Virus: Durch das System der automatischen Informationskontrolle wurde Ihr Computer gesperrt.

Perth · 11.08.2012, 11:58

Hallo, gestern, als ich im Internet surfte wurde von einer Sekunde auf die andere der Bildschirm weiß und es kam die Meldung: "Durch das System der automatischen Informationskontrolle wurde Ihr Computer gesperrt." Rechts oben erscheint das Logo der österreichischen Bundespolizei. Es werden auch einige Gründe benannt, z.B. dass man sich verbotene Websites angesehen habe. Es wird verlangt, dass man 100 € bezahlen soll. Die Bezahlung soll mittles eines Programms namens Ukash erfolgen. Wenn man den Computer abdreht und danach wieder aufdreht, kommt das selbe nochmal. Man kann das Fenster nicht schließen und es füllt den ganzen Bildschirm aus. Man kann noch mit Strg. + Alt. + Entf. den Task-Manager aufrufen, jedoch schließt sich dieser nach einpar Sekunden wieder und man kann ihn nicht nocheinmal aufrufen.
Ich habe daraufhin mit einem anderen Computer im Internet recherchiert, um sicherzugehen, dass es sich "nur" um eine Art Virus handelt. Dadurch bin ich auf eure Internetseite gestoßen, wo andere User ähnliche Probleme beschrieben. Außerdem las ich auf eurer Seite, dass man auf keinen Fall die Anweisungen, die ihr einem anderen User gegeben habt, der ein ähnliches Problem hat, einfach auch ausführen soll, auch wenn es noch so offensichtlich erscheint, dass es das selbe Problem ist, da jedes Problem individuell behandelt werden muss. Hier habe ich auch gelesen, dass ein anderer User in den sicheren Modus gelangen konnte, indem er auf F8 drückte nach dem einschalten, und dass sein Computer in diesem Modus mehr oder weniger funktionierte. Ich habe das bei meinem Computer ausprobiert und es hat auch bei mir funktioniert. Daraufhin habe ich erst einmal einen vollständigen Systemscan mit meinem Antivirenprogramm "Norton Internet Security" ausgeführt. Das Programm fand und behob jedoch nur 8 Tracking-Cookies. Die Meldung, dass mein Computer gesperrt sei, erschien immernoch, wenn ich den Computer normal startete. Daraufhin beschloss ich diesen Beitrag zu schreiben. Ich habe schon alle Vorbereitung getroffen, die im Artikel " Was muß ich vor meinem ersten Thema beachten?" beschrieben sind. Ich werde nun den Inhalt der Dateien OTL.txt, Extras.txt und Gmer.log hier einfügen:

OTL.txt:

OTL logfile created on: 11.08.2012 09:21:33 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Kuchner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 84,17% Memory free
6,19 Gb Paging File | 5,93 Gb Available in Paging File | 95,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,79 Gb Total Space | 4,88 Gb Free Space | 3,40% Space Free | Partition Type: NTFS
Drive D: | 140,29 Gb Total Space | 140,09 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

Computer Name: KUCHNER-PC | User Name: Kuchner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.08.11 09:20:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kuchner\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.02.04 14:29:02 | 000,688,128 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

