Live Security Platinum - muss ich meinen Computer neu aufsetzen?

Pechvogel44 · 09.08.2012, 21:28

Ich hatte mir den Live Security Platinum eingefangen: gefakte Fehlermeldungen, Programme starteten nicht weil sie angeblich infiziert waren usw. Antivir hat ihn nicht gefunden

Verantwortlich war wohl die folgende EXE:
C:\ProgramData\7531CC92180D040D00001731F875F002.exe

Die wollte ich dann mit ERASER löchen, das Programm ist aber nicht richtig gestartet. Bei dem nächsten Hochfahren wurde die EXE dann aber doch gelöscht (vieleicht hat ERASER sie ja doch noch in die Taskliste aufgenommen - anders kann ich mir das nicht erklären).

Seitdem ist Ruhe. Malwarebytes hat zwar einiges gefunden, aber wohl nicht den Live Security. ESET auch nicht.

Kann ich mich drauf verlassen, dass mein System wieder sauber ist, oder womit ist zu rechnen?

Hier das Malwarebytes-Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Hartmut :: ACE [limited]

Protection: Enabled

08.08.2012 21:28:24
mbam-log-2012-08-08 (21-28-24).txt

Scan type: Full scan (C:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347516
Time elapsed: 1 hour(s), 14 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\AG12FULL.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\OGG.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBIS.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBISENC.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBISFILE.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:53273 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
E:\Downloads\SoftonicDownloader_fuer_fairstars-cd-ripper.exe (PUP.OfferBundler.ST) -> No action taken.
E:\Downloads\SoftonicDownloader_fuer_hydrogen.exe (PUP.OfferBundler.ST) -> No action taken.
E:\Downloads\SoftonicDownloader_fuer_ordrumbox.exe (PUP.OfferBundler.ST) -> No action taken.
C:\Program Files\ag12full.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\ogg.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbis.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbisenc.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbisfile.dll (Spyware.OnlineGames) -> Delete on reboot.

(end)

Pechvogel44 · 11.08.2012, 10:24

Liebe Boardgemeinde,

ich hab ja eigentlich gedacht, die von Malwarebites gefunden Dateien sind weg ("C:\Program Files\vorbis.dll (Spyware.OnlineGames) -> Delete on reboot." usw.). Bei einem neues Scan von heute erscheinen die aber alle wieder im Log.

Kann mir jemand erklären, wie das kommt?
Was tun die?
Und: was kann ich tun? Neu aufsetzen würde ich mir gerne sparen.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Hartmut :: ACE [limited]

Protection: Disabled

11.08.2012 09:46:04
mbam-log-2012-08-11 (09-46-04).txt

Scan type: Full scan (C:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 360697
Time elapsed: 1 hour(s), 17 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\AG12FULL.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\OGG.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBIS.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBISENC.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\VORBISFILE.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Program Files\ag12full.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\ogg.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbis.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbisenc.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbisfile.dll (Spyware.OnlineGames) -> Delete on reboot.

(end)

Nach Neustart sind die Dateien immer noch drauf. Ich versteh das nicht...

C:\Program Files\ag12full.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\ogg.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbis.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbisenc.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\vorbisfile.dll (Spyware.OnlineGames) -> Delete on reboot.

Ich hätte gedacht, die sind dann gelöscht?
Was ist das eigentlich? Sind das Programmbilbliotheken, die ich brauche, die aber inzwischen infiziert sind oder reine Virus-Libs? Oder Fehl-Alarme?
Kann/sollte ich die von Hand löschen? Oder durch neu runtergeladene Versionen ersetzten?

Bitte um Hilfe! Bin völlig ratlos...

Schon mal danke für Eure Mühe...

Hier noch das OTL-Log (OTL.txt):

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.08.2012 13:22:29 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 56,15% Memory free
7,36 Gb Paging File | 5,59 Gb Available in Paging File | 75,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292,10 Gb Total Space | 230,62 Gb Free Space | 78,95% Space Free | Partition Type: NTFS
Drive E: | 290,97 Gb Total Space | 50,99 Gb Free Space | 17,53% Space Free | Partition Type: NTFS
 
