Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... (https://www.trojaner-board.de/99413-firefox-umleitung-google-ask-super-schnaeppchen-co.html)

033261 22.05.2011 10:07
Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co...
 
Hallo!

Dieses Problem ist scheinbar nicht neu, dennoch komme ich trotz diverser Foren nicht weiter...

Sporadisch leitet mich Google auf diverse Werbeseiten um. Insbesondere ASK und "Super Schnäppchen" sind googles bevorzugte Wahl. Das ist mehr als nervig. Firefox Deinstallaton und Neuinstallation brachte nix. HighjackThis fand keine Auffälligkeiten bzw. die Bereinigung brachte nix. TDSSKiller: Keine Auffälligkeiten...

OTL Report:

Code:
OTL Logfile:

       
Code:

       
OTL logfile created on: 22.05.2011 10:45:40 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\xxxxxxs\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,34 Gb Total Space | 7,55 Gb Free Space | 18,71% Space Free | Partition Type: NTFS
Drive D: | 81,25 Gb Total Space | 64,10 Gb Free Space | 78,89% Space Free | Partition Type: NTFS
Drive E: | 99,19 Gb Total Space | 65,08 Gb Free Space | 65,61% Space Free | Partition Type: NTFS
Drive X: | 915,91 Gb Total Space | 794,16 Gb Free Space | 86,71% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxxSNB | User Name: xxxxxxs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxxxs\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - D:\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\xxxxxxs\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (HFGService) -- C:\Windows\SysNative\HFGService.dll (CSR, plc)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (Norton Ghost) -- D:\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (StarWindServiceAE) -- d:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SCL01164) -- C:\Windows\SysNative\drivers\SCL01164.sys (SCM Microsystems Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (BthAudioHF) -- C:\Windows\SysNative\drivers\BthAudioHF.sys (CSR, plc)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AF05BDA) -- C:\Windows\SysNative\drivers\AF05BDA.sys (AfaTech                  )
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (symsnap) -- C:\Windows\SysNative\drivers\symsnap.sys (StorageCraft)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.)
DRV:64bit: - (VProEventMonitor) -- C:\Windows\SysNative\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (v2imount) -- C:\Windows\SysNative\drivers\v2imount.sys (Symantec Corporation)
DRV:64bit: - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\SysNative\drivers\AF15BDA.sys (AfaTech                  )
DRV - (vaszok) -- C:\Windows\system32\drivers\bepyqh.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.07 22:09:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: D:\AusweisApp\mozilla\AusweisApp_FF3x_Win [2011.01.03 20:05:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.03 21:23:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.18 18:36:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.07 22:09:50 | 000,000,000 | ---D | M]
 
[2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxs\AppData\Roaming\mozilla\Extensions
[2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxs\AppData\Roaming\mozilla\Extensions\{a23983c0-fd0e-11dc-95ff-0800200c9a66}
[2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxs\AppData\Roaming\mozilla\Fennec\Profiles\8vrehq32.default\extensions
[2011.04.23 15:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxs\AppData\Roaming\mozilla\Firefox\Profiles\f7zrzodg.default\extensions
[2011.04.23 15:48:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxxxxxs\AppData\Roaming\mozilla\Firefox\Profiles\f7zrzodg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.05.03 21:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.15 14:58:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.24 18:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 22:51:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.02.27 22:33:26 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2011.05.03 21:23:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.03 21:23:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.03 21:23:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.03 21:23:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.03 21:23:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.03 21:23:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.03 21:23:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - D:\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [acxNetdrm] C:\Users\xxxxxxs\AppData\Local\advMainserv\acxNetdrm.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - Reg Error: Key error. -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.22 10:44:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxxs\Desktop\OTL.exe
[2011.05.19 22:10:52 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2011.05.17 22:27:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxs\AppData\Local\RapidSolution
[2011.05.16 20:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2011.05.16 20:48:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.15 19:23:38 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.05.13 07:47:05 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.05.13 07:47:05 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.05.12 21:43:41 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.05.12 21:43:40 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.05.12 21:43:40 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.05.12 21:43:39 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.05.12 21:43:38 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.05.04 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxs\AppData\Roaming\Download Manager
[2011.05.02 21:11:25 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxs\AppData\Roaming\Malwarebytes
[2011.05.02 21:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.02 21:11:06 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.01 22:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.30 08:13:38 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.04.30 08:13:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.04.30 08:13:36 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.04.30 08:13:36 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.04.30 08:13:36 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.04.30 08:13:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.04.30 08:13:36 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.04.30 08:13:30 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.30 08:13:29 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.30 08:13:28 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.30 08:13:28 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.04.30 08:13:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011.04.30 08:13:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011.04.28 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxs\AppData\Roaming\dvdcss
[2009.10.23 08:50:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.22 10:44:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxxs\Desktop\OTL.exe
[2011.05.22 10:02:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.22 09:20:19 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.22 09:20:19 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.22 09:12:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.22 09:12:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.22 09:12:24 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.21 23:56:08 | 000,002,014 | -H-- | M] () -- E:\Dokumente\Default.rdp
[2011.05.21 22:52:07 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2011.05.16 22:12:18 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.05.16 21:40:52 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.05.16 21:40:51 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.05.16 20:47:03 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.16 20:47:03 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.16 20:47:03 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.16 20:47:03 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.16 20:47:03 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.15 19:27:11 | 000,151,080 | ---- | M] () -- E:\Dokumente\cc_20110515_192702.reg
[2011.05.15 18:58:41 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2011.05.15 18:58:39 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\bepyqh.sys
[2011.05.14 16:09:04 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.04.28 21:15:23 | 000,000,142 | ---- | M] () -- C:\Users\xxxxxxs\AppData\Roaming\default.rss
[2011.04.28 21:15:07 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.04.26 19:33:48 | 000,026,702 | ---- | M] () -- C:\Users\xxxxxxs\Desktop\Ikea_Einkaufsliste.pdf
 
========== Files Created - No Company Name ==========
 
[2011.05.16 22:12:18 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.05.15 19:27:06 | 000,151,080 | ---- | C] () -- E:\Dokumente\cc_20110515_192702.reg
[2011.05.15 18:58:41 | 000,000,000 | ---- | C] () -- C:\backup.reg
[2011.05.15 18:58:39 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\bepyqh.sys
[2011.05.03 21:20:43 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.26 19:33:48 | 000,026,702 | ---- | C] () -- C:\Users\xxxxxxs\Desktop\Ikea_Einkaufsliste.pdf
[2011.03.05 20:16:55 | 000,000,572 | ---- | C] () -- C:\Windows\wiso.ini
[2010.12.10 18:53:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010.07.25 18:06:48 | 000,007,601 | ---- | C] () -- C:\Users\xxxxxxs\AppData\Local\Resmon.ResmonCfg
[2010.06.11 20:20:01 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2010.05.21 18:59:25 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.05.21 18:59:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.05.10 22:04:29 | 000,005,632 | ---- | C] () -- C:\Users\xxxxxxs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.22 17:48:26 | 000,000,139 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI
[2010.03.06 23:11:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.03.06 23:10:21 | 000,000,142 | ---- | C] () -- C:\Users\xxxxxxs\AppData\Roaming\default.rss
[2010.03.06 23:10:21 | 000,000,000 | ---- | C] () -- C:\Users\xxxxxxs\AppData\Roaming\downloads.m3u
[2010.02.28 14:59:20 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.02.28 14:59:20 | 000,000,008 | RHS- | C] () -- C:\ProgramData\BD6B8941C5.sys
[2010.02.28 13:33:42 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.27 21:31:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.23 09:23:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.10.23 09:23:48 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.10.23 09:23:48 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.10.23 09:23:47 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.24 12:41:58 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2008.10.24 12:41:58 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2008.01.10 10:44:01 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.01.10 10:44:01 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2008.01.10 10:44:01 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2007.10.05 20:29:00 | 000,003,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\EC168Hid.dat
[2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0

< End of report >

--- --- ---
OTL Logfile:

       
Code:

       
OTL Extras logfile created on: 22.05.2011 10:45:40 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\xxxxxs\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,34 Gb Total Space | 7,55 Gb Free Space | 18,71% Space Free | Partition Type: NTFS
Drive D: | 81,25 Gb Total Space | 64,10 Gb Free Space | 78,89% Space Free | Partition Type: NTFS
Drive E: | 99,19 Gb Total Space | 65,08 Gb Free Space | 65,61% Space Free | Partition Type: NTFS
Drive X: | 915,91 Gb Total Space | 794,16 Gb Free Space | 86,71% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxSNB | User Name: xxxxxs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "d:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{101A21B2-E102-4F64-A7FA-CEF7182D0E2D}" = SCL011 Contactless Reader
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2c2684e2-05f5-442a-b958-9e483e1f7f0d}" = Nero 9
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{56ABA277-EE53-4478-A607-FA42208FF5A9}" = Menu Templates - Pack 1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57250E78-F6E2-4DCE-9A84-50B28A70AB84}" = Menu Templates - Pack 3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5C5B0836-9648-4057-8044-2DF181E073E2}" = TAXMAN 2010
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{82F25717-25EB-46DA-BE28-E17E21A0FAAF}" = AusweisApp
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOK_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOK_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOK_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_POWERPOINT_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_EXCEL_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOK_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_POWERPOINT_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_EXCEL_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OUTLOOK_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_POWERPOINT_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_WORD_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOK_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_POWERPOINT_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{9AB8E6CE-CE6D-43A0-B54E-422425524FF9}" = Menu Templates - Pack 2
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A0CD0434-C975-4E5B-989B-066CE4D35597}" = USB DVB-T TV Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0255743-165B-4BD5-8DA8-37DFB9930012}" = Norton Ghost
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.95.714
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F425DD1D-0097-41C3-B545-B79E3D51100E}" = Movie Templates - Pack 1
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"ABC Amber NBU Converter" = ABC Amber NBU Converter
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.4 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Cinergy T USB XXS" = Cinergy T USB XXS V2.03.03.29
"EXCEL" = Microsoft Office Excel 2007
"FileZilla Client" = FileZilla Client 3.4.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Network Print Monitor" = Network Print Monitor for Windows 2000/XP/2003/Vista
"Nokia Ovi Suite" = Nokia Ovi Suite
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OUTLOOK" = Microsoft Office Outlook 2007
"Parrot Flash Update Wizard" = Parrot Software Update Tool
"POWERPOINT" = Microsoft Office PowerPoint 2007
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SopCast" = SopCast 3.3.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WBFS Manager 3.0" = WBFS Manager 3.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"WORD" = Microsoft Office Word 2007
"Xvid_is1" = Xvid 1.2.2 final uninstall
"XYplorer" = XYplorer 9.80
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.11.2010 13:06:00 | Computer Name = xxxxxsnb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.11.2010 13:06:00 | Computer Name = xxxxxsnb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.11.2010 13:06:00 | Computer Name = xxxxxsnb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.11.2010 13:06:00 | Computer Name = xxxxxsnb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.11.2010 13:06:00 | Computer Name = xxxxxsnb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.11.2010 13:06:08 | Computer Name = xxxxxsnb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.11.2010 13:06:08 | Computer Name = xxxxxsnb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.11.2010 13:06:08 | Computer Name = xxxxxsnb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.11.2010 13:06:08 | Computer Name = xxxxxsnb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.11.2010 13:51:23 | Computer Name = xxxxxsnb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Media Center Events ]
Error - 11.06.2010 16:46:51 | Computer Name = xxxxxsnb | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Cinergy
T USB XE Tuner
 
Error - 22.07.2010 14:36:58 | Computer Name = xxxxxsnb | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Cinergy
T USB XE (MKII) Tuner
 
[ OSession Events ]
Error - 23.09.2010 15:43:32 | Computer Name = xxxxxsnb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 310
 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.05.2011 15:20:15 | Computer Name = xxxxxsnb | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vaszok
 
Error - 18.05.2011 12:58:55 | Computer Name = xxxxxsnb | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vaszok
 
Error - 18.05.2011 15:36:20 | Computer Name = xxxxxsnb | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vaszok
 
Error - 19.05.2011 02:20:47 | Computer Name = xxxxxsnb | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vaszok
 
Error - 19.05.2011 13:24:33 | Computer Name = xxxxxsnb | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vaszok
 
Error - 20.05.2011 15:08:42 | Computer Name = xxxxxsnb | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vaszok
 
Error - 20.05.2011 16:44:46 | Computer Name = xxxxxsnb | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vaszok
 
Error - 21.05.2011 05:24:04 | Computer Name = xxxxxsnb | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vaszok
 
Error - 21.05.2011 16:45:12 | Computer Name = xxxxxsnb | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vaszok
 
Error - 22.05.2011 03:13:12 | Computer Name = xxxxxsnb | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom  vaszok
 
 
< End of report >

--- --- ---


[/INDENT]
Wer weiß Rat? Bitte um Hilfe! Bitte bitte...

M-K-D-B 22.05.2011 10:31
:hallo:

Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Bitte arbeite solange mit mir mit, bis ich dir sage, dass wir hier fertig sind.
  • Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.

Ich bereite jetzt einen Fix vor und melde mich so bald als möglich mit weiteren Anweisungen.

M-K-D-B 22.05.2011 10:48
Hallo 033261,





Schritt # 1: Registry Cleaner
Ich sehe, dass Du sogenannte Registry Cleaner am System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.





Schritt # 2: Kontrolle mit VirusTotal
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    C:\Windows\system32\drivers\bepyqh.sys
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.





Schritt # 3: aswMBR.exe ausführen
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • deine Rückmeldung zu Schritt # 1,
  • den Link zum Ergebnis von VirusTotal und
  • das Logfile von aswMBR.

033261 22.05.2011 11:03
Danke für die Hilfe!

Hier der Link zu Schritt 1:

hxxp://www.virustotal.com/file-scan/report.html?id=03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae-1306058345


und das Logfile zu Schritt 2:

[code]
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-22 12:04:15
-----------------------------
12:04:15.239 OS Version: Windows x64 6.1.7601 Service Pack 1
12:04:15.239 Number of processors: 2 586 0x170A
12:04:15.239 ComputerName: RITCHIESNB UserName: ritchies
12:04:15.926 Initialize success
12:04:25.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:04:25.520 Disk 0 Vendor: ST925031 0001 Size: 238475MB BusType: 3
12:04:25.520 Disk 0 MBR read error 0
12:04:25.535 Disk 0 MBR scan
12:04:25.535 Disk 0 unknown MBR code
12:04:25.535 MBR BIOS signature not found 0
12:04:25.535 Service scanning
12:04:26.830 Disk 0 trace - called modules:
12:04:26.892 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spse.sys hal.dll
12:04:26.892 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032ff790]
12:04:26.908 3 CLASSPNP.SYS[fffff88001cd443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8002e0b050]
12:04:26.908 Scan finished successfully
12:04:47.718 Disk 0 MBR has been saved successfully to "C:\Users\ritchies\Desktop\MBR.dat"
12:04:47.718 The log file has been saved successfully to "C:\Users\ritchies\Desktop\aswMBR.txt"

[\code]

M-K-D-B 22.05.2011 12:13
Hallo 033261,


ich bekomme noch eine Rückmeldung bezüglich CCleaner. Vielen Dank. :)






Schritt # 1: Fix mit OTL
Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [acxNetdrm] %LOCALAPPDATA%\advMainserv\acxNetdrm.dll ()
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0

:files
%LOCALAPPDATA%\advMainserv

:Commands
[emptytemp]
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt # 2: ComboFix ausführen
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.





Schritt # 3: Systemscan mit OTL
  • Starte bitte OTL.exe.
  • Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
  • Poste die OTL.txt und die Extras.txt hier in deinen Thread.




Schritt # 4: Scan mit MBRCheck
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
  • Poste mir bitte den Inhalt des .txt Dokumentes.




Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das Logfile des OTL-Fix,
  • das Logfile von ComboFix,
  • die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt) und
  • das Logfile von MBRCheck.

033261 22.05.2011 22:20
Hallo!

Ich habe zwar keine Ahnung, was ich hier tue... aber was solls...:crazy:

1. Verstande! CCCleaner verbannt

2. Logfile OTL-Fix:

[CODE] All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\acxNetdrm deleted successfully.
C:\Users\ritchies\AppData\Local\advMainserv\acxNetdrm.dll moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
========== FILES ==========
C:\Users\ritchies\AppData\Local\advMainserv folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ritchies
->Temp folder emptied: 27736469 bytes
->Temporary Internet Files folder emptied: 57510328 bytes
->Java cache emptied: 12184350 bytes
->FireFox cache emptied: 296065073 bytes
->Flash cache emptied: 6152 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118206 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 375,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05222011_221000

Files\Folders moved on Reboot...
C:\Users\ritchies\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\klsA5C5.tmp not found!

Registry entries deleted on Reboot...
[All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\acxNetdrm deleted successfully.
C:\Users\ritchies\AppData\Local\advMainserv\acxNetdrm.dll moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
========== FILES ==========
C:\Users\ritchies\AppData\Local\advMainserv folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ritchies
->Temp folder emptied: 27736469 bytes
->Temporary Internet Files folder emptied: 57510328 bytes
->Java cache emptied: 12184350 bytes
->FireFox cache emptied: 296065073 bytes
->Flash cache emptied: 6152 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118206 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 375,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05222011_221000

Files\Folders moved on Reboot...
C:\Users\ritchies\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\klsA5C5.tmp not found!