========== Win32 Services (SafeList) ==========

SRV - [2012.08.02 19:03:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.21 12:14:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.01 11:13:23 | 000,935,008 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.27 10:39:14 | 000,241,664 | ---- | M] () [Auto | Stopped] -- C:\Programme\tele.ring Internet Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008.10.16 18:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 17:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.02.25 10:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.20 12:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.11.27 19:54:36 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.11.22 10:01:00 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.10.01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.09.20 14:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.09.10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012.08.10 10:21:38 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.06.19 02:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120804.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.06.14 20:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120809.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.05.16 11:28:45 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120809.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.05.16 11:28:45 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120809.033\NAVENG.SYS -- (NAVENG)
DRV - [2012.03.29 08:28:37 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1307010.005\symtdiv.sys -- (SYMTDIv)
DRV - [2012.03.29 08:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.sys -- (SymEFA)
DRV - [2012.03.29 08:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1307010.005\ironx86.sys -- (SymIRON)
DRV - [2012.03.29 08:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012.03.29 08:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.sys -- (SRTSPX)
DRV - [2012.03.27 14:07:06 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.11.30 00:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.sys -- (ccSet_NIS)
DRV - [2011.07.25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symds.sys -- (SymDS)
DRV - [2009.07.27 10:35:04 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.07.27 10:35:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.07.27 10:35:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.07.27 10:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.07.27 10:13:28 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.07.27 10:13:28 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008.11.17 08:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.05.08 19:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.03.11 04:11:00 | 008,240,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.15 18:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.01.24 04:29:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2008.01.24 04:29:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2008.01.04 18:15:08 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007.10.31 04:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.07.30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.09 15:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007.07.03 11:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007.06.26 14:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.03.30 14:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2001.05.07 12:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programme\Messenger_Plus_Live\prxtbMes0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRYYYYYYYYAT&ptb=5l9.tCtKHUypw.ylYFOdWQ&psa=&ind=2010121314&ptnrS=GRYYYYYYYYAT&si=&st=sb&n=77d00462&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={B4817BA2-5E7B-4CF8-A560-960918E4780B}&mid=3d65530e946a4de28f7d8b047c3c9ffd-1418a610af877fbadf1c1f2caaa037733d1aad23&lang=de&ds=hk011&pr=sa&d=2012-07-01 11:13:24&v=11.1.0.12&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}: "URL" = hxxp://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?}
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://plusnetwork.com/?sp=brw&q={searchTerms}
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRYYYYYYYYAT&ptb=5l9.tCtKHUypw.ylYFOdWQ&psa=&ind=2010121314&ptnrS=GRYYYYYYYYAT&si=&st=sb&n=77d00462&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={B4817BA2-5E7B-4CF8-A560-960918E4780B}&mid=3d65530e946a4de28f7d8b047c3c9ffd-1418a610af877fbadf1c1f2caaa037733d1aad23&lang=de&ds=hk011&pr=sa&d=2012-07-01 11:13:24&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2124320
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll (Fun Web Products, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.06 18:07:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\tele.ring Internet Manager\addon [2011.03.26 20:48:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.01 14:41:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.08.10 16:36:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.01 11:13:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.21 12:14:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.09 06:40:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.21 12:14:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.09 06:40:21 | 000,000,000 | ---D | M]