Computer Name: ACE | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.09 23:07:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2012.08.08 20:41:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.18 22:26:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.18 22:26:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.04.17 07:57:08 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.03.09 01:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 15:50:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 21:35:04 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.26 17:58:42 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll
MOD - [2012.05.20 13:27:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.20 13:26:42 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.20 13:26:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.20 13:26:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.20 13:26:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.20 13:26:16 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.03.09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.01.13 10:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010.04.21 01:34:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.08.02 20:46:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.18 22:26:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.18 22:26:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.04.23 10:46:04 | 000,820,768 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.04.22 19:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2010.04.17 07:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.03.26 11:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.09.30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.18 22:26:32 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.18 22:26:32 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.16 19:42:06 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.04.21 03:15:04 | 006,406,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.04.21 00:39:36 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.04.21 00:08:04 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.04.07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.01 10:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.03.17 16:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010.03.05 12:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.01 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.14 22:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.26 08:17:04 | 000,245,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.01.13 17:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.13 17:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.12.22 03:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.12.07 13:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 14:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.05 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_4820g&r=27361010r806l0413z175t46n1m315
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\SearchScopes\{02320607-53B7-43D2-ACE1-8C7FB09F71E8}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62707
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62707
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.12 21:57:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.10 19:53:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.10 19:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.10.16 15:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Extensions
[2010.10.16 15:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.29 12:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wu.default\extensions
[2011.08.30 21:49:25 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 12:07:38 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wu.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.11.06 18:23:24 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wu.default\extensions\plugin@yontoo.com
[2011.11.06 18:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions
[2010.12.28 14:46:02 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.07.01 22:18:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.16 15:37:20 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.11.06 18:23:24 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\ADMIN.Ace\AppData\Roaming\mozilla\Firefox\Profiles\wvfcx3wuxxxxx.defaultx\extensions\plugin@yontoo.com
[2010.08.27 23:04:54 | 000,000,943 | ---- | M] () -- C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\searchplugins\conduit.xml
[2010.11.03 20:53:19 | 000,001,196 | ---- | M] () -- C:\Users\ADMIN.Ace\AppData\Roaming\Mozilla\Firefox\Profiles\wvfcx3wu.default\searchplugins\winamp-search.xml