Registry entries deleted on Reboot...[\code]


3. LogFile Combifix

[code] Combofix Logfile:
Code:
ComboFix 11-05-21.03 - ritchies 22.05.2011  22:21:04.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.1979.807 [GMT 2:00]
ausgeführt von:: c:\users\ritchies\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ritchies\AppData\Roaming\.#
c:\windows\SysWow64\Drivers\bepyqh.sys
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-22 bis 2011-05-22  ))))))))))))))))))))))))))))))
.
.
2011-05-22 20:36 . 2011-05-22 20:36        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-22 20:10 . 2011-05-22 20:10        --------        d-----w-        C:\_OTL
2011-05-21 20:56 . 2011-05-09 22:00        8718160        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E7266E0-0C78-4D02-AB91-52BEFAC46CCD}\mpengine.dll
2011-05-19 20:10 . 2011-05-21 20:52        210944        ----a-w-        c:\windows\system32\rdpclip.exe
2011-05-17 20:27 . 2011-05-17 20:27        --------        d-----w-        c:\users\ritchies\AppData\Local\RapidSolution
2011-05-15 16:58 . 2011-05-15 16:58        0        ----a-w-        C:\backup.reg
2011-05-13 05:47 . 2011-04-09 06:58        142336        ----a-w-        c:\windows\system32\poqexec.exe
2011-05-13 05:47 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe
2011-05-12 19:43 . 2011-04-09 07:02        5562240        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-05-12 19:43 . 2011-04-09 06:02        3967872        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2011-05-12 19:43 . 2011-04-09 06:02        3912576        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2011-05-12 19:43 . 2011-03-25 03:29        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2011-05-12 19:43 . 2011-03-25 03:29        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys
2011-05-12 19:43 . 2011-03-25 03:29        52736        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2011-05-12 19:43 . 2011-03-25 03:29        98816        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2011-05-12 19:43 . 2011-03-25 03:29        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2011-05-12 19:43 . 2011-03-25 03:28        7936        ----a-w-        c:\windows\system32\drivers\usbd.sys
2011-05-04 18:09 . 2011-05-05 15:44        --------        d-----w-        c:\users\ritchies\AppData\Roaming\Download Manager
2011-05-02 19:11 . 2011-05-02 19:11        --------        d-----w-        c:\users\ritchies\AppData\Roaming\Malwarebytes
2011-05-02 19:11 . 2011-05-02 19:11        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-02 19:11 . 2010-12-20 16:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-01 20:26 . 2011-05-01 20:45        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-04-28 19:13 . 2011-04-28 19:13        --------        d-----w-        c:\users\ritchies\AppData\Roaming\dvdcss
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-14 14:09 . 2010-02-28 12:59        2828        --sha-w-        c:\programdata\KGyGaAvL.sys
2011-03-11 06:34 . 2011-04-14 17:51        1359872        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-14 17:51        1395712        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-14 17:51        1164288        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 17:51        1137664        ----a-w-        c:\windows\SysWow64\mfc42.dll
2011-03-08 06:29 . 2011-04-14 17:50        976896        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-14 17:50        741376        ----a-w-        c:\windows\SysWow64\inetcomm.dll
2011-03-07 06:31 . 2011-04-14 17:51        1188864        ----a-w-        c:\windows\system32\wininet.dll
2011-03-07 05:33 . 2011-04-14 17:51        981504        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-03-07 04:24 . 2011-04-14 17:51        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-03-07 03:52 . 2011-04-14 17:51        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-03-04 06:19 . 2011-04-30 06:13        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-30 06:13        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-14 17:51        183296        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-14 17:51        30208        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-14 17:51        28672        ----a-w-        c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-14 17:50        3135488        ----a-w-        c:\windows\system32\win32k.sys
2011-02-28 17:11 . 2011-02-28 17:11        69632        ----a-w-        c:\windows\SysWow64\PXTTool80VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11        4648960        ----a-w-        c:\windows\SysWow64\LxXtreme70VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11        27648        ----a-w-        c:\windows\SysWow64\LXTPSW20VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11        135168        ----a-w-        c:\windows\SysWow64\LxMail30VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11        1335296        ----a-w-        c:\windows\SysWow64\LXTool91VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11        110592        ----a-w-        c:\windows\SysWow64\LxUISettings20Native.dll
2011-02-28 17:11 . 2011-02-28 17:11        196608        ----a-w-        c:\windows\SysWow64\LxBasics91VC8.dll
2011-02-24 17:27 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-02-24 17:27 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-02-24 17:08 . 2011-02-24 17:08        680960        ----a-w-        c:\windows\system32\termsrv.dll
2011-02-24 06:15 . 2011-04-14 18:26        476160        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:38 . 2011-04-14 18:26        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56 . 2011-04-14 17:50        158208        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-14 17:50        467456        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-14 17:50        411648        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-14 17:50        167936        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-14 17:50        287744        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-14 17:50        128000        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-14 17:50        90624        ----a-w-        c:\windows\system32\drivers\bowser.sys
.
.
------- Sigcheck -------
.
[-] 2011-02-24 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[-] 2011-02-24 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2010-12-21 16:31        3055040        ----a-w-        d:\ausweisapp\siqeCardClient.ols
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"QuickTime Task"="d:\quicktime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-02 365336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~2\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 vaszok;vaszok;c:\windows\system32\drivers\bepyqh.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\drivers\AF05BDA.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BthAudioHF;BthAudioHF-Dienst;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 DRHARD;DRHARD;c:\windows\system32\DRIVERS\DRHARD.SYS [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 135664]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 SCL01164;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01164.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 11:54]
.
2011-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-28 11:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-01-10 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandenes PDF anfügen - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - d:\acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {108A12B5-B45C-4414-9BAF-A29C756F5E46} = 192.168.178.1
FF - ProfilePath - c:\users\ritchies\AppData\Roaming\Mozilla\Firefox\Profiles\f7zrzodg.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-22  22:58:31
ComboFix-quarantined-files.txt  2011-05-22 20:58
.
Vor Suchlauf: 8.340.463.616 Bytes frei
Nach Suchlauf: 8.700.223.488 Bytes frei
.
- - End Of File - - 8A70C592A0D9C5431B246E66ACA7A5FC
--- --- ---


4. Logfile OTL (Extras.txt wurde nicht gespeichert?!? daher ohne)

OTL Logfile:
Code:
OTL logfile created on: 22.05.2011 23:00:11 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\ritchies\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,34 Gb Total Space | 8,17 Gb Free Space | 20,25% Space Free | Partition Type: NTFS
Drive D: | 81,25 Gb Total Space | 64,10 Gb Free Space | 78,89% Space Free | Partition Type: NTFS
Drive E: | 99,19 Gb Total Space | 65,08 Gb Free Space | 65,61% Space Free | Partition Type: NTFS
Drive X: | 915,91 Gb Total Space | 794,16 Gb Free Space | 86,71% Space Free | Partition Type: NTFS
 
Computer Name: RITCHIESNB | User Name: ritchies | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ritchies\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - D:\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\ritchies\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (HFGService) -- C:\Windows\SysNative\HFGService.dll (CSR, plc)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (Norton Ghost) -- D:\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (StarWindServiceAE) -- d:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SCL01164) -- C:\Windows\SysNative\drivers\SCL01164.sys (SCM Microsystems Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (BthAudioHF) -- C:\Windows\SysNative\drivers\BthAudioHF.sys (CSR, plc)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AF05BDA) -- C:\Windows\SysNative\drivers\AF05BDA.sys (AfaTech                  )
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (symsnap) -- C:\Windows\SysNative\drivers\symsnap.sys (StorageCraft)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.)
DRV:64bit: - (VProEventMonitor) -- C:\Windows\SysNative\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (v2imount) -- C:\Windows\SysNative\drivers\v2imount.sys (Symantec Corporation)
DRV:64bit: - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\SysNative\drivers\AF15BDA.sys (AfaTech                  )
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.07 22:09:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: D:\AusweisApp\mozilla\AusweisApp_FF3x_Win [2011.01.03 20:05:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.03 21:23:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.18 18:36:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.07 22:09:50 | 000,000,000 | ---D | M]
 
[2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Extensions
[2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Extensions\{a23983c0-fd0e-11dc-95ff-0800200c9a66}
[2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Fennec\Profiles\8vrehq32.default\extensions
[2011.04.23 15:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Firefox\Profiles\f7zrzodg.default\extensions
[2011.04.23 15:48:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\ritchies\AppData\Roaming\mozilla\Firefox\Profiles\f7zrzodg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.05.03 21:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.15 14:58:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.24 18:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.22 22:51:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.02.27 22:33:26 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2011.05.03 21:23:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.03 21:23:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.03 21:23:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.03 21:23:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.03 21:23:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.03 21:23:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.03 21:23:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.22 22:36:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - D:\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - Reg Error: Key error. -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.22 23:01:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.22 22:58:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.05.22 22:19:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.22 22:19:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.22 22:19:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.22 22:19:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.22 22:19:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.22 22:18:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.22 22:10:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.22 12:03:29 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\ritchies\Desktop\aswMBR.exe
[2011.05.22 10:44:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\ritchies\Desktop\OTL.exe
[2011.05.19 22:10:52 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2011.05.17 22:27:43 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Local\RapidSolution
[2011.05.16 20:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2011.05.16 20:48:50 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.05.13 07:47:05 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.05.13 07:47:05 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.05.12 21:43:41 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.05.12 21:43:40 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.05.12 21:43:40 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.05.12 21:43:39 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.05.12 21:43:38 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.05.04 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\Download Manager
[2011.05.02 21:11:25 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\Malwarebytes
[2011.05.02 21:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.02 21:11:06 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.01 22:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.30 08:13:38 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.04.30 08:13:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.04.30 08:13:36 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.04.30 08:13:36 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.04.30 08:13:36 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.04.30 08:13:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.04.30 08:13:36 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.04.30 08:13:30 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.30 08:13:29 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.30 08:13:28 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.30 08:13:28 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.04.30 08:13:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011.04.30 08:13:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011.04.28 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\dvdcss
[2009.10.23 08:50:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.22 23:02:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.22 22:36:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.05.22 22:21:16 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.22 22:21:16 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.22 22:13:51 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.22 22:13:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.22 22:13:38 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.22 22:08:18 | 004,352,705 | R--- | M] () -- C:\Users\ritchies\Desktop\ComboFix.exe
[2011.05.22 12:04:47 | 000,000,512 | ---- | M] () -- C:\Users\ritchies\Desktop\MBR.dat
[2011.05.22 12:03:32 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\ritchies\Desktop\aswMBR.exe
[2011.05.22 10:44:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ritchies\Desktop\OTL.exe
[2011.05.21 23:56:08 | 000,002,014 | -H-- | M] () -- E:\Dokumente\Default.rdp
[2011.05.21 22:52:07 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2011.05.16 22:12:18 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.05.16 21:40:52 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.05.16 21:40:51 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.05.16 20:47:03 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.16 20:47:03 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.16 20:47:03 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.16 20:47:03 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.16 20:47:03 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.15 19:27:11 | 000,151,080 | ---- | M] () -- E:\Dokumente\cc_20110515_192702.reg
[2011.05.15 18:58:41 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2011.05.14 16:09:04 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.04.28 21:15:23 | 000,000,142 | ---- | M] () -- C:\Users\ritchies\AppData\Roaming\default.rss
[2011.04.28 21:15:07 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.04.26 19:33:48 | 000,026,702 | ---- | M] () -- C:\Users\ritchies\Desktop\Ikea_Einkaufsliste.pdf
 