[2009.03.06 23:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kuchner\AppData\Roaming\mozilla\Extensions
[2012.08.01 11:54:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kuchner\AppData\Roaming\mozilla\Firefox\Profiles\be794mzi.default\extensions
[2010.10.14 13:10:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kuchner\AppData\Roaming\mozilla\Firefox\Profiles\be794mzi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.16 11:39:58 | 000,000,000 | ---D | M] (Messenger Plus Live Community Toolbar) -- C:\Users\Kuchner\AppData\Roaming\mozilla\Firefox\Profiles\be794mzi.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
[2011.11.17 15:33:39 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Kuchner\AppData\Roaming\mozilla\Firefox\Profiles\be794mzi.default\extensions\bbrs_002@blabbers.com
[2011.03.24 17:44:45 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Kuchner\AppData\Roaming\mozilla\Firefox\Profiles\be794mzi.default\extensions\engine@conduit.com
[2011.11.17 15:33:35 | 000,000,000 | ---D | M] ("Messenger Plus! Community Smartbar") -- C:\Users\Kuchner\AppData\Roaming\mozilla\Firefox\Profiles\be794mzi.default\extensions\linkuryfirefoxremoteplugin@linkury.com
[2011.02.03 22:08:01 | 000,001,681 | ---- | M] () -- C:\Users\Kuchner\AppData\Roaming\Mozilla\Firefox\Profiles\be794mzi.default\searchplugins\ask.uk.xml
[2009.08.03 23:15:16 | 000,000,681 | ---- | M] () -- C:\Users\Kuchner\AppData\Roaming\Mozilla\Firefox\Profiles\be794mzi.default\searchplugins\ask.xml
[2011.11.17 15:33:37 | 000,002,314 | ---- | M] () -- C:\Users\Kuchner\AppData\Roaming\Mozilla\Firefox\Profiles\be794mzi.default\searchplugins\Messenger Plus Smartbar Search.xml
[2012.02.16 11:51:39 | 000,002,770 | ---- | M] () -- C:\Users\Kuchner\AppData\Roaming\Mozilla\Firefox\Profiles\be794mzi.default\searchplugins\Plusnetwork.xml
[2010.02.13 23:19:09 | 000,003,915 | ---- | M] () -- C:\Users\Kuchner\AppData\Roaming\Mozilla\Firefox\Profiles\be794mzi.default\searchplugins\sweetim.xml
[2012.07.09 06:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.09 06:40:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.01 11:54:31 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\KUCHNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BE794MZI.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2011.03.29 07:13:37 | 000,149,777 | ---- | M] () (No name found) -- C:\USERS\KUCHNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BE794MZI.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.07.21 12:14:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.22 09:19:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.01 11:13:19 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.22 09:19:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.22 09:19:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 09:19:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 09:19:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 09:19:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Kuchner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programme\Messenger_Plus_Live\prxtbMes0.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programme\Messenger_Plus_Live\prxtbMes0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files\Messenger_Plus_Live\prxtbMes0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\tele.ring Internet Manager\UIExec.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cbjppvgvirarlni] C:\ProgramData\cbjppvgv.exe ()
O4 - HKCU..\Run: [Linkury Chrome Smartbar] C:\Users\Kuchner\AppData\Local\Linkury\Application\Linkury.exe ()
O4 - HKCU..\Run: [OnlineFestplatte] C:\Program Files\aon\Onlinefestplatte\OnlineFestplatte.exe (Telekom Austria TA AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kuchner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Kuchner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15193D43-6F28-4AEA-8BC1-D5C248AD6770}: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2449DB81-A7B2-4EA8-BCC3-72EF2740B456}: DhcpNameServer = 213.162.69.170 213.162.65.2
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kuchner\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kuchner\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4b0d7f52-75a3-11e1-ab67-974a4346670a}\Shell - "" = AutoRun
O33 - MountPoints2\{4b0d7f52-75a3-11e1-ab67-974a4346670a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{7b0ec6ca-e978-11dd-acc9-d35f70ccfb6c}\Shell - "" = AutoRun
O33 - MountPoints2\{7b0ec6ca-e978-11dd-acc9-d35f70ccfb6c}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.11 09:20:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Kuchner\Desktop\OTL.exe
[2012.08.10 15:05:48 | 000,000,000 | -HSD | C] -- C:\found.002
[2012.08.10 14:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\zmxvbiqhimtcwjh
[2012.08.10 12:30:49 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{B98A35F6-7A40-43CD-A92F-010AA2FC7159}
[2012.08.10 12:30:39 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{1AC8C684-F94A-4898-B82A-73440B557497}
[2012.08.07 10:11:34 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{7FAABA25-BAD2-4A28-9E4C-6668F17A4EE2}