[2012.03.29 12:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.29 12:21:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.12 21:57:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.29 12:21:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.03.31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 13:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012.03.12 21:57:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 21:57:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.12 21:57:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.12 21:57:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.12 21:57:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.12 21:57:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-826733488-1499186410-3467009736-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-826733488-1499186410-3467009736-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-7IDC5.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk =  File not found
F3:64bit: - HKU\S-1-5-21-826733488-1499186410-3467009736-1003 WinNT: Load - (C:\Users\ADMIN.Ace\AppData\Roaming\CEB8E\lvvm.exe) -  File not found
F3 - HKU\S-1-5-21-826733488-1499186410-3467009736-1003 WinNT: Load - (C:\Users\ADMIN.Ace\AppData\Roaming\CEB8E\lvvm.exe) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ADMIN.Ace\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ADMIN.Ace\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.92.86 62.109.123.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF837FD0-1A65-4B8C-8C4C-667202EE7D06}: DhcpNameServer = 213.191.92.86 62.109.123.7
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-826733488-1499186410-3467009736-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-826733488-1499186410-3467009736-1003 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.08 21:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.08 20:54:17 | 000,000,000 | ---D | C] -- C:\Users\ADMIN.Ace\AppData\Roaming\Malwarebytes
[2012.08.08 20:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.08 20:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.08 20:54:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.08 20:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.04 12:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC92180D040D00001731F875F002
[2005.07.04 17:35:43 | 000,155,648 | ---- | C] (Illustrate) -- C:\Program Files\WMA8Connect.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.11 13:01:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.11 12:46:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.11 11:39:32 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.11 11:38:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 11:38:45 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 11:31:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.11 11:31:05 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.11 09:43:00 | 000,711,240 | ---- | M] () -- C:\Windows\is-7IDC5.exe
[2012.08.11 09:43:00 | 000,012,842 | ---- | M] () -- C:\Windows\is-7IDC5.msg
[2012.08.11 09:43:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.11 09:43:00 | 000,000,429 | ---- | M] () -- C:\Windows\is-7IDC5.lst
[2012.08.02 20:46:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.02 20:46:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.27 20:39:04 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 20:39:04 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 20:39:04 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 20:39:04 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 20:39:04 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.12 21:26:03 | 000,317,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.11 09:43:00 | 000,711,240 | ---- | C] () -- C:\Windows\is-7IDC5.exe
[2012.08.11 09:43:00 | 000,012,842 | ---- | C] () -- C:\Windows\is-7IDC5.msg
[2012.08.11 09:43:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.11 09:43:00 | 000,000,429 | ---- | C] () -- C:\Windows\is-7IDC5.lst
[2011.07.14 22:34:06 | 000,000,309 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2011.04.20 21:05:29 | 000,002,849 | ---- | C] () -- C:\Windows\CDPLAYER.INI
[2010.12.28 19:41:23 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.16 15:07:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.06 14:22:11 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2005.07.04 17:35:43 | 001,309,668 | ---- | C] () -- C:\Program Files\Line-In.pdf
[2005.07.04 17:35:43 | 000,138,240 | ---- | C] () -- C:\Program Files\vorbis.dll
[2005.07.04 17:35:43 | 000,064,000 | ---- | C] () -- C:\Program Files\vorbisenc.dll
[2005.07.04 17:35:43 | 000,044,863 | ---- | C] () -- C:\Program Files\German.lng
[2005.07.04 17:35:43 | 000,043,771 | ---- | C] () -- C:\Program Files\Italian.lng
[2005.07.04 17:35:43 | 000,042,533 | ---- | C] () -- C:\Program Files\Spanish.lng
[2005.07.04 17:35:43 | 000,011,776 | ---- | C] () -- C:\Program Files\vorbisfile.dll
[2005.07.04 17:35:43 | 000,009,216 | ---- | C] () -- C:\Program Files\ogg.dll
[2005.07.04 17:35:42 | 000,899,072 | ---- | C] () -- C:\Program Files\audiograbber.exe
[2005.07.04 17:35:42 | 000,178,412 | ---- | C] () -- C:\Program Files\Erste_Schritte.pdf
[2005.07.04 17:35:42 | 000,046,092 | ---- | C] () -- C:\Program Files\French.lng
[2005.07.04 17:35:42 | 000,036,352 | ---- | C] () -- C:\Program Files\ag12full.dll
[2005.07.04 17:35:42 | 000,004,768 | ---- | C] () -- C:\Program Files\audiograbber.ini
[2005.07.04 17:35:42 | 000,000,760 | ---- | C] () -- C:\Program Files\audiograbber.apr
[2005.07.04 17:35:42 | 000,000,386 | ---- | C] () -- C:\Program Files\Auto.Nam
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728