========== Files Created - No Company Name ==========
 
[2011.05.22 22:19:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.22 22:19:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.22 22:19:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.22 22:19:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.22 22:19:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.22 22:07:46 | 004,352,705 | R--- | C] () -- C:\Users\ritchies\Desktop\ComboFix.exe
[2011.05.22 12:04:47 | 000,000,512 | ---- | C] () -- C:\Users\ritchies\Desktop\MBR.dat
[2011.05.16 22:12:18 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.05.15 19:27:06 | 000,151,080 | ---- | C] () -- E:\Dokumente\cc_20110515_192702.reg
[2011.05.15 18:58:41 | 000,000,000 | ---- | C] () -- C:\backup.reg
[2011.05.03 21:20:43 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.26 19:33:48 | 000,026,702 | ---- | C] () -- C:\Users\ritchies\Desktop\Ikea_Einkaufsliste.pdf
[2011.03.05 20:16:55 | 000,000,572 | ---- | C] () -- C:\Windows\wiso.ini
[2010.12.10 18:53:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010.07.25 18:06:48 | 000,007,601 | ---- | C] () -- C:\Users\ritchies\AppData\Local\Resmon.ResmonCfg
[2010.06.11 20:20:01 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2010.05.21 18:59:25 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.05.21 18:59:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.05.10 22:04:29 | 000,005,632 | ---- | C] () -- C:\Users\ritchies\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.22 17:48:26 | 000,000,139 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI
[2010.03.06 23:11:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.03.06 23:10:21 | 000,000,142 | ---- | C] () -- C:\Users\ritchies\AppData\Roaming\default.rss
[2010.03.06 23:10:21 | 000,000,000 | ---- | C] () -- C:\Users\ritchies\AppData\Roaming\downloads.m3u
[2010.02.28 14:59:20 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.02.28 14:59:20 | 000,000,008 | RHS- | C] () -- C:\ProgramData\BD6B8941C5.sys
[2010.02.28 13:33:42 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.27 21:31:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.23 09:23:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.10.23 09:23:48 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.10.23 09:23:48 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.10.23 09:23:47 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.24 12:41:58 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2008.10.24 12:41:58 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2008.01.10 10:44:01 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.01.10 10:44:01 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2008.01.10 10:44:01 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2007.10.05 20:29:00 | 000,003,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\EC168Hid.dat
[2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll

< End of report >
--- --- ---

Last not leas Logfile MBR:

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Home Premium Edition
Windows Information:                Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:        Acer
BIOS Manufacturer:                INSYDE
System Manufacturer:                Acer
System Product Name:                Aspire 1810TZ
Logical Drives Mask:                0x0080001c

Kernel Drivers (total 191):
  0x0300B000 \SystemRoot\system32\ntoskrnl.exe
  0x035F4000 \SystemRoot\system32\hal.dll
  0x00BA1000 \SystemRoot\system32\kdcom.dll
  0x00C96000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00CE5000 \SystemRoot\system32\PSHED.dll
  0x00CF9000 \SystemRoot\system32\CLFS.SYS
  0x00E98000 \SystemRoot\system32\CI.dll
  0x00F58000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00E00000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x01028000 \SystemRoot\System32\Drivers\spde.sys
  0x0115C000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x01165000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x01194000 \SystemRoot\system32\drivers\ACPI.sys
  0x011EB000 \SystemRoot\system32\drivers\msisadrv.sys
  0x01000000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E0F000 \SystemRoot\system32\drivers\pci.sys
  0x0100D000 \SystemRoot\System32\drivers\partmgr.sys
  0x011F5000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x00E42000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x00E4E000 \SystemRoot\system32\drivers\volmgr.sys
  0x00D57000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E63000 \SystemRoot\System32\drivers\mountmgr.sys
  0x012E0000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x01200000 \SystemRoot\system32\drivers\atapi.sys
  0x01209000 \SystemRoot\system32\drivers\ataport.SYS
  0x01233000 \SystemRoot\system32\drivers\amdxata.sys
  0x0123E000 \SystemRoot\system32\drivers\fltmgr.sys
  0x0128A000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0129E000 \SystemRoot\system32\DRIVERS\symsnap.sys
  0x01410000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x00C00000 \SystemRoot\System32\Drivers\msrpc.sys
  0x015B3000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01640000 \SystemRoot\System32\Drivers\cng.sys
  0x016B2000 \SystemRoot\System32\drivers\pcw.sys
  0x016C3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x016CD000 \SystemRoot\system32\drivers\ndis.sys
  0x01827000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01887000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01A40000 \SystemRoot\System32\drivers\tcpip.sys
  0x01C44000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01E76000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x01E00000 \SystemRoot\system32\drivers\volsnap.sys
  0x01E4C000 \SystemRoot\System32\Drivers\spldr.sys
  0x01C8E000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01E54000 \SystemRoot\System32\Drivers\mup.sys
  0x01E66000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01CC8000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x025D5000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01D02000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01D45000 \SystemRoot\system32\DRIVERS\klif.sys
  0x01DDB000 \SystemRoot\System32\Drivers\Null.SYS
  0x025F9000 \SystemRoot\System32\Drivers\Beep.SYS
  0x01DE4000 \SystemRoot\System32\drivers\vga.sys
  0x01A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x01A25000 \SystemRoot\System32\drivers\watchdog.sys
  0x01A35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x01DF2000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x019CE000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x019D7000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x019E2000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x019F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x01E6F000 \SystemRoot\system32\DRIVERS\kl2.sys
  0x048EB000 \SystemRoot\system32\drivers\afd.sys
  0x04974000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x049B9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x049C2000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x049E8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x04800000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x04809000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x04818000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x04833000 \SystemRoot\system32\drivers\termdd.sys
  0x04847000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x04898000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x048A4000 \SystemRoot\system32\drivers\mssmbios.sys
  0x048AF000 \SystemRoot\System32\drivers\discache.sys
  0x048BE000 \SystemRoot\System32\Drivers\dfsc.sys
  0x017C0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x017D1000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x01600000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x048DC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x04A94000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
  0x046BD000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x047B1000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04600000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x0460D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x04663000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x04674000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x04698000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
  0x05639000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
  0x05CE6000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x05CF3000 \SystemRoot\system32\drivers\i8042prt.sys
  0x05D11000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
  0x05D1D000 \SystemRoot\system32\drivers\kbdclass.sys
  0x05D2C000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x05D75000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x05D77000 \SystemRoot\system32\drivers\mouclass.sys
  0x05D86000 \SystemRoot\System32\Drivers\am3ud4vw.SYS
  0x05DC8000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x05DD1000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x05DE1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x05600000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x05624000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x0519C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x051CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x04A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x04A21000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x05630000 \SystemRoot\system32\drivers\swenum.sys
  0x04A3B000 \SystemRoot\system32\drivers\ks.sys
  0x04A7E000 \SystemRoot\system32\drivers\umbus.sys
  0x05E8F000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x05EE9000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x0640D000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x05EFE000 \SystemRoot\system32\drivers\portcls.sys
  0x05F3B000 \SystemRoot\system32\drivers\drmk.sys
  0x065EC000 \SystemRoot\system32\drivers\ksthunk.sys
  0x05F5D000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x05F84000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x05FA1000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x00040000 \SystemRoot\System32\win32k.sys
  0x065F2000 \SystemRoot\System32\drivers\Dxapi.sys
  0x05FCF000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x018B2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x05FDD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x05FF0000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00470000 \SystemRoot\System32\TSDDD.dll
  0x00710000 \SystemRoot\System32\cdd.dll
  0x05E00000 \SystemRoot\system32\drivers\luafv.sys
  0x05E23000 \SystemRoot\system32\drivers\WudfPf.sys
  0x05E44000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x03248000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x0329B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x032AE000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x032C6000 \SystemRoot\system32\drivers\HTTP.sys
  0x0338F000 \SystemRoot\system32\DRIVERS\vwifimp.sys
  0x03399000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x033B7000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x033CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x00DB3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x03200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x060CF000 \SystemRoot\system32\drivers\peauth.sys
  0x06175000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x06180000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x061B1000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x061C3000 \SystemRoot\system32\DRIVERS\v2imount.sys
  0x06000000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x07639000 \SystemRoot\System32\DRIVERS\srv.sys
  0x076D1000 \SystemRoot\system32\drivers\tdtcp.sys
  0x076DC000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0x076EB000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0x07795000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x77070000 \Windows\System32\ntdll.dll
  0x484C0000 \Windows\System32\smss.exe
  0xFF390000 \Windows\System32\apisetschema.dll
  0xFF060000 \Windows\System32\autochk.exe
  0x76F70000 \Windows\System32\user32.dll
  0xFF270000 \Windows\System32\msctf.dll
  0xFF250000 \Windows\System32\imagehlp.dll
  0xFE4C0000 \Windows\System32\shell32.dll
  0xFE390000 \Windows\System32\rpcrt4.dll
  0xFE260000 \Windows\System32\wininet.dll
  0xFE210000 \Windows\System32\ws2_32.dll
  0xFE170000 \Windows\System32\clbcatq.dll
  0xFE140000 \Windows\System32\imm32.dll
  0xFE0E0000 \Windows\System32\Wldap32.dll
  0xFE0D0000 \Windows\System32\lpk.dll
  0xFE0C0000 \Windows\System32\nsi.dll
  0xFE050000 \Windows\System32\gdi32.dll
  0x77240000 \Windows\System32\psapi.dll
  0x77230000 \Windows\System32\normaliz.dll
  0xFE030000 \Windows\System32\sechost.dll
  0xFDE20000 \Windows\System32\ole32.dll
  0xFDCA0000 \Windows\System32\urlmon.dll
  0xFDC20000 \Windows\System32\difxapi.dll
  0xFDB80000 \Windows\System32\comdlg32.dll
  0xFDB00000 \Windows\System32\shlwapi.dll
  0xFD920000 \Windows\System32\setupapi.dll
  0x76E50000 \Windows\System32\kernel32.dll
  0xFD6C0000 \Windows\System32\iertutil.dll
  0xFD5E0000 \Windows\System32\advapi32.dll
  0xFD510000 \Windows\System32\usp10.dll
  0xFD470000 \Windows\System32\msvcrt.dll
  0xFD390000 \Windows\System32\oleaut32.dll
  0xFD350000 \Windows\System32\cfgmgr32.dll
  0xFD2B0000 \Windows\System32\comctl32.dll
  0xFD290000 \Windows\System32\devobj.dll
  0xFD220000 \Windows\System32\KernelBase.dll
  0xFD0B0000 \Windows\System32\crypt32.dll
  0xFD070000 \Windows\System32\wintrust.dll
  0xFD060000 \Windows\System32\msasn1.dll
  0x76C20000 \Windows\SysWOW64\normaliz.dll