[2012.08.07 10:11:24 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{7A1C56BD-35EC-4B8C-81AE-0B4B2396671B}
[2012.08.06 12:46:49 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{900A2479-C378-4E97-BC83-B965AAAB6DDA}
[2012.08.06 12:46:24 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{2AB0455A-6C90-495C-84CC-950A515EB9C9}
[2012.08.06 09:53:00 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{D8D4CFA8-87D7-428F-A4EB-2A8018DC871B}
[2012.08.04 16:58:03 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{660806D7-D25B-4461-A9E7-F37CB0375779}
[2012.08.04 16:57:52 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{A2D1A43D-B145-4F94-A7EA-19A37AEEDE8E}
[2012.08.04 10:13:57 | 000,000,000 | ---D | C] -- C:\Log
[2012.08.04 10:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Windows Data Recovery-Home
[2012.08.04 10:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Windows Data Recovery - Home
[2012.08.03 07:57:54 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{77718D7F-140A-4DA4-93EE-8603040D9DDE}
[2012.08.03 07:57:43 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{3C6F0FD9-7D14-4B42-A002-E57BBCCCE2A1}
[2012.07.31 13:53:19 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{D0745C2B-4782-471D-9476-593AAF95082C}
[2012.07.31 13:53:00 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{71FA6085-D0E2-42C9-AF5C-5373BDE77A71}
[2012.07.31 11:42:08 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{C9695E60-C22D-45AE-94BD-9169F9FFEA43}
[2012.07.31 06:01:48 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{9C359BB8-A622-4225-926D-AAACF7A2440B}
[2012.07.30 05:38:02 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{C9B06779-A15B-4AD5-8CD6-2BB72ACB6855}
[2012.07.30 05:37:51 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{4E5DD349-2561-46D2-B331-7BC6B794B55C}
[2012.07.29 09:35:13 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{3DD2A755-7959-48C1-84E2-0016F3CFB57D}
[2012.07.29 09:35:03 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{7706037F-AA0B-4B95-B5D8-3F2F04B0BB65}
[2012.07.26 05:58:56 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{82BCBEFA-70B2-4325-A8D6-F89D72C4F65B}
[2012.07.26 05:58:46 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{6295B68C-E5AA-4E7D-B0ED-7C6606560FD1}
[2012.07.25 06:13:09 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{CCBF3809-DF73-4962-A063-0F1D23ABB558}
[2012.07.25 06:12:58 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{3509DC9F-4A13-4BA2-B52C-BC3BF3316495}
[2012.07.23 08:36:54 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{434F0372-7B9A-4512-9E65-2C5E7BA018B9}
[2012.07.23 08:36:44 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{67E50791-8056-4E03-8910-07F401088C00}
[2012.07.23 05:36:01 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{A720ADD5-F7E0-4A23-BFD8-94048063E1AD}
[2012.07.23 05:35:38 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{691F198F-5E10-4EBE-B9DC-DC2EA135B61B}
[2012.07.22 09:54:39 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{62E56EFA-FA23-4688-A02E-7F1D45154C24}
[2012.07.22 09:54:28 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{1AF68589-3A5C-41A9-9FE3-5946FB1F489B}
[2012.07.21 13:59:32 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{869DD70D-CFCB-48D7-B65D-DD15656864E5}
[2012.07.21 13:59:22 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{FA8B7773-9F68-4906-A9F4-E4DF491CB255}
[2012.07.18 09:26:24 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{59466291-6811-4B3A-BC7E-CB761D551375}
[2012.07.18 09:26:13 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{315397C8-3113-4766-90DB-5BB85B313C6B}
[2012.07.18 05:39:17 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{553862AD-EBE3-4482-B580-6E339C732C5B}
[2012.07.17 13:09:30 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{E34817FC-46A8-4258-B38D-B73E73FBDC71}
[2012.07.17 13:09:20 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{2186BC0E-F01C-4F7B-98BF-CBF3DDFDA5BC}
[2012.07.17 09:53:31 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{183407F1-AA4A-41A9-A122-98911A29F92B}
[2012.07.16 09:55:24 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{AC88C6F5-0AB4-4398-A3E4-88FC024608F0}
[2012.07.16 09:55:11 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{1B27B510-ADA7-4722-AE44-DAA2F5598C92}
[2012.07.15 14:27:20 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{243F384F-5823-4B66-AAC0-15ED0FD91463}
[2012.07.15 14:27:10 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{969D9E95-9DE8-420B-8492-130D9CA44098}
[2012.07.15 11:59:59 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{FC2F15F2-AAA6-4E6E-8188-A32948F925AE}
[2012.07.14 14:27:20 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{94DED6D3-4873-4557-A4A2-5A067900946A}
[2012.07.14 14:27:10 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{F540AD08-1086-4CD5-BF85-46D18D32E17E}
[2012.07.13 09:57:29 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{1E384D52-B562-4FF4-A6B3-452FA24D77F9}
[2012.07.13 09:57:06 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{76212AB4-97DA-4416-8089-2803396A2E55}
