UKCASH Virus mit webcam Komme nicht mehr auf desktop

ALMUM · 17.11.2012, 16:59

Hallo zusammen.

Habe folgendes Problem.

Mein Vater kam heute Mittag vorbei mit seinem
Laptop , und sagte der hat aufeinmal so ein pop up mit UKCASH
und seinem Bild drauf.Man kommt nicht weiter wie die eingabeaufforderung
egal wie man started.
Kaspersky Rescue Disk USB/CD Funktionieren nicht.
da kommt immert nur

darcut Warning: Can´t mount root filesystem

Dropping to debug shell

dracut:/#

-----------------------------------------------------------------------
System:
Win 7

Intel (R) Core(TM) i3 CPU M @ 2.27GHz

Sys.Bios Version : V 1.05

VGA Bios Vers: Calpella 1994

Product Name: TraveMate 8572

Manufacturer Name: Acer

Vlt kann mir einer helfen Thx

Habe es jetzt noch mit OTLPE CD versucht , die Cd läd............
und dann kommt ein blauer Bildschirm

A problem has been detected and Windows has been shut down to prevent damage
to your Computer.

If this is the first time you´ve seen this Stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check for Viruses on your computer.Remove any newly installed
hard drives or hard drive controllers. Check your hard drive
to make sure it is properly configured and terminated
Run CHKDSK /F to check for hard drivr corruption, and then
restart your computer.

Technical information:

***STOP:0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x00000000)

http://www.trojaner-board.de/100215-...tml#post671012
Geht auch nicht

t'john · 18.11.2012, 01:13

im BIOS nach SATA Einstellungen suchen und dort von AHCI auf IDE Modus umstellen.

ALMUM · 18.11.2012, 15:43

Und dann???

t'john · 19.11.2012, 03:45

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

ALMUM · 20.11.2012, 17:20

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11/20/2012 5:04:27 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 138.94 Gb Total Space | 98.45 Gb Free Space | 70.85% Space Free | Partition Type: NTFS
Drive E: | 139.05 Gb Total Space | 138.95 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 05:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/03/23 07:25:24 | 000,087,040 | ---- | M] () [Auto] -- D:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/02/06 06:33:26 | 000,342,984 | ---- | M] () [Auto] -- D:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service)
SRV - [2011/08/13 04:13:08 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/08/13 04:13:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/20 19:48:00 | 000,155,232 | ---- | M] (DATEV eG) [On_Demand] -- D:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe -- (DATEV Update-Service)
SRV - [2010/12/24 16:22:01 | 000,330,696 | ---- | M] () [Auto] -- D:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2010/06/02 15:01:20 | 000,310,128 | ---- | M] (Egis Technology Inc. ) [Auto] -- D:\Program Files\Acer Bio Protection\EgisService.exe -- (EgisTec Service)
SRV - [2010/06/02 15:00:26 | 000,257,904 | ---- | M] (Egis Technology Inc. ) [Auto] -- D:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/04/23 03:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/04/22 12:38:54 | 000,129,568 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc)
SRV - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto] -- D:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/26 03:40:52 | 000,628,000 | ---- | M] (Broadcom Corporation.) [Auto] -- D:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010/03/18 13:32:08 | 000,462,888 | R--- | M] (Ericsson AB) [Auto] -- D:\Program Files\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- D:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/02/10 02:10:18 | 000,417,336 | ---- | M] (Conexant Systems, Inc.) [Auto] -- D:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto] -- D:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto] -- D:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/09/30 12:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 12:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 02:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/07/24 04:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- D:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 12:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- D:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/02/06 06:31:52 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012/02/06 06:31:52 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/02/06 06:31:52 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/08/13 04:13:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/08/13 04:13:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/27 20:38:18 | 000,029,232 | ---- | M] (EgisTec) [Kernel | Auto] -- D:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2010/06/23 03:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/09 23:57:20 | 000,025,600 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2010/04/14 21:46:30 | 000,520,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/04/06 21:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/09 09:25:42 | 000,228,904 | ---- | M] (Ericsson AB) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2010/03/03 03:30:26 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand] -- D:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr)
DRV - [2010/03/03 03:30:24 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand] -- D:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis)
DRV - [2010/02/26 03:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/10 02:10:18 | 000,015,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2010/01/25 12:57:48 | 000,054,440 | ---- | M] (Ericsson AB) [Kernel | On_Demand] -- D:\Windows\System32\drivers\e36wscard.sys -- (e36wscard)
DRV - [2010/01/22 11:55:02 | 000,368,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV - [2010/01/22 11:54:58 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV - [2010/01/22 11:54:54 | 000,351,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Mobile Broadband Device Management Driver (WDM)
DRV - [2010/01/22 11:54:46 | 000,301,440 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus) Mobile Broadband Device (WDM)
DRV - [2009/10/26 16:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/09/17 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/05/11 03:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/04/17 13:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto] -- D:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_8572&r=27050810t206l0463z285x4771o320
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_8572&r=27050810t206l0463z285x4771o320
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\helsy_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_8572&r=27050810t206l0463z285x4771o320
IE - HKU\helsy_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=travelmate_8572&r=27050810t206l0463z285x4771o320
IE - HKU\helsy_ON_D\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - D:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\helsy_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}:1.0
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
 