Processes (total 68):
      0 System Idle Process
      4 System
    364 C:\Windows\System32\smss.exe
    500 csrss.exe
    540 C:\Windows\System32\wininit.exe
    552 csrss.exe
    588 C:\Windows\System32\services.exe
    628 C:\Windows\System32\winlogon.exe
    636 C:\Windows\System32\lsass.exe
    644 C:\Windows\System32\lsm.exe
    780 C:\Windows\System32\svchost.exe
    856 C:\Windows\System32\svchost.exe
    936 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    872 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\spoolsv.exe
    1264 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\svchost.exe
    1408 C:\Windows\System32\taskhost.exe
    1528 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1640 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    1868 C:\Windows\System32\dwm.exe
    1904 C:\Windows\explorer.exe
    2044 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1096 C:\Windows\System32\svchost.exe
    1512 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    1752 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    1576 C:\Windows\System32\svchost.exe
    1932 D:\Norton Ghost\Agent\VProSvc.exe
    2172 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    2200 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    2248 C:\Windows\System32\svchost.exe
    2316 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    2420 C:\Windows\System32\svchost.exe
    2444 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2552 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2892 C:\Windows\System32\SearchIndexer.exe
    2924 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3456 C:\Windows\notepad.exe
    3672 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3712 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3724 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    3740 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3816 C:\Windows\System32\igfxtray.exe
    3824 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3848 C:\Windows\System32\hkcmd.exe
    3880 C:\Windows\System32\igfxpers.exe
    3904 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3948 C:\Windows\System32\igfxsrvc.exe
    3112 C:\Windows\System32\igfxext.exe
    960 C:\Windows\System32\wbem\unsecapp.exe
    3532 WmiPrvSE.exe
    3176 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    700 C:\Program Files (x86)\Launch Manager\LManager.EXE
    4032 D:\iTunes\iTunesHelper.exe
    4276 C:\Windows\System32\svchost.exe
    4680 C:\Program Files\iPod\bin\iPodService.exe
    5052 dllhost.exe
    4376 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2836 C:\Windows\notepad.exe
    4668 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2036 C:\Windows\notepad.exe
    4892 C:\Windows\System32\SearchProtocolHost.exe
    892 C:\Windows\System32\SearchFilterHost.exe
    1708 C:\Users\ritchies\Desktop\MBRCheck.exe
    2092 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`1c5afa00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000021`6c985800  (NTFS)

PhysicalDrive0 Model Number: ST9250315AS, Rev: 0001SDM1

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
8MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Home Premium Edition
Windows Information:                Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:        Acer
BIOS Manufacturer:                INSYDE
System Manufacturer:                Acer
System Product Name:                Aspire 1810TZ
Logical Drives Mask:                0x0080001c

Kernel Drivers (total 191):
  0x0300B000 \SystemRoot\system32\ntoskrnl.exe
  0x035F4000 \SystemRoot\system32\hal.dll
  0x00BA1000 \SystemRoot\system32\kdcom.dll
  0x00C96000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00CE5000 \SystemRoot\system32\PSHED.dll
  0x00CF9000 \SystemRoot\system32\CLFS.SYS
  0x00E98000 \SystemRoot\system32\CI.dll
  0x00F58000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00E00000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x01028000 \SystemRoot\System32\Drivers\spde.sys
  0x0115C000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x01165000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x01194000 \SystemRoot\system32\drivers\ACPI.sys
  0x011EB000 \SystemRoot\system32\drivers\msisadrv.sys
  0x01000000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E0F000 \SystemRoot\system32\drivers\pci.sys
  0x0100D000 \SystemRoot\System32\drivers\partmgr.sys
  0x011F5000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x00E42000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x00E4E000 \SystemRoot\system32\drivers\volmgr.sys
  0x00D57000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E63000 \SystemRoot\System32\drivers\mountmgr.sys
  0x012E0000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x01200000 \SystemRoot\system32\drivers\atapi.sys
  0x01209000 \SystemRoot\system32\drivers\ataport.SYS
  0x01233000 \SystemRoot\system32\drivers\amdxata.sys
  0x0123E000 \SystemRoot\system32\drivers\fltmgr.sys
  0x0128A000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0129E000 \SystemRoot\system32\DRIVERS\symsnap.sys
  0x01410000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x00C00000 \SystemRoot\System32\Drivers\msrpc.sys
  0x015B3000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01640000 \SystemRoot\System32\Drivers\cng.sys
  0x016B2000 \SystemRoot\System32\drivers\pcw.sys
  0x016C3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x016CD000 \SystemRoot\system32\drivers\ndis.sys
  0x01827000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01887000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01A40000 \SystemRoot\System32\drivers\tcpip.sys
  0x01C44000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01E76000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x01E00000 \SystemRoot\system32\drivers\volsnap.sys
  0x01E4C000 \SystemRoot\System32\Drivers\spldr.sys
  0x01C8E000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01E54000 \SystemRoot\System32\Drivers\mup.sys
  0x01E66000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01CC8000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x025D5000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01D02000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01D45000 \SystemRoot\system32\DRIVERS\klif.sys
  0x01DDB000 \SystemRoot\System32\Drivers\Null.SYS
  0x025F9000 \SystemRoot\System32\Drivers\Beep.SYS
  0x01DE4000 \SystemRoot\System32\drivers\vga.sys
  0x01A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x01A25000 \SystemRoot\System32\drivers\watchdog.sys
  0x01A35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x01DF2000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x019CE000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x019D7000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x019E2000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x019F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x01E6F000 \SystemRoot\system32\DRIVERS\kl2.sys
  0x048EB000 \SystemRoot\system32\drivers\afd.sys
  0x04974000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x049B9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x049C2000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x049E8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x04800000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x04809000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x04818000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x04833000 \SystemRoot\system32\drivers\termdd.sys
  0x04847000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x04898000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x048A4000 \SystemRoot\system32\drivers\mssmbios.sys
  0x048AF000 \SystemRoot\System32\drivers\discache.sys
  0x048BE000 \SystemRoot\System32\Drivers\dfsc.sys
  0x017C0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x017D1000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x01600000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x048DC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x04A94000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
  0x046BD000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x047B1000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04600000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x0460D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x04663000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x04674000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x04698000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
  0x05639000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
  0x05CE6000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x05CF3000 \SystemRoot\system32\drivers\i8042prt.sys
  0x05D11000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
  0x05D1D000 \SystemRoot\system32\drivers\kbdclass.sys
  0x05D2C000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x05D75000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x05D77000 \SystemRoot\system32\drivers\mouclass.sys
  0x05D86000 \SystemRoot\System32\Drivers\am3ud4vw.SYS
  0x05DC8000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x05DD1000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x05DE1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x05600000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x05624000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x0519C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x051CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x04A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x04A21000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x05630000 \SystemRoot\system32\drivers\swenum.sys
  0x04A3B000 \SystemRoot\system32\drivers\ks.sys
  0x04A7E000 \SystemRoot\system32\drivers\umbus.sys
  0x05E8F000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x05EE9000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x0640D000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x05EFE000 \SystemRoot\system32\drivers\portcls.sys
  0x05F3B000 \SystemRoot\system32\drivers\drmk.sys
  0x065EC000 \SystemRoot\system32\drivers\ksthunk.sys
  0x05F5D000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x05F84000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x05FA1000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x00040000 \SystemRoot\System32\win32k.sys
  0x065F2000 \SystemRoot\System32\drivers\Dxapi.sys
  0x05FCF000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x018B2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x05FDD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x05FF0000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00470000 \SystemRoot\System32\TSDDD.dll
  0x00710000 \SystemRoot\System32\cdd.dll
  0x05E00000 \SystemRoot\system32\drivers\luafv.sys
  0x05E23000 \SystemRoot\system32\drivers\WudfPf.sys
  0x05E44000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x03248000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x0329B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x032AE000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x032C6000 \SystemRoot\system32\drivers\HTTP.sys
  0x0338F000 \SystemRoot\system32\DRIVERS\vwifimp.sys
  0x03399000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x033B7000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x033CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x00DB3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x03200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x060CF000 \SystemRoot\system32\drivers\peauth.sys
  0x06175000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x06180000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x061B1000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x061C3000 \SystemRoot\system32\DRIVERS\v2imount.sys
  0x06000000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x07639000 \SystemRoot\System32\DRIVERS\srv.sys
  0x076D1000 \SystemRoot\system32\drivers\tdtcp.sys
  0x076DC000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
  0x076EB000 \SystemRoot\System32\Drivers\RDPWD.SYS
  0x07795000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x77070000 \Windows\System32\ntdll.dll
  0x484C0000 \Windows\System32\smss.exe
  0xFF390000 \Windows\System32\apisetschema.dll
  0xFF060000 \Windows\System32\autochk.exe
  0x76F70000 \Windows\System32\user32.dll
  0xFF270000 \Windows\System32\msctf.dll
  0xFF250000 \Windows\System32\imagehlp.dll
  0xFE4C0000 \Windows\System32\shell32.dll
  0xFE390000 \Windows\System32\rpcrt4.dll
  0xFE260000 \Windows\System32\wininet.dll
  0xFE210000 \Windows\System32\ws2_32.dll
  0xFE170000 \Windows\System32\clbcatq.dll
  0xFE140000 \Windows\System32\imm32.dll
  0xFE0E0000 \Windows\System32\Wldap32.dll
  0xFE0D0000 \Windows\System32\lpk.dll
  0xFE0C0000 \Windows\System32\nsi.dll
  0xFE050000 \Windows\System32\gdi32.dll
  0x77240000 \Windows\System32\psapi.dll
  0x77230000 \Windows\System32\normaliz.dll
  0xFE030000 \Windows\System32\sechost.dll
  0xFDE20000 \Windows\System32\ole32.dll
  0xFDCA0000 \Windows\System32\urlmon.dll
  0xFDC20000 \Windows\System32\difxapi.dll
  0xFDB80000 \Windows\System32\comdlg32.dll
  0xFDB00000 \Windows\System32\shlwapi.dll
  0xFD920000 \Windows\System32\setupapi.dll
  0x76E50000 \Windows\System32\kernel32.dll
  0xFD6C0000 \Windows\System32\iertutil.dll
  0xFD5E0000 \Windows\System32\advapi32.dll
  0xFD510000 \Windows\System32\usp10.dll
  0xFD470000 \Windows\System32\msvcrt.dll
  0xFD390000 \Windows\System32\oleaut32.dll
  0xFD350000 \Windows\System32\cfgmgr32.dll
  0xFD2B0000 \Windows\System32\comctl32.dll
  0xFD290000 \Windows\System32\devobj.dll
  0xFD220000 \Windows\System32\KernelBase.dll
  0xFD0B0000 \Windows\System32\crypt32.dll
  0xFD070000 \Windows\System32\wintrust.dll
  0xFD060000 \Windows\System32\msasn1.dll
  0x76C20000 \Windows\SysWOW64\normaliz.dll