[2012.07.12 09:55:37 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{4CC26127-E081-4668-B9B0-D31944CE8666}
[2012.07.12 09:55:26 | 000,000,000 | ---D | C] -- C:\Users\Kuchner\AppData\Local\{3D9F9FB5-9B5E-44FE-987F-EBB7E602EF92}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Kuchner\AppData\Local\*.tmp files -> C:\Users\Kuchner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.08.11 09:20:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kuchner\Desktop\OTL.exe
[2012.08.11 09:12:08 | 000,000,000 | ---- | M] () -- C:\Users\Kuchner\defogger_reenable
[2012.08.11 09:09:21 | 000,050,477 | ---- | M] () -- C:\Users\Kuchner\Desktop\Defogger.exe
[2012.08.11 08:01:28 | 000,627,900 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.11 08:01:28 | 000,595,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.11 08:01:28 | 000,126,014 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.11 08:01:28 | 000,103,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.11 07:57:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.10 18:31:56 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.10 18:31:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 18:31:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 17:45:10 | 000,001,356 | ---- | M] () -- C:\Users\Kuchner\AppData\Local\d3d9caps.dat
[2012.08.10 16:40:16 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.10 14:50:39 | 000,000,051 | ---- | M] () -- C:\ProgramData\cihcadssefydrix
[2012.08.10 14:50:18 | 000,061,440 | ---- | M] () -- C:\Users\Kuchner\ms.exe
[2012.08.10 14:50:18 | 000,061,440 | ---- | M] () -- C:\ProgramData\cbjppvgv.exe
[2012.08.10 13:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.04 11:48:52 | 000,000,070 | ---- | M] () -- C:\Windows\spwdrhag.INI
[2012.08.04 10:13:36 | 000,001,060 | ---- | M] () -- C:\Users\Kuchner\Desktop\Stellar Phoenix Windows Data Recovery-Home.lnk
[2012.08.04 10:06:14 | 000,000,009 | ---- | M] () -- C:\END
[2012.07.18 11:05:50 | 000,031,744 | ---- | M] () -- C:\Users\Kuchner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.13 05:43:22 | 000,320,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Kuchner\AppData\Local\*.tmp files -> C:\Users\Kuchner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.11 09:12:08 | 000,000,000 | ---- | C] () -- C:\Users\Kuchner\defogger_reenable
[2012.08.11 09:09:21 | 000,050,477 | ---- | C] () -- C:\Users\Kuchner\Desktop\Defogger.exe
[2012.08.10 14:50:39 | 000,061,440 | ---- | C] () -- C:\ProgramData\cbjppvgv.exe
[2012.08.10 14:50:33 | 000,000,051 | ---- | C] () -- C:\ProgramData\cihcadssefydrix
[2012.08.10 14:50:16 | 000,061,440 | ---- | C] () -- C:\Users\Kuchner\ms.exe
[2012.08.04 10:13:36 | 000,001,060 | ---- | C] () -- C:\Users\Kuchner\Desktop\Stellar Phoenix Windows Data Recovery-Home.lnk
[2012.08.04 10:13:35 | 000,000,070 | ---- | C] () -- C:\Windows\spwdrhag.INI
[2012.08.04 10:06:13 | 000,000,009 | ---- | C] () -- C:\END
[2011.12.05 18:02:40 | 000,000,030 | ---- | C] () -- C:\Users\Kuchner\geonext.ini
[2011.06.16 21:06:47 | 000,003,094 | ---- | C] () -- C:\Users\Kuchner\AppData\Roaming\PData.MMM
[2011.06.16 21:06:47 | 000,003,094 | ---- | C] () -- C:\Users\Kuchner\AppData\Roaming\PData.MM1
[2010.10.20 12:59:09 | 000,001,940 | ---- | C] () -- C:\Users\Kuchner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.07.13 08:49:00 | 000,001,356 | ---- | C] () -- C:\Users\Kuchner\AppData\Local\d3d9caps.dat
[2009.02.20 20:33:26 | 000,000,600 | ---- | C] () -- C:\Users\Kuchner\AppData\Roaming\winscp.rnd
[2009.02.20 20:15:29 | 000,031,744 | ---- | C] () -- C:\Users\Kuchner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010.11.20 10:16:54 | 000,000,000 | -HSD | M] -- C:\Users\Kuchner\AppData\Roaming\.#
[2012.08.03 09:10:56 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\.minecraft
[2008.03.25 15:54:34 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\Acer GameZone Console
[2012.01.06 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\Artweaver Free
[2011.06.16 21:06:47 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\AUTOSICH
[2009.02.21 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\Azgard
[2009.02.20 22:52:48 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\Big Fish Games
[2012.07.24 14:10:14 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\BVS Solitaire Collection SE
[2009.03.13 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\FloodLightGames
[2010.11.20 10:10:34 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\iWin
[2010.02.05 19:34:13 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\mquadr.at
[2009.11.26 17:56:06 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\OpenOffice.org
[2010.01.13 22:35:42 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\PlayFirst
[2011.03.26 20:49:07 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\Program Files
[2011.05.15 20:35:02 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\Tific
[2010.06.26 23:41:04 | 000,000,000 | ---D | M] -- C:\Users\Kuchner\AppData\Roaming\uTorrent
[2012.08.10 16:16:58 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:532B5694
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E