< End of report >

--- --- ---

Und defoger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:53 on 11/08/2012 (ADMIN)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

und Extra.txt
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 11.08.2012 13:22:29 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 56,15% Memory free
7,36 Gb Paging File | 5,59 Gb Available in Paging File | 75,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292,10 Gb Total Space | 230,62 Gb Free Space | 78,95% Space Free | Partition Type: NTFS
Drive E: | 290,97 Gb Total Space | 50,99 Gb Free Space | 17,53% Space Free | Partition Type: NTFS
 
Computer Name: ACE | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = Regedit.Document] -- Reg Error: Key error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = Regedit.Document] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F162CA-A719-41BE-A80B-8B8C6B165450}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{03C8940B-1479-4298-8AB6-2279C7B4C66E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2967A918-928F-4F46-90ED-E9CB5D3270C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39E3F726-4971-40D8-BC06-61E5FB619050}" = rport=138 | protocol=17 | dir=out | app=system | 
"{480C013A-6AA4-44B8-8931-FEE10CCAAD8B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{57A7B0DF-6281-4C36-A938-20F3A94693A2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5ACE66B5-6375-4356-AC79-B2F64433E72C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5D080C0F-5A3B-4FC0-B75B-1E86496896FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{629D1B6C-7B8A-4D61-BD72-C8A9302C9440}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6D203CBA-71F8-4C32-ACF5-BFECDA58BCD6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F16D5E1-7357-4C02-9D30-3C6ECC17A008}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7CE94DFB-58A9-4105-AABF-402FA8BB9640}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8A6C497C-B7C6-42E1-B018-4EAE30BED61E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{96F5E45E-6DC2-4200-A3B4-23401675F068}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9FDDB417-5255-4686-AABF-54CA23259E7A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A2B97CC1-869D-4D81-BA96-15C498D02B7A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A47C06F1-99CA-4C3A-BAB6-3385327DDDD0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AA060057-87B6-4411-BD42-416548EAAE50}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ACBC417F-0D0F-43EF-BEF8-70E8E4AFF14A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C480AE4A-31E4-4DCC-B131-71865772FE89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D282AA03-1722-4792-968B-46F0E39EE813}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D6E0D3FE-9844-4BFF-9DE4-950824FE9C04}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E2AB02EB-EF3A-4451-9D02-FC85141F6004}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D9E77-1B23-47FD-AAA0-BD3FF8B1F251}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{01734965-6C8C-4C9E-B9C7-559C222B5BEB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{03D5296B-D012-4A51-AB93-F5E0DB526BD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{05C0FECD-C84D-46EC-B5DC-E85D812664D7}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{0796E8DB-C9DE-49BF-9CAE-306A3B9843AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{07CF42C1-30ED-4641-998B-E01B28C389C6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{07E1688E-7BEE-4F34-9A81-82B497944634}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0C294ED9-9440-4219-9B50-64BF3A003F93}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{0F588178-0D21-445E-AD06-07A6D6CEF6EC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{111980B3-EFDC-451C-BF37-92EB400F10AC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{1EB88F01-3BF1-42D9-9BBD-4B410F4FCA43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{24B9E41A-64F0-429A-B246-BE0004918E8D}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe | 
"{24CEBE0F-6C9B-472D-AAB8-A5893CA82CEE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{27AB679F-61EA-4777-9AB4-C827A41F4E44}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2A30B85F-11AC-47C0-B8FC-B9D232D4AFCB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2A4C0F40-BA20-4FEA-8CF6-14D2D4CAB366}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{30A0A0A3-8DED-40AB-9406-59A2A859E20A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe | 
"{34C8C29C-C306-441F-A050-B5A421C36F24}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe | 
"{42119257-40A0-493E-8033-58CD6EBBF328}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E20C565-7C9E-450D-904F-DCEF93B46142}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{53419AF4-9BB5-4623-8F73-9C94A9A3B8E8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | 
"{5543EA98-5905-4193-9C13-4926B1DB6AE7}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{55742FA4-8CFA-42D5-A103-F5A7D3AE412B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{596C39E4-9B9B-44AC-B709-169D0AE694BE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe | 
"{5DB28E35-2292-4789-8FA0-EF1856FDEFEE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6167FE01-FB59-4E49-A966-015202F2BBD8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6651C800-0C7A-4CD2-9609-AEC479C0CB98}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | 
"{6DE96EE8-36E9-48FB-97B3-CA9F66E7B09F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{7828F567-91FC-47D3-AA97-70405C97CF44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8405B79F-5ACB-4C72-A5AE-D0A8300F9F36}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{84A81CC9-5346-415C-9ADB-739DCF15AF06}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{91FD15A3-F8C8-4EE4-ADEC-444C7D68C595}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{95BFDA5C-08B0-4E9F-9D7B-EE080FD64946}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{96ECD0A3-F4EF-437B-B460-1FAA91BF5F47}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{978CD252-4E47-4021-805F-A247F2BD23FF}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{992A53D3-61A0-4566-A4AD-7D054F7DE3F1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A2563E8E-A3F9-4557-A8D1-C750C03103E8}" = protocol=6 | dir=out | app=system | 
