvSE.exe 2984 WmiPrvSE.exe 3092 unsecapp.exe 3492 C:\Windows\System32\alg.exe 3328 C:\Windows\System32\taskeng.exe 3828 C:\Windows\System32\svchost.exe 3140 C:\Windows\System32\taskeng.exe 1816 C:\Windows\System32\dwm.exe 3584 C:\Windows\explorer.exe 3472 C:\Windows\System32\svchost.exe 3176 C:\Program Files\Synaptics\SynTP\SynTPStart.exe 2840 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe 1584 C:\Acer\Empowering Technology\eAudio\eAudio.exe 1232 C:\Windows\RtHDVCpl.exe 4276 C:\Program Files\Launch Manager\QtZgAcer.EXE 4284 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 4296 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe 4340 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 4348 C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe 4356 C:\Windows\WindowsMobile\wmdSync.exe 4416 C:\Windows\System32\rundll32.exe 4444 C:\Program Files\FreePDF_XP\fpassist.exe 4456 C:\Program Files\Common Files\Java\Java Update\jusched.exe 4524 C:\Program Files\Windows Sidebar\sidebar.exe 4560 C:\Windows\ehome\ehtray.exe 4632 C:\Program Files\Acer\Acer VCM\AcerVCM.exe 4656 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe 4760 C:\Program Files\Windows Sidebar\sidebar.exe 4856 C:\Program Files\OpenOffice.org 2.4\program\soffice.exe 4876 C:\Windows\System32\rundll32.exe 4960 C:\Users\MICHIM~1\AppData\Local\Temp\RtkBtMnt.exe 4992 C:\Windows\ehome\ehmsas.exe 5120 C:\Acer\Empowering Technology\eNet\eNMTray.exe 5296 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe 5336 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe 5392 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe 5556 C:\Program Files\OpenOffice.org 2.4\program\soffice.bin 4008 C:\Program Files\Acer\Acer VCM\acp2HID.exe 4196 taskeng.exe 5168 C:\Windows\System32\conime.exe 4868 C:\Windows\System32\SearchProtocolHost.exe 5800 C:\Windows\System32\SearchFilterHost.exe 3732 dllhost.exe 4432 dllhost.exe 2488 C:\Users\Michi Mayer\Downloads\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`70a00000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`5ce00000 (NTFS) PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 31171527C24A94682C92F34EB1E387CDC8AD21FC Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Done! |
|
30.04.2011, 01:28
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte Für OSAM brauchst du WinRAR oder 7zip!
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
| Themen zu Windows Recovery Trojaner - erste Bekämpfung und Frage zu externer Festplatte |
| aktiv, alles weg, anti-malware, browser.exe, dateien, desktop, eigene bilder, excel.exe, explorer, externe festplatte, festplatte, firefox, forum, frage, iceyochtffau.exe, install.exe, launch, location, logfile, malware.gen, malwarebytes, microsoft, microsoft office word, mozilla, nvlddmkm.sys, office 2007, oldtimer, otl-log, plug-in, pop-up-blocker, remote control, saver, searchplugins, security scan, security update, shortcut, skype.exe, software, start, start menu, studio, surfen, temp, tmp, trojan.fakealert, trojan.fakeav, trojaner, vista, visual studio, vorschläge, windows, windows recovery, windows recovery malwarebytes, windows vista |