< End of report >

Extras.txt:

OTL Extras logfile created on: 11.08.2012 09:21:33 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Kuchner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 84,17% Memory free
6,19 Gb Paging File | 5,93 Gb Available in Paging File | 95,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,79 Gb Total Space | 4,88 Gb Free Space | 3,40% Space Free | Partition Type: NTFS
Drive D: | 140,29 Gb Total Space | 140,09 Gb Free Space | 99,85% Space Free | Partition Type: NTFS

Computer Name: KUCHNER-PC | User Name: Kuchner | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061C8AAC-3C3D-4E93-8C5B-C0612741B517}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24B9BE47-167C-4984-9964-CBC507B59138}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{583129CA-A732-459B-BD10-4A07EDD7C637}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{99C4B8B3-7B35-4B8A-A9A9-D454205764C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F19E547-321B-4F3F-8663-290EF3035B47}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{122A8876-FA59-4AED-BCCE-E371CB5C8BE8}" = protocol=17 | dir=in | app=c:\program files\telekom austria\controller\aoncontroller.exe |
"{1B035899-E7C6-4680-9DBF-097CB0828772}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{262146AB-BBDB-4F02-9945-909E0752B9E6}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{2E2A9CBC-33D7-4306-872A-8C0B3D0785B8}" = protocol=17 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{45BD9A1C-280C-44E0-AD36-731012ACB8A5}" = protocol=6 | dir=in | app=c:\program files\telekom austria\controller\aoncontroller.exe |
"{60E6CBF8-4CA0-4C7C-B898-1ECB8534967B}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{84275B84-0B6C-453C-B4F8-510B4074320E}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{98DA95C4-316A-47BA-B23B-9FF24A2FEB55}" = protocol=6 | dir=in | app=c:\program files\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{A1FEB69F-E3A2-46CC-8F11-62B0E5AD57F1}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{A4172B98-469A-454E-ADAE-37F5D2087EB5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B7DB47EC-02D5-43A7-BEB9-70078BE1C8B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC973743-7235-4237-A16D-5F2BBC9E1660}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{C7861AA6-22F4-4C6E-B4FD-865083C23C90}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{C9BA6B16-451C-4E8E-9F91-800704B8DA90}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{CDB866B5-1F9E-45F3-8DF3-41DE7E9CAD21}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{27459937-76C8-4CF2-B3D9-53B16B20BEDA}C:\users\kuchner\documents\meine empfangenen dateien\utorrent.exe" = protocol=6 | dir=in | app=c:\users\kuchner\documents\meine empfangenen dateien\utorrent.exe |
"TCP Query User{D58C77D3-153E-4452-844E-FC8C25C9C214}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{3C403F0B-1857-4803-B0DC-F2B23EF6C4F1}C:\users\kuchner\documents\meine empfangenen dateien\utorrent.exe" = protocol=17 | dir=in | app=c:\users\kuchner\documents\meine empfangenen dateien\utorrent.exe |
"UDP Query User{928CA5BE-4C13-4DF7-A1B8-4185595470DF}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}" = Catalyst Control Center - Branding
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{0A1984C3-5036-5B5F-F18E-16453EF5A6E1}" = Catalyst Control Center Localization Swedish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{155BBB23-C7A5-223C-3B33-289089D6E0A2}" = Catalyst Control Center Localization Finnish
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{15C91895-01D5-43A0-93FC-3B14F7B3BD7B}" = Messenger Plus! Community Smartbar
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19B4BDE9-0F2B-44FF-FDC4-987E1B33D03C}" = CCC Help English
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}" = Zoo Empire
"{24F149E4-D897-9046-48A5-87CD67F81865}" = CCC Help Polish
"{25C1AF96-1F59-A1CE-3135-B38AFAA5C614}" = CCC Help Czech
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26E2E4FB-F26A-549E-5496-14BAE4E2BA67}" = Catalyst Control Center Graphics Full Existing
"{27B7371A-7AA2-CC5B-6377-72161660F0BE}" = CCC Help Chinese Traditional
"{29F3D466-E05F-CBB6-63E9-01C85C083FCD}" = CCC Help French
"{2CB2E1AE-B62A-3F43-9DD0-EF73467977AC}" = Catalyst Control Center Localization Hungarian
"{30BDD0BE-6A51-6DDD-197D-EFCE3B0EF79D}" = CCC Help German
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{358C26F2-5B99-A7E9-18CF-2AE6BC97289B}" = Catalyst Control Center Localization Czech
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C277F75-605E-BFFE-4F87-27709C92370C}" = Catalyst Control Center Localization Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = DER HERR DER RINGE: DIE GEFÄHRTEN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD4AA8B-3C63-26AB-1CA3-010475A9EA72}" = CCC Help Portuguese
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5262BAD6-5AB7-1490-A65C-D06368F07FF1}" = Catalyst Control Center Localization Italian
"{53F44183-B716-8D7D-053E-CB8039B38E74}" = CCC Help Hungarian
"{5539EBB1-4BB9-21E5-921B-16E8886639D3}" = Catalyst Control Center Localization Chinese Traditional
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A89D38C-B9FE-ECFF-B90E-B9DEC8C8F2D8}" = Catalyst Control Center Localization Greek
"{5B1519C1-265C-C636-C414-F1E150B4F0AA}" = CCC Help Turkish
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6184B5A4-1355-A8D6-CE24-8F7EE887CBF3}" = CCC Help Norwegian
"{650BDC60-79C7-383B-2E9C-B8FF3909A127}" = Catalyst Control Center Localization Spanish
"{653F6FEA-643C-457F-774A-64D4DAAE1028}" = Catalyst Control Center Graphics Previews Vista
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{790DA23A-126B-91A9-FAB7-13EF66724253}" = CCC Help Swedish