Processes (total 68):
      0 System Idle Process
      4 System
    364 C:\Windows\System32\smss.exe
    500 csrss.exe
    540 C:\Windows\System32\wininit.exe
    552 csrss.exe
    588 C:\Windows\System32\services.exe
    628 C:\Windows\System32\winlogon.exe
    636 C:\Windows\System32\lsass.exe
    644 C:\Windows\System32\lsm.exe
    780 C:\Windows\System32\svchost.exe
    856 C:\Windows\System32\svchost.exe
    936 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    872 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\spoolsv.exe
    1264 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\svchost.exe
    1408 C:\Windows\System32\taskhost.exe
    1528 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1640 C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    1868 C:\Windows\System32\dwm.exe
    1904 C:\Windows\explorer.exe
    2044 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1096 C:\Windows\System32\svchost.exe
    1512 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    1752 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
    1576 C:\Windows\System32\svchost.exe
    1932 D:\Norton Ghost\Agent\VProSvc.exe
    2172 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    2200 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    2248 C:\Windows\System32\svchost.exe
    2316 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    2420 C:\Windows\System32\svchost.exe
    2444 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2552 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2892 C:\Windows\System32\SearchIndexer.exe
    2924 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3456 C:\Windows\notepad.exe
    3672 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3712 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3724 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    3740 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3816 C:\Windows\System32\igfxtray.exe
    3824 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3848 C:\Windows\System32\hkcmd.exe
    3880 C:\Windows\System32\igfxpers.exe
    3904 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    3948 C:\Windows\System32\igfxsrvc.exe
    3112 C:\Windows\System32\igfxext.exe
    960 C:\Windows\System32\wbem\unsecapp.exe
    3532 WmiPrvSE.exe
    3176 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    700 C:\Program Files (x86)\Launch Manager\LManager.EXE
    4032 D:\iTunes\iTunesHelper.exe
    4276 C:\Windows\System32\svchost.exe
    4680 C:\Program Files\iPod\bin\iPodService.exe
    5052 dllhost.exe
    4376 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2836 C:\Windows\notepad.exe
    4668 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2036 C:\Windows\notepad.exe
    4892 C:\Windows\System32\SearchProtocolHost.exe
    892 C:\Windows\System32\SearchFilterHost.exe
    1708 C:\Users\ritchies\Desktop\MBRCheck.exe
    2092 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000d`1c5afa00  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000021`6c985800  (NTFS)

PhysicalDrive0 Model Number: ST9250315AS, Rev: 0001SDM1

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Ich hoffe, das wars jetzt und kann mir mal jemand erklären, was ich hier überhaupt getan habe??:wtf:

Gruß und danke!

Mark

M-K-D-B 23.05.2011 13:59
Hallo Mark,


Zitat:
Logfile OTL (Extras.txt wurde nicht gespeichert?!? daher ohne)
Wenn du OTL 1:1 genau so ausgeführt hast, wie ich beschrieben habe, dann wird auch eine Datei Extras.txt erstellt. :)
Aber wir versuchen das später gleich noch mal.


Zitat:
Zitat von 033261 (Beitrag 662219)
Ich hoffe, das wars jetzt...
Warum so ungeduldig? Ich kann doch davon ausgehen, dass du mit mir bis zum Schluss weiter arbeitest, oder?
Wir wollen doch sicher stellen, dass keine Malware mehr auf deinem Rechner ist. :)


Zitat:
Zitat von 033261 (Beitrag 662219)
Ich habe zwar keine Ahnung, was ich hier tue... aber was solls...:crazy:
Zitat:
Zitat von 033261 (Beitrag 662219)
... und kann mir mal jemand erklären, was ich hier überhaupt getan habe??:wtf:
Das kann ich dir schlecht in ein paar Worten sagen, aber ich versuchs trotzdem mal:
Ich setze spezielle Analyse- und Bereinigungsprogramme ein, um die von dir beschriebenen Probleme zu beheben und Malware zu entfernen.
Das Erlernen des Auswertens solcher Daten erfordert ein Studium von mehreren Monaten. Bist du daran noch mehr interessiert? Wenn ja, lass es mich bitte wisssen.





Schritt # 1: Fix mit OTL
Code:
:OTL
DRV - (vaszok) -- C:\Windows\system32\drivers\bepyqh.sys ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Commands
[emptytemp]
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
Downloade Dir bitte Malwarebytes' Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.




Schritt # 3: Java deinstallieren/neu installieren
  • Schließe alle Internet Browser.
  • Folge dem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
  • Deinstalliere bitte Java(TM) 6 Update 23
  • Lade dir anschließend Java(TM) 6 Update 25 von hier auf deinen Desktop.
  • Installiere anschließend die neue Version mit Rechtsklick -> Als Administrator ausführen




Schritt # 4: ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%ProgramFiles%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.





Schritt # 5: Systemscan mit OTL
  • Starte bitte OTL.exe.
  • Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
  • Poste die OTL.txt und die Extras.txt hier in deinen Thread.




Schritt # 6: Durchführung einer Sicherheitskontrolle
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
  • Poste den Inhalt bitte hier.




Schritt # 7: Fragen beantworten
Bitte beantworte mir folgende Fragen:
  • Wirst du bei Google immer noch auf Werbeseiten geleitet?
  • Wie läuft dein Rechner derzeit?
  • Gibt es noch irgendwelche Probleme?




Schritt # 8: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das Logfile des OTL-Fix,
  • das Logfile von MBAM,
  • das Logfile des ESET Online Scanners
  • die beiden Logfiles von OTL (OTL.txt und Extras.txt),
  • das Logfile von SecurityCheck und
  • die Beantwortung der gestellten Fragen.