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: D:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: D:\Program Files\McAfee\SiteAdvisor\NPMcFFPlg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files\Acer Bio Protection\FFExt [2010/07/27 20:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/09/05 02:10:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/18 11:23:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/18 11:23:46 | 000,000,000 | ---D | M]
 
[2011/03/18 11:24:06 | 000,000,000 | ---D | M] (No name found) -- D:\Users\helsy\AppData\Roaming\Mozilla\Extensions
[2011/03/18 11:24:06 | 000,000,000 | ---D | M] (No name found) -- D:\Users\helsy\AppData\Roaming\Mozilla\Firefox\Profiles\3bhavpdt.default\extensions
[2011/03/18 11:23:46 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2010/07/27 20:56:22 | 000,000,000 | ---D | M] (SimplePass Online Accounts Extension) -- D:\PROGRAM FILES\ACER BIO PROTECTION\FFEXT
[2012/09/05 02:10:58 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- D:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/03/03 13:06:04 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/03 13:06:04 | 000,002,344 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/03 13:06:04 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/03 13:06:04 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/03 13:06:04 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - D:\Program Files\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - D:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - D:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] D:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] D:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] D:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [cAudioFilterAgent] D:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] D:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] D:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] D:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] D:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] D:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] D:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [ODDPwr] D:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4 - HKLM..\Run: [PLFSetI] D:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [VitaKeyTSR] D:\Program Files\Acer Bio Protection\EgisTSR.exe (Egis Technology Inc. )
O4 - HKU\helsy_ON_D..\Run: [CONNMGRTRAY]  File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: D:\Users\helsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MOBIORDERCHECK.EXE.lnk ()
O4 - Startup: D:\Users\helsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Broken Internet access at catalog 000000000039
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - D:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - D:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\helsy_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\helsy_ON_D Winlogon: Shell - (C:\Users\helsy\AppData\Roaming\msconfig.dat) - D:\Users\helsy\AppData\Roaming\msconfig.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/05/05 16:39:20 | 000,000,122 | RHS- | M] () - F:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{146670e7-51d4-11e1-9bb0-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{146670e7-51d4-11e1-9bb0-028037ec0200}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{173addd2-0fa1-11e0-9bd0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{173addd2-0fa1-11e0-9bd0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{173ade1b-0fa1-11e0-9bd0-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{173ade1b-0fa1-11e0-9bd0-028037ec0200}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1742e3ee-adf4-11e0-a8a4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1742e3ee-adf4-11e0-a8a4