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A92A322-1A10-4153-B551-D547AA9B4649}" = Die Legende von Kongo King
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D254568-0697-450C-B3A9-74B041068759}" = web'n'walk Manager
"{7DBDAAAB-8639-B59D-798A-32458B7380F9}" = Catalyst Control Center Localization Norwegian
"{7E96828D-B970-B1A9-3D9F-7EC3624785D0}" = Catalyst Control Center Localization German
"{7ECBF19A-78EC-1665-7E1C-B3E92B07F7CC}" = CCC Help Japanese
"{80C1F369-F876-3D19-7816-B7800E7A6961}" = CCC Help Greek
"{827CFE4D-8687-9E1E-0A72-587BFF0B0D3A}" = CCC Help Thai
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11494470}" = Azgard Defence
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B53527D-BBB2-43A5-91D7-9ED772FD737F}" = Skype web features
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9AF60AF6-B109-D3A4-4367-B3620CBA37A7}" = CCC Help Finnish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ED61802-0F47-F846-FA23-67CE3E4BD427}" = CCC Help Italian
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A79CB508-2DD7-F717-8787-C6382C274082}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = tele.ring Internet Manager
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AACF5D06-EF3A-1941-3492-1E60589CA444}" = ccc-utility
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE2C968B-8A14-ABA2-D742-14E575104BCD}" = Catalyst Control Center Localization Korean
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6988D5B-4325-F1F7-B0E5-C4CCCD01E6B8}" = Catalyst Control Center Localization Thai
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B734B040-25BB-02CA-39BD-FD6D070EDDAB}" = Catalyst Control Center Localization Danish
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B86EE516-7CB4-E4C3-8382-010D4F2807F5}" = CCC Help Korean
"{BB01F512-272A-3C70-DA60-884C8BBC39DD}" = Catalyst Control Center Localization Chinese Standard
"{BBF51613-ACF3-4B1C-86E8-AD15BB431037}" = Tribes Vengeance
"{BCB0CE1E-7510-3948-4834-99BBA689CF62}" = Catalyst Control Center Core Implementation
"{BD5106DF-C061-5736-F1A5-F114BAA63759}" = CCC Help Russian
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C03A43DF-CEE0-6D82-D2D3-781CCE1FC24E}" = Catalyst Control Center Localization Japanese
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C1BC3E6F-B77B-46D9-A2D4-6849DFE139AF}" = VRC_Demo_v323_English
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C76DAFAE-5E59-44AB-2764-70BC79E0D4B2}" = Skins
"{C8256DAF-828E-7E91-FB83-D900AA8E3C86}" = CCC Help Danish
"{C9429012-1CBE-E0CA-0955-CC53E0F2115F}" = CCC Help Chinese Standard
"{CB9B619A-EEA1-BFAB-6CA5-1FC655E2A0DA}" = Catalyst Control Center Localization Turkish
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D013644E-F890-49A4-0DE9-8E4BBD18A406}" = ATI Catalyst Install Manager
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7C49EC6-4DEA-7A7A-860D-78D613C68B8C}" = ccc-core-static
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E08C03D7-AE05-0458-2D14-78F219316933}" = Catalyst Control Center Localization Dutch
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4FD0200-A7DB-2D5A-B5B1-DBC0A184C9B2}" = Catalyst Control Center Localization Russian
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9BA4A79-BD4C-52E3-F34F-85B1CC62EE15}" = Catalyst Control Center Localization Polish
"{E9D20FA4-7CA6-F243-A503-CA961CCD2277}" = CCC Help Spanish
"{EF9E54C1-2D5F-DDA8-8E7B-0CD3EF89C8E4}" = Catalyst Control Center Localization French
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5A630D4-3D7D-6EEC-5DAE-41835DC0A1DA}" = Catalyst Control Center Graphics Full New
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FD2B6E20-5344-07B4-C210-B57611E02906}" = CCC Help Dutch
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Ask Toolbar_is1" = Ask Toolbar
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"AVG Secure Search" = AVG Security Toolbar
"BlablaMaker" = Blabla Maker
"BrowserCompanion" = BrowserCompanion
"BVS Solitaire Collection SE_is1" = BVS Solitaire Collection SE version 4.0
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Controller" = Controller
"Dehumanizer" = Dehumanizer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"GEONExT_is1" = GEONExT 1.74
"Great Invasions_is1" = Great Invasions v1.03c
"GridVista" = Acer GridVista
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}" = Zoo Empire
"InstallShield_{49C98C60-BAC3-4C92-AF4F-E890FD312D60}" = DER HERR DER RINGE: DIE GEFÄHRTEN
"InstallShield_{BBF51613-ACF3-4B1C-86E8-AD15BB431037}" = Tribes Vengeance
"LHTTSGED" = L&H TTS3000 Deutsch
"LManager" = Launch Manager
"Messenger Plus!" = Messenger Plus! 5
"Messenger_Plus_Live Toolbar" = Messenger_Plus_Live Toolbar
"MessengerDiscovery 2.1_is1" = MessengerDiscovery 2.1.79
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"osu!" = osu!
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"Stellar Phoenix Windows Data Recovery-Home_is1" = Stellar Phoenix Windows Data Recovery-Home
"SYBEX Power Sudoku_is1" = SYBEX Power Sudoku
"SYBEX Spieltrieb TetriX" = SYBEX Spieltrieb TetriX 1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.8
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineFestplatte" = aon Online Festplatte (entfernen)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.08.2012 10:45:21 | Computer Name = Kuchner-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 10.08.2012 10:45:21 | Computer Name = Kuchner-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 10.08.2012 10:45:21 | Computer Name = Kuchner-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 10.08.2012 10:45:24 | Computer Name = Kuchner-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.08.2012 10:49:05 | Computer Name = Kuchner-PC | Source = EventSystem | ID = 4609
Description =