033261 24.05.2011 23:39
Also... nach div. Stunden des Wartens, hier die ersten Ergebnisse:

OTL-Fix Protokoll:

[CODE]
All processes killed
========== OTL ==========
Service vaszok stopped successfully!
Service vaszok deleted successfully!
File C:\Windows\system32\drivers\bepyqh.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: ritchies
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19941724 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 96780 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 232984 bytes

Total Files Cleaned = 19,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05232011_220707

Files\Folders moved on Reboot...
C:\Users\ritchies\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\klsE621.tmp not found!

Registry entries deleted on Reboot...
[\CODE]


Logfile MBAM

[CODE]
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6657

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

23.05.2011 22:18:39
mbam-log-2011-05-23 (22-18-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 167209
Laufzeit: 5 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

[\CODE]

ESET Logfile (hatte 6 Treffer):

[CODE]
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=7702eaa55d88d74a90c9130346adc1c6
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-23 08:31:30
# local_time=2011-05-23 10:31:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 610739 610739 0 0
# compatibility_mode=5893 16776573 100 94 171303 57812534 0 0
# compatibility_mode=8192 67108863 100 0 115 115 0 0
# scanned=232
# found=0
# cleaned=0
# scan_time=5
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=7702eaa55d88d74a90c9130346adc1c6
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-23 09:27:29
# local_time=2011-05-23 11:27:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 610794 610794 0 0
# compatibility_mode=5893 16776573 100 94 171358 57812589 0 0
# compatibility_mode=8192 67108863 100 0 170 170 0 0
# scanned=57724
# found=1
# cleaned=0
# scan_time=3310
C:\Program Files (x86)\Common Files\Nero\AdvrCntr4\patch.exe Win32/Agent.QKL trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=7702eaa55d88d74a90c9130346adc1c6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-24 10:14:31
# local_time=2011-05-25 12:14:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 690378 690378 0 0
# compatibility_mode=5893 16776573 100 94 250942 57892173 0 0
# compatibility_mode=8192 67108863 100 0 79754 79754 0 0
# scanned=205046
# found=6
# cleaned=0
# scan_time=12948
C:\Program Files (x86)\Common Files\Nero\AdvrCntr4\patch.exe Win32/Agent.QKL trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\05222011_221000\C_Users\ritchies\AppData\Local\advMainserv\acxNetdrm.dll a variant of Win32/Sefnit.BE trojan (unable to clean) 00000000000000000000000000000000 I
D:\Nero\Nero 9\Nero Burning ROM\patch.exe Win32/Agent.QKL trojan (unable to clean) 00000000000000000000000000000000 I
D:\Treiber und Setups\Ahead Nero 9 Reloaded v9.4.17.0 Multilanguage Dvd-Restore.iso Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
D:\Treiber und Setups\Ahead Nero 9 Reloaded v9.4.17.0 Multilanguage Dvd-Restore\BackItUp and Burn\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
E:\Dokumente\patch.txt.exe Win32/Agent.QKL trojan (unable to clean) 00000000000000000000000000000000 I

[\CODE]

OTL Log (hat erneut KEINE EXTRAS.txt erstellt!):

OTL Logfile:
Code:
OTL logfile created on: 25.05.2011 00:24:45 - Run 3
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\ritchies\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,34 Gb Total Space | 7,19 Gb Free Space | 17,82% Space Free | Partition Type: NTFS
Drive D: | 81,25 Gb Total Space | 64,18 Gb Free Space | 78,99% Space Free | Partition Type: NTFS
Drive E: | 99,19 Gb Total Space | 65,03 Gb Free Space | 65,57% Space Free | Partition Type: NTFS
Drive X: | 915,91 Gb Total Space | 793,73 Gb Free Space | 86,66% Space Free | Partition Type: NTFS
 
Computer Name: RITCHIESNB | User Name: ritchies | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ritchies\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - D:\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\ritchies\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (HFGService) -- C:\Windows\SysNative\HFGService.dll (CSR, plc)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (Norton Ghost) -- D:\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (StarWindServiceAE) -- d:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (SCL01164) -- C:\Windows\SysNative\drivers\SCL01164.sys (SCM Microsystems Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (BthAudioHF) -- C:\Windows\SysNative\drivers\BthAudioHF.sys (CSR, plc)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AF05BDA) -- C:\Windows\SysNative\drivers\AF05BDA.sys (AfaTech                  )
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (symsnap) -- C:\Windows\SysNative\drivers\symsnap.sys (StorageCraft)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.)
DRV:64bit: - (VProEventMonitor) -- C:\Windows\SysNative\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (v2imount) -- C:\Windows\SysNative\drivers\v2imount.sys (Symantec Corporation)
DRV:64bit: - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\SysNative\drivers\AF15BDA.sys (AfaTech                  )
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273602101406l0353z105t4821a81p
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.07 22:09:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: D:\AusweisApp\mozilla\AusweisApp_FF3x_Win [2011.01.03 20:05:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.03 21:23:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.18 18:36:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.07 22:09:50 | 000,000,000 | ---D | M]
 
[2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Extensions
[2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Extensions\{a23983c0-fd0e-11dc-95ff-0800200c9a66}
[2010.06.17 22:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Fennec\Profiles\8vrehq32.default\extensions
[2011.04.23 15:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ritchies\AppData\Roaming\mozilla\Firefox\Profiles\f7zrzodg.default\extensions
[2011.04.23 15:48:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\ritchies\AppData\Roaming\mozilla\Firefox\Profiles\f7zrzodg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.05.23 22:27:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.15 14:58:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.24 18:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.23 22:27:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2010.02.27 22:33:26 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2011.05.03 21:23:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.23 22:26:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.03 21:23:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.03 21:23:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.03 21:23:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.03 21:23:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.03 21:23:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.03 21:23:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.22 22:36:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - D:\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - D:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - Reg Error: Key error. -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.23 22:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.05.23 22:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.05.23 22:27:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.05.23 22:27:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.05.23 22:27:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.05.23 22:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.05.23 22:12:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.23 22:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.23 22:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.22 23:01:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.22 22:58:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.05.22 22:19:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.22 22:19:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.22 22:19:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.22 22:19:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.22 22:19:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.22 22:18:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.22 22:10:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.22 12:03:29 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\ritchies\Desktop\aswMBR.exe
[2011.05.22 10:44:35 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\ritchies\Desktop\OTL.exe
[2011.05.19 22:10:52 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2011.05.17 22:27:43 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Local\RapidSolution
[2011.05.16 20:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2011
[2011.05.13 07:47:05 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.05.13 07:47:05 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.05.12 21:43:41 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.05.12 21:43:40 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.05.12 21:43:40 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.05.12 21:43:39 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.05.12 21:43:38 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.05.04 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\Download Manager
[2011.05.02 21:11:25 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\Malwarebytes
[2011.05.02 21:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.02 21:11:06 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.01 22:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.30 08:13:38 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.04.30 08:13:37 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.04.30 08:13:36 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.04.30 08:13:36 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.04.30 08:13:36 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.04.30 08:13:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.04.30 08:13:36 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.04.30 08:13:30 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.30 08:13:29 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.30 08:13:28 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.04.30 08:13:28 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.04.30 08:13:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011.04.30 08:13:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011.04.28 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\ritchies\AppData\Roaming\dvdcss
[2009.10.23 08:50:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.25 00:02:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.24 20:45:19 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.24 20:36:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.23 22:26:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.05.23 22:26:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.05.23 22:26:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.05.23 22:26:53 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.05.23 22:15:53 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 22:15:53 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.23 22:12:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.23 22:08:10 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.22 23:07:09 | 000,080,384 | ---- | M] () -- C:\Users\ritchies\Desktop\MBRCheck.exe
[2011.05.22 22:36:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.05.22 22:08:18 | 004,352,705 | R--- | M] () -- C:\Users\ritchies\Desktop\ComboFix.exe
[2011.05.22 12:04:47 | 000,000,512 | ---- | M] () -- C:\Users\ritchies\Desktop\MBR.dat
[2011.05.22 12:03:32 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\ritchies\Desktop\aswMBR.exe
[2011.05.22 10:44:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ritchies\Desktop\OTL.exe
[2011.05.21 23:56:08 | 000,002,014 | -H-- | M] () -- E:\Dokumente\Default.rdp
[2011.05.21 22:52:07 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2011.05.16 22:12:18 | 000,000,712 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.05.16 21:40:52 | 000,151,619 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.05.16 21:40:51 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.05.16 20:47:03 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.16 20:47:03 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.16 20:47:03 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.16 20:47:03 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.16 20:47:03 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.15 19:27:11 | 000,151,080 | ---- | M] () -- E:\Dokumente\cc_20110515_192702.reg
[2011.05.15 18:58:41 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2011.05.14 16:09:04 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.04.28 21:15:23 | 000,000,142 | ---- | M] () -- C:\Users\ritchies\AppData\Roaming\default.rss
[2011.04.28 21:15:07 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.04.26 19:33:48 | 000,026,702 | ---- | M] () -- C:\Users\ritchies\Desktop\Ikea_Einkaufsliste.pdf
 