"{A5ADF130-5D3A-4D4A-B5EF-0BBD564B1808}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{ADAA9197-8D6E-4FD1-9D85-03A6FAE7EBFD}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | 
"{BA1222D5-2117-4200-9FED-89E1C8AB9876}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CC4196B4-3025-4A02-A643-BBD91DB74576}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CD6D6FE6-7E7C-4A4F-AE8C-814992C2FC14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D3BD58B8-CD81-4059-B7EC-CF920161B0BA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D4144E06-18F0-4A79-BF44-4F4180694793}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{DC00BFEC-99BA-49BF-8046-15F3042273F5}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{DF3F6F79-B0E1-4EB6-9EA5-2F0582453129}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E56CA456-39EA-43A0-B93D-5828E001D370}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA342400-2221-4E5D-BF44-6C983D1301A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD8D9306-7AEC-494F-80FE-DC485C3EEAD6}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | 
"TCP Query User{2BBE7102-4E75-4C4D-9ED4-24A803DE68DB}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{659ECFF9-7C52-4DC2-B5CA-1B6A542D8B30}C:\users\****\appdata\roaming\ikfago\ikete.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\ikfago\ikete.exe | 
"TCP Query User{6A755F6B-9AC8-4C52-A551-0E064F84F41C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{1F16B195-D9CE-4F33-A61D-B629F3A5554D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{4F6772EA-2F1A-41EB-92FF-8D430D4CB772}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{F11F6807-719D-4EAF-BCB1-C9FD9BC8CDE9}C:\users\****\appdata\roaming\ikfago\ikete.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\ikfago\ikete.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE}" = Eraser 6.0.7.1893
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9822326F-410C-96A5-2F58-65E58F65D63B}" = ccc-utility64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5816A09-786E-C91D-3D99-8A8C92648750}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B148875-7C4D-A5A7-79FA-82D679939663}" = CCC Help Danish
"{0D49143F-5710-6EAF-986F-86306C54D9F7}" = CCC Help Dutch
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0DCE424F-F4A8-A3EA-3416-7A4CA189A164}" = CCC Help Czech
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{193B70F8-D757-B1D6-B2B0-826E92D889CC}" = CCC Help Polish
"{1E49D2F5-18C5-4097-B30B-9AC73168B5E9}" = Acer 3G Connection Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23640476-5D3A-F071-A40F-345E16C91301}" = CCC Help Hungarian
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{39BE50E7-8059-C383-D8D0-3EC7B9A0B2C2}" = CCC Help Turkish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4394B319-1CA6-9535-5A97-3407DE7B2865}" = CCC Help Chinese Traditional
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E242AB2-86A7-4231-82A9-1E4226D23CA8}" = Catalyst Control Center - Branding
"{4E2AC91C-090D-C0BE-98E0-35480A693D53}" = CCC Help Russian
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59A58CB1-5177-4AF7-DC09-886DC5175561}" = CCC Help Thai
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B70AFEB-18E9-0BBA-C876-50E61D2F1585}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BBEA5FB-5BDA-5568-F370-66934F5862F8}" = Catalyst Control Center Graphics Light
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C3E29B2-038E-312D-938C-DED2C6451411}" = CCC Help German
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800E5862-A2A2-B903-6B6E-660F5DFB1BFF}" = CCC Help Norwegian
"{804D666C-1FB8-F116-358B-15F297113547}" = CCC Help English
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90497F91-64AA-6732-266E-4B7023989E5C}" = ccc-core-static
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A990CB5E-6951-12C0-6B29-4C0102E80827}" = CCC Help Portuguese
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{ABC74AD3-8488-2D59-71CA-FE1FDBD99293}" = CCC Help Greek
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B399B936-CDED-C8E5-D621-E6323855CF5B}" = Catalyst Control Center Graphics Full New
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{BE985F96-BFD5-BCE2-97F6-B73BBF122943}" = CCC Help Japanese
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C314EA94-9FAF-969D-544F-816FE102EAFD}" = Catalyst Control Center InstallProxy
"{C40DCE3C-E042-2DEE-4F77-8725E18BAE17}" = CCC Help Spanish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{D1F8C3EA-8274-90C1-460B-EE2DFA7B492B}" = CCC Help French
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E573FE55-5A89-F7CC-0A00-A9E79BB20C3B}" = CCC Help Finnish
"{E75093FD-D74A-D7D0-AE15-BA89B30D9E54}" = Catalyst Control Center Localization All
"{E92EAA89-9597-E7DF-6EB6-F21655D245F2}" = Catalyst Control Center Graphics Previews Vista
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEEDE742-915B-2D3F-5763-E7375BE7B144}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9B82B36-5FC0-1E0D-0D56-066D1EDAC9E8}" = Catalyst Control Center Graphics Full Existing
"{FC3CCF4F-ABE4-1CF6-347B-DEAFC9D82F1C}" = Catalyst Control Center Core Implementation
"{FC4AAE94-A221-0725-4FD8-56262B0262BA}" = CCC Help Italian
"{FFAC99FD-DDF8-E138-E8F4-538B639C6984}" = CCC Help Swedish
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FairStars CD Ripper_is1" = FairStars CD Ripper 1.50
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 5.0.6.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Freecom Network Storage Assistant_is1" = Freecom Network Storage Assistant 1.66
"Hydrogen" = Hydrogen
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Mp3tag" = Mp3tag v2.46a
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PSPad editor_is1" = PSPad editor
"SimpleOCR 3.1" = SimpleOCR 3.1
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-826733488-1499186410-3467009736-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.06.2012 06:41:15 | Computer Name = Ace | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.06.2012 06:41:15 | Computer Name = Ace | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 74552035
 