Error - 10.08.2012 10:50:09 | Computer Name = Kuchner-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.08.2012 12:11:36 | Computer Name = Kuchner-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.08.2012 12:32:38 | Computer Name = Kuchner-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.08.2012 01:57:32 | Computer Name = Kuchner-PC | Source = EventSystem | ID = 4609
Description =

Error - 11.08.2012 01:58:36 | Computer Name = Kuchner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11.08.2012 01:57:10 | Computer Name = Kuchner-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.08.2012 um 18:11:33 unerwartet heruntergefahren.

Error - 11.08.2012 01:56:54 | Computer Name = Kuchner-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 11.08.2012 01:57:22 | Computer Name = Kuchner-PC | Source = DCOM | ID = 10005
Description =

Error - 11.08.2012 01:57:32 | Computer Name = Kuchner-PC | Source = DCOM | ID = 10005
Description =

Error - 11.08.2012 01:57:34 | Computer Name = Kuchner-PC | Source = DCOM | ID = 10005
Description =

Error - 11.08.2012 01:57:36 | Computer Name = Kuchner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 11.08.2012 01:57:58 | Computer Name = Kuchner-PC | Source = DCOM | ID = 10005
Description =

Error - 11.08.2012 01:57:58 | Computer Name = Kuchner-PC | Source = DCOM | ID = 10005
Description =

Error - 11.08.2012 01:58:36 | Computer Name = Kuchner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11.08.2012 01:58:36 | Computer Name = Kuchner-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Gmer.log:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-11 11:27:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: 03dzbrp2.exe; Driver: C:\Users\Kuchner\AppData\Local\Temp\pgliafow.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1480] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7602B37C 4 Bytes [F0, 1F, 00, 10]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)

---- EOF - GMER 1.0.15 ----

Ich würde mich sehr freuen, wenn mir jemand helfen könnte.

markusg · 11.08.2012, 12:58

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [cbjppvgvirarlni] C:\ProgramData\cbjppvgv.exe ()
[2012.08.10 14:50:39 | 000,000,051 | ---- | M] () -- C:\ProgramData\cihcadssefydrix
[2012.08.10 14:50:18 | 000,061,440 | ---- | M] () -- C:\Users\Kuchner\ms.exe
[2012.08.10 14:50:18 | 000,061,440 | ---- | M] () -- C:\ProgramData\cbjppvgv.exe
[2012.08.10 14:50:18 | 000,061,440 | ---- | M] () -- C:\Users\Kuchner\ms.exe
 :Files
C:\ProgramData\cbjppvgv.exe
:Commands
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.

Perth · 11.08.2012, 14:42

Ich habe jetzt OTL.exe wieder ausgeführt und den Text eingegeben. Nachdem Neustart ging der normale Modus wieder, aber ich fand kein Textdokument auf dem Desktop. Außerdem zeigt mein Antivirus-Programm von Norton "Gefährdet" an. Soll ich auf "Jetzt beheben" drücken, oder es ignorieren?
Movedfiles.zip und cache.rar habe ich problemlos upgeloaded.

markusg · 11.08.2012, 16:21

danke

was zeigt norton denn genau

Perth · 13.08.2012, 10:03

Norton zeigt:

Systemstatus: Gefährdet
Ihr Compter muss auf Viren und Spyware gescannt werden. Jetzt beheben

Ich habe jetzt einfach bei Norton auf "Jetzt beheben" gedrückt und Norton hat einen Scan ausgeführt und 26 Tracking Cookies gefunden. Jetzt zeigt er wieder Systemstatus: OK an. Ich habe jetzt nur mehr eine Frage: Ist dieser "Polizei-Virus" vollständig weg oder sind nur die "Symptome" blockiert? Auf jeden Fall: Vielen Dank für die Hilfe! Alleine hätte ich das nie geschafft.

Virus: Durch das System der automatischen Informationskontrolle wurde Ihr Computer gesperrt.

Plagegeister aller Art und deren Bekämpfung: Virus: Durch das System der automatischen Informationskontrolle wurde Ihr Computer gesperrt.