========== Files Created - No Company Name ==========
 
[2011.05.23 22:12:38 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.22 23:07:08 | 000,080,384 | ---- | C] () -- C:\Users\ritchies\Desktop\MBRCheck.exe
[2011.05.22 22:19:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.22 22:19:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.22 22:19:40 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.22 22:19:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.22 22:19:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.22 22:07:46 | 004,352,705 | R--- | C] () -- C:\Users\ritchies\Desktop\ComboFix.exe
[2011.05.22 12:04:47 | 000,000,512 | ---- | C] () -- C:\Users\ritchies\Desktop\MBR.dat
[2011.05.16 22:12:18 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.05.15 19:27:06 | 000,151,080 | ---- | C] () -- E:\Dokumente\cc_20110515_192702.reg
[2011.05.15 18:58:41 | 000,000,000 | ---- | C] () -- C:\backup.reg
[2011.05.03 21:20:43 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.26 19:33:48 | 000,026,702 | ---- | C] () -- C:\Users\ritchies\Desktop\Ikea_Einkaufsliste.pdf
[2011.03.05 20:16:55 | 000,000,572 | ---- | C] () -- C:\Windows\wiso.ini
[2010.12.10 18:53:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010.07.25 18:06:48 | 000,007,601 | ---- | C] () -- C:\Users\ritchies\AppData\Local\Resmon.ResmonCfg
[2010.06.11 20:20:01 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll
[2010.05.21 18:59:25 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.05.21 18:59:25 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.05.10 22:04:29 | 000,005,632 | ---- | C] () -- C:\Users\ritchies\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.22 17:48:26 | 000,000,139 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI
[2010.03.06 23:11:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.03.06 23:10:21 | 000,000,142 | ---- | C] () -- C:\Users\ritchies\AppData\Roaming\default.rss
[2010.03.06 23:10:21 | 000,000,000 | ---- | C] () -- C:\Users\ritchies\AppData\Roaming\downloads.m3u
[2010.02.28 14:59:20 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.02.28 14:59:20 | 000,000,008 | RHS- | C] () -- C:\ProgramData\BD6B8941C5.sys
[2010.02.28 13:33:42 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.27 21:31:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.23 09:23:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.10.23 09:23:48 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.10.23 09:23:48 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.10.23 09:23:47 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.24 12:41:58 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2008.10.24 12:41:58 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2008.01.10 10:44:01 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.01.10 10:44:01 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2008.01.10 10:44:01 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2007.10.05 20:29:00 | 000,003,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\EC168Hid.dat
[2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll

< End of report >
--- --- ---



Logfile Securitycheck:

[CODE] Results of screen317's Security Check version 0.99.11
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
Kaspersky Anti-Virus 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 25
Adobe Flash Player 10.2.159.1
Adobe Reader X (10.0.1) - Deutsch
Mozilla Firefox (x86 de..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Kaspersky Lab Kaspersky Anti-Virus 2011 avp.exe
``````````End of Log````````````
[\CODE]

Ob nach wie vor sporadisch Werbung erscheint, muss ich noch testen. Kann ein bis zwei Tage dauern. Werde berichten.
Rechner läuft - soweit ich das aktuell beurteilen kann - normal.

Gute Nacht!

Mark

M-K-D-B 25.05.2011 13:37
Hallo Mark,





Schritt # 1: Benutzerkontensteuerung aktivieren
  • Klicke auf Start
  • Gib unten in die Suchleiste folgendes ein:
    Code:
    msconfig
  • Klicke Enter
  • Wähle den Tab Tools aus.
  • Wähle den Eintrag UAC-Einstellungen ändern aus
  • Klicke auf Starten
  • Wähle mindestens die zweite Einstellung von oben aus und klicke auf Ok.
  • Bestätige die Änderungen gegebenenfalls mit Ja.
  • Schließe das Fenster wieder.




Schritt # 2: Wichtige Updates
  • Lade dir bitte von hier den Internet Explorer 9 (64 Bit Version) auf deinen Desktop und installiere die neue Version.




Schritt # 3: Fragen beantworten
Bitte beantworte mir folgende Fragen:
  • Erscheint immer noch Werbung?
  • Wie erklärst du mir die Tatsache, das ESET in Nero einen Trojaner findet? :)
    Zitat:
    C:\Program Files (x86)\Common Files\Nero\AdvrCntr4\patch.exe Win32/Agent.QKL trojan
    D:\Nero\Nero 9\Nero Burning ROM\patch.exe Win32/Agent.QKL trojan
    E:\Dokumente\patch.txt.exe Win32/Agent.QKL trojan




Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • die Beantwortung der gestellten Fragen.

033261 25.05.2011 18:10
Hallo!

Benutzerkontensteuerung ist aktiviert.

IE9 habe ich bisher nicht runtergeladen, da ich den IE nicht nutze. Ich nutze zum Browsen ausschließlich den Firefox (aktuell 4.01). Muss/Soll ich den IE9 dennoch installieren? Ich bin i. d. R. kein IE-Freund...

Trojaner im Nero?? Eine gute Frage. Nutze Nero schon seit Zenturien und hatte nie Probleme damit.

Unerwünschte Werbung kam bisher nicht. Es wäre m. E. aber noch zu früh um komplett Entwarnung geben zu können, glaube ich.

Mark

M-K-D-B 25.05.2011 19:02
Hallo Mark,


Zitat:
Zitat von 033261 (Beitrag 663574)
IE9 habe ich bisher nicht runtergeladen, da ich den IE nicht nutze. Ich nutze zum Browsen ausschließlich den Firefox (aktuell 4.01). Muss/Soll ich den IE9 dennoch installieren? Ich bin i. d. R. kein IE-Freund...
Auch wenn du den IE nicht nutzt, sollte dieser aktuell sein. Zum einen für den Fall, dass man doch mit dem IE ins Internet geht, wenn Firefox nicht funktioniert. Zum anderen gibt es Programme, die sich über den IE aktualisieren bzw. darüber/darauf laufen.


Zitat:
Zitat von 033261 (Beitrag 663574)
Unerwünschte Werbung kam bisher nicht. Es wäre m. E. aber noch zu früh um komplett Entwarnung geben zu können, glaube ich.
Ich denke, wir sind hier durch. :)



Für gewöhnlich beende ich die Unterstützung sofort, wenn ich Anzeichen für illegale Software finde. Da wir mit der Bereinigung (bis auf die Trojaner in Nero) fertig sind, empfehle ich dir, die infizierten Dateien zu entfernen und in Zukunft die Finger davon zu lassen!





Schritt # 1: ComboFix deinstallieren
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücken. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
Combofix /Uninstall
http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt # 2: Systembereinigung mit OTL
Als Nächstes müssen wir alle Programme, die zur Malwarebeseitigung notwendig waren, entfernen:
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Button Bereinigung.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.




Schritt # 3: Programme deinstallieren/löschen
  • Deinstalliere/Lösche gegebenenfalls weitere Dateien und Programme, die wir verwendet haben, manuell, falls sie noch nicht von deinem Rechner entfernt wurden.




Schritt # 4: ESET Online Scanner
  • Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen.
  • Möchtest Du ESET denoch deinstallieren:
    Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
    Code:
    "%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
  • Drücke OK.




Schritt # 5: Windows Update aktivieren
Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.
  • Windows + R Taste drücken.
  • Kopiere nun folgenden Text in die Kommandozeile:
    Code:
    RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl
  • Klicke auf Ok.
  • Stelle sicher, dass die automatischen Updates aktiviert sind.
  • Downloade und installiere gegebenenfalls alle verfügbaren Updates.




Schritt # 6: Schutz vor weiteren Infektionen
Damit du in Zukunft vor ähnlichen Infektionen geschützt bist, empfehle ich dir noch ein paar nützliche Programme inklusive ein paar Tipps.
  • Vergewissere dich, dass dein Virenscanner stets aktuell ist und regelmäßig Updates erhält.
  • Daneben empfehle ich dir die Verwendung eines der folgenden Anti-Malware tools:
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Eine Einführung findest du hier
  • Öffne keine E-Mails oder deren Anhänge, wenn du den Absender nicht kennst!
  • Verwende keine Filesharing Programme, da damit sehr oft Malware übertragen wird!
  • Verwende keine Keygens, Cracks, Cheats, etc.!
  • Halte ALLE deine Programme aktuell, z. B. mit dem Online Secunia Inspector!



Zitat:
Zitat von 033261 (Beitrag 663574)
Trojaner im Nero?? Eine gute Frage. Nutze Nero schon seit Zenturien und hatte nie Probleme damit.
Die Funde weisen darauf hin, dass deine Version von Nero illegal ist. Laut ESET ist Nero mit einem Trojaner infiziert.
Bitte lesen: Cracks, Keygens und andere illegale Software


Dateien, wie crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte.

Außerdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf
Anleitung zum Neu aufsetzten.

Damit ist das Thema beendet.

033261 25.05.2011 20:44
Update: Neues Problem. Firefox geht, geht nicht, geht, geht nicht... Übersetzt. Findet keine Internetseiten (egal welche). :-(

M-K-D-B 26.05.2011 20:03
Hallo Mark,

es scheint, als hättest du meinen letzten Post entweder nicht vollständig gelesen oder du verstehst mich nicht.

In einem deiner Logfiles wurde folgendes beanstandet:
Zitat:
C:\Program Files (x86)\Common Files\Nero\AdvrCntr4\patch.exe Win32/Agent.QKL trojan
D:\Nero\Nero 9\Nero Burning ROM\patch.exe Win32/Agent.QKL trojan
E:\Dokumente\patch.txt.exe Win32/Agent.QKL trojan
Dies sind eindeutige Hinweise auf die Verwendung von illegaler Software.

Bitte lesen: Cracks, Keygens und andere illegale Software

Die einzige Hilfe, die Leute in diesem Forum bei Anzeichen von illegaler Software bekommen, ist folgende:
Anleitung zum Neu aufsetzten


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131