Error - 16.06.2012 06:41:15 | Computer Name = Ace | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 74552035
 
Error - 16.06.2012 06:53:33 | Computer Name = Ace | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.06.2012 06:53:34 | Computer Name = Ace | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 57565
 
Error - 16.06.2012 06:53:34 | Computer Name = Ace | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 57565
 
Error - 19.06.2012 12:41:12 | Computer Name = Ace | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 20.06.2012 11:29:41 | Computer Name = Ace | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wbengine.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce79951  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004e4b4
ID
 des fehlerhaften Prozesses: 0x12e4  Startzeit der fehlerhaften Anwendung: 0x01cd4e3af9357a44
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\wbengine.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: c09ec532-baec-11e1-9adc-001e101f8aaa
 
Error - 20.06.2012 12:41:26 | Computer Name = Ace | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.06.2012 12:41:26 | Computer Name = Ace | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1108
 
[ Media Center Events ]
Error - 01.01.2011 14:42:13 | Computer Name = Ace | Source = MCUpdate | ID = 0
Description = 19:42:09 - Fehler beim Herstellen der Internetverbindung.  19:42:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 31.01.2011 16:47:58 | Computer Name = Ace | Source = MCUpdate | ID = 0
Description = 21:47:49 - Fehler beim Herstellen der Internetverbindung.  21:47:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2011 16:22:50 | Computer Name = Ace | Source = MCUpdate | ID = 0
Description = 22:22:50 - Fehler beim Herstellen der Internetverbindung.  22:22:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.07.2011 16:23:03 | Computer Name = Ace | Source = MCUpdate | ID = 0
Description = 22:22:56 - Fehler beim Herstellen der Internetverbindung.  22:22:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.07.2011 04:03:15 | Computer Name = Ace | Source = MCUpdate | ID = 0
Description = 10:03:15 - Fehler beim Herstellen der Internetverbindung.  10:03:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.07.2011 04:03:32 | Computer Name = Ace | Source = MCUpdate | ID = 0
Description = 10:03:21 - Fehler beim Herstellen der Internetverbindung.  10:03:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.08.2011 16:11:12 | Computer Name = Ace | Source = MCUpdate | ID = 0
Description = 22:11:12 - Fehler beim Herstellen der Internetverbindung.  22:11:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.08.2011 16:11:32 | Computer Name = Ace | Source = MCUpdate | ID = 0
Description = 22:11:18 - Fehler beim Herstellen der Internetverbindung.  22:11:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.09.2011 05:52:20 | Computer Name = Ace | Source = MCUpdate | ID = 0
Description = 11:52:19 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  
 
Error - 05.09.2011 05:53:01 | Computer Name = Ace | Source = MCUpdate | ID = 0
Description = 11:52:27 - Fehler beim Herstellen der Internetverbindung.  11:52:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 08.08.2012 16:14:16 | Computer Name = Ace | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.08.2012 00:31:15 | Computer Name = Ace | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 09.08.2012 00:31:15 | Computer Name = Ace | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 09.08.2012 15:16:37 | Computer Name = Ace | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 09.08.2012 15:16:37 | Computer Name = Ace | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 11.08.2012 03:11:03 | Computer Name = Ace | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.100
 mit dem Computer mit der  Netzwerkhardwareadresse 00-21-63-73-6F-77 ermittelt. Netzwerkvorgänge
 könnten daher auf diesem  System unterbrochen werden.
 
Error - 11.08.2012 03:44:12 | Computer Name = Ace | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 11.08.2012 03:44:12 | Computer Name = Ace | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
Error - 11.08.2012 05:31:15 | Computer Name = Ace | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ZoneAlarm Toolbar ISWKL" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 11.08.2012 05:31:15 | Computer Name = Ace | Source = Service Control Manager | ID = 7001
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist vom Dienst "ZoneAlarm Toolbar
 ISWKL" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%3
 
 
< End of report >

--- --- ---

Hier noch ein Antivir-Log

Code:

ATTFilter


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 11. August 2012  16:06

Es wird nach 4089295 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ACE

Versionsinformationen:
BUILD.DAT      : 12.0.0.1167    40870 Bytes  18.07.2012 19:07:00
AVSCAN.EXE     : 12.3.0.33     468472 Bytes  08.08.2012 18:41:51
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  18.05.2012 20:26:32
LUKE.DLL       : 12.3.0.15      68304 Bytes  18.05.2012 20:26:32
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  18.05.2012 20:26:32
AVREG.DLL      : 12.3.0.17     232200 Bytes  18.05.2012 20:26:32
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 10:56:21
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 17:36:19
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 19:52:10
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 22:11:54
VBASE006.VDF   : 7.11.34.117     2048 Bytes  29.06.2012 22:11:54
VBASE007.VDF   : 7.11.34.118     2048 Bytes  29.06.2012 22:11:55
VBASE008.VDF   : 7.11.34.119     2048 Bytes  29.06.2012 22:11:55
VBASE009.VDF   : 7.11.34.120     2048 Bytes  29.06.2012 22:11:55
VBASE010.VDF   : 7.11.34.121     2048 Bytes  29.06.2012 22:11:55
VBASE011.VDF   : 7.11.34.122     2048 Bytes  29.06.2012 22:11:55
VBASE012.VDF   : 7.11.34.123     2048 Bytes  29.06.2012 22:11:55
VBASE013.VDF   : 7.11.34.124     2048 Bytes  29.06.2012 22:11:55
VBASE014.VDF   : 7.11.38.18   2554880 Bytes  30.07.2012 17:12:38
VBASE015.VDF   : 7.11.38.70    556032 Bytes  31.07.2012 17:12:39
VBASE016.VDF   : 7.11.38.143   171008 Bytes  02.08.2012 18:05:28
VBASE017.VDF   : 7.11.38.221   178176 Bytes  06.08.2012 18:41:47
VBASE018.VDF   : 7.11.39.37    168448 Bytes  08.08.2012 18:41:47
VBASE019.VDF   : 7.11.39.89    131072 Bytes  09.08.2012 19:21:46
VBASE020.VDF   : 7.11.39.90      2048 Bytes  09.08.2012 19:21:46
VBASE021.VDF   : 7.11.39.91      2048 Bytes  09.08.2012 19:21:46
VBASE022.VDF   : 7.11.39.92      2048 Bytes  09.08.2012 19:21:46
VBASE023.VDF   : 7.11.39.93      2048 Bytes  09.08.2012 19:21:46
VBASE024.VDF   : 7.11.39.94      2048 Bytes  09.08.2012 19:21:46
VBASE025.VDF   : 7.11.39.95      2048 Bytes  09.08.2012 19:21:47
VBASE026.VDF   : 7.11.39.96      2048 Bytes  09.08.2012 19:21:47
VBASE027.VDF   : 7.11.39.97      2048 Bytes  09.08.2012 19:21:47
VBASE028.VDF   : 7.11.39.98      2048 Bytes  09.08.2012 19:21:47
VBASE029.VDF   : 7.11.39.99      2048 Bytes  09.08.2012 19:21:47
VBASE030.VDF   : 7.11.39.100     2048 Bytes  09.08.2012 19:21:47
VBASE031.VDF   : 7.11.39.136    88064 Bytes  10.08.2012 20:38:50
Engineversion  : 8.2.10.132
AEVDF.DLL      : 8.1.2.10      102772 Bytes  12.07.2012 19:31:37
AESCRIPT.DLL   : 8.1.4.42      459129 Bytes  09.08.2012 19:21:50
AESCN.DLL      : 8.1.8.2       131444 Bytes  28.01.2012 09:16:44
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 16:20:50
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06
AEPACK.DLL     : 8.3.0.24      811381 Bytes  08.08.2012 18:41:49
AEOFFICE.DLL   : 8.1.2.42      201083 Bytes  20.07.2012 07:55:38
AEHEUR.DLL     : 8.1.4.86     5165429 Bytes  09.08.2012 19:21:50
AEHELP.DLL     : 8.1.23.2      258422 Bytes  28.06.2012 22:11:51
AEGEN.DLL      : 8.1.5.34      434548 Bytes  20.07.2012 07:54:08
AEEXP.DLL      : 8.1.0.74       86387 Bytes  04.08.2012 07:29:13
AEEMU.DLL      : 8.1.3.2       393587 Bytes  12.07.2012 19:31:36
AECORE.DLL     : 8.1.27.4      201078 Bytes  08.08.2012 18:41:49
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  18.05.2012 20:26:31
AVPREF.DLL     : 12.3.0.15      51920 Bytes  18.05.2012 20:26:32
AVREP.DLL      : 12.3.0.15     179208 Bytes  18.05.2012 20:26:32
AVARKT.DLL     : 12.3.0.15     211408 Bytes  18.05.2012 20:26:32
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  18.05.2012 20:26:32
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  18.05.2012 20:26:32
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  08.08.2012 18:41:51
NETNT.DLL      : 12.3.0.15      17104 Bytes  18.05.2012 20:26:32
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 18:41:46
RCTEXT.DLL     : 12.3.0.31     100088 Bytes  08.08.2012 18:41:46

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, Q:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 11. August 2012  16:06

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'keepass.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeePassPortable.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_270.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_270.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'Defogger.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'OTL.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'EgisUpdate.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMworker.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupManagerTray.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'PmmUpdate.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'PLFSetI.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'mwlDaemon.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'UpdaterService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RS_Service.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'IScheduleSvc.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'GREGsvc.exe' - '11' Modul(e) wurden durchsucht
Durchsuche Prozess 'dsiwmis.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\Hydrogen\uninstall.exe
  [WARNUNG]   Unerwartetes Dateiende erreicht
Die Registry wurde durchsucht ( '3074' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Acer>
C:\Program Files (x86)\Hydrogen\uninstall.exe
  [WARNUNG]   Unerwartetes Dateiende erreicht
Beginne mit der Suche in 'E:\' <Daten>
E:\ACE\Backup Set 2011-11-06 163230\Backup Files 2011-11-06 190024\Backup files 1.zip
  [0] Archivtyp: ZIP
  --> C/Users/ADMIN.Ace/Desktop/PageRage-SilentInstaller.exe
      [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
  --> C/Users/ADMIN.Ace/Desktop/PageRage-SilentInstaller[1].exe
      [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
E:\ACE\Backup Set 2012-07-29 190002\Backup Files 2012-08-08 204849\Backup files 1.zip
  [0] Archivtyp: ZIP
  --> C/Users/****/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/31/3b67909f-165fab30
      [FUND]      Ist das Trojanische Pferd TR/Fakealert.urx
  --> C/Users/****/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/37/23b4b8a5-5e4910df
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.FC
    --> O1.class
        [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.FC
    --> O2.class
        [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.CT
    --> O3.class
        [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.CU
  --> C/Users/****/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/39/27bc9327-41055128
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.FC
    --> O1.class
        [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.FC
    --> O2.class
        [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.CT
    --> O3.class
        [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.CU
E:\Downloads\avira_free_antivirus_de(2).exe
  [WARNUNG]   Die Datei ist kennwortgeschützt
E:\Downloads\avira_free_antivirus_de(3).exe
  [WARNUNG]   Die Datei ist kennwortgeschützt
E:\Downloads\avira_free_antivirus_de(4).exe
  [WARNUNG]   Die Datei ist kennwortgeschützt
E:\Downloads\avira_free_antivirus_de.exe
  [WARNUNG]   Die Datei ist kennwortgeschützt
E:\Downloads\Various - This Is Psychobilly.part01.rar
  [WARNUNG]   Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt  (multiple volume)
E:\****\Zeugs\cdex_151.exe
  [WARNUNG]   Die komprimierten Daten sind fehlerhaft
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert

Beginne mit der Desinfektion:
E:\ACE\Backup Set 2012-07-29 190002\Backup Files 2012-08-08 204849\Backup files 1.zip
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-1723.CU
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '556c2151.qua' verschoben!
E:\ACE\Backup Set 2011-11-06 163230\Backup Files 2011-11-06 190024\Backup files 1.zip
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dfb0ec0.qua' verschoben!


Ende des Suchlaufs: Samstag, 11. August 2012  18:41
Benötigte Zeit:  2:33:41 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  35204 Verzeichnisse wurden überprüft
 2039798 Dateien wurden geprüft
     11 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 2039787 Dateien ohne Befall
  16197 Archive wurden durchsucht
      8 Warnungen
      2 Hinweise
 627682 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

t'john · 22.08.2012, 01:08

Ist das Problem noch aktuell?

t'john · 05.10.2012, 23:55

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Pechvogel44 · 06.10.2012, 12:25

Zitat:

Zitat von t'john

Fehlende Rückmeldung

Sorry - hat sich erledigt. Aber danke der Nachfrage!

22.08.2012, 01:08	#3
t'john /// Helfer-Team	Live Security Platinum - muss ich meinen Computer neu aufsetzen? Ist das Problem noch aktuell? __________________ __________________

Live Security Platinum - muss ich meinen Computer neu aufsetzen?

Plagegeister aller Art und deren Bekämpfung: Live Security Platinum - muss ich meinen Computer neu aufsetzen?