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1bc1650f-523c-11e1-9d0b-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{1bc1650f-523c-11e1-9d0b-028037ec0200}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{3d9740a1-50be-11e1-b04d-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{3d9740a1-50be-11e1-b04d-028037ec0200}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{7c54a811-d0e0-11e1-9f77-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{7c54a811-d0e0-11e1-9f77-028037ec0200}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{a3309bd2-50b5-11e1-9c2f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a3309bd2-50b5-11e1-9c2f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{a3309c34-50b5-11e1-9c2f-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{a3309c34-50b5-11e1-9c2f-028037ec0200}\Shell\AutoRun\command - "" = E:\.\Setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/16 02:30:26 | 000,000,000 | ---D | C] -- D:\Users\helsy\AppData\Local\{325B54CF-6942-4D45-BF26-AC94AE91C93E}
[2012/11/14 02:15:43 | 000,000,000 | ---D | C] -- D:\Users\helsy\AppData\Local\{C21BD929-A092-48D9-A832-A2BAF3DF0606}
[2012/11/12 01:58:50 | 000,000,000 | ---D | C] -- D:\Users\helsy\AppData\Local\{C1488ABB-2447-4CD5-9A1F-563232ACB92F}
[2012/11/10 02:45:15 | 000,000,000 | ---D | C] -- D:\Users\helsy\AppData\Local\{BAEEB367-ECCC-4701-B73D-57887A1E8151}
[2012/11/09 02:13:05 | 000,000,000 | ---D | C] -- D:\Users\helsy\AppData\Local\{42EB505E-97A6-48BF-9892-E61AEC53B7BF}
[2012/11/08 05:39:30 | 000,000,000 | ---D | C] -- D:\Users\helsy\AppData\Local\{E0C72ACC-4D35-40F6-8731-840DEF44E109}
[2012/11/05 02:03:07 | 000,000,000 | ---D | C] -- D:\Users\helsy\AppData\Local\{1F5BF692-83E1-48F7-99B2-F00F76E54419}
[2012/11/02 02:08:39 | 000,000,000 | ---D | C] -- D:\Users\helsy\AppData\Local\{41B42EE0-E16E-4895-8304-5C6164C8631B}
[2012/10/29 02:16:56 | 000,000,000 | ---D | C] -- D:\Users\helsy\AppData\Local\{8FFBA68B-33A3-4A4F-B18E-109737B4B64B}
[2012/10/26 01:44:09 | 000,000,000 | ---D | C] -- D:\Users\helsy\AppData\Local\{DB549798-D14F-4288-B110-BCE7ABEDB687}
[2010/06/23 23:49:33 | 000,004,096 | ---- | C] ( ) -- D:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/19 10:17:57 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/11/19 10:16:30 | 1853,214,720 | -HS- | M] () -- D:\hiberfil.sys
[2012/11/19 10:15:42 | 000,196,608 | ---- | M] () -- D:\Windows\System32\Ikeext.etl
[2012/11/19 10:15:11 | 000,000,047 | ---- | M] () -- D:\Users\helsy\AppData\Roaming\msconfig.ini
[2012/11/17 11:31:15 | 000,001,094 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/17 11:06:05 | 000,711,120 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/11/17 11:06:05 | 000,662,740 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/11/17 11:06:05 | 000,153,548 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/11/17 11:06:05 | 000,123,934 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/11/17 06:46:36 | 000,009,712 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 06:46:36 | 000,009,712 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 12:05:00 | 000,001,098 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/16 10:37:11 | 000,000,952 | -HS- | M] () -- D:\ProgramData\KGyGaAvL.sys
 
========== Files Created - No Company Name ==========
 
[2012/11/16 10:17:26 | 000,000,047 | ---- | C] () -- D:\Users\helsy\AppData\Roaming\msconfig.ini
[2012/05/14 06:55:18 | 000,000,021 | ---- | C] () -- D:\Windows\DvInesKurusOleServer003.INI
[2012/05/14 06:55:01 | 000,000,101 | ---- | C] () -- D:\Windows\dvinesinstalllocation001.INI
[2012/05/14 06:43:17 | 000,000,102 | ---- | C] () -- D:\Windows\Startup.INI
[2012/02/06 03:31:03 | 000,066,919 | ---- | C] () -- D:\Users\helsy\AppData\Roaming\msconfig.dat
[2011/03/18 11:23:54 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2010/12/24 13:54:27 | 000,000,034 | ---- | C] () -- D:\Windows\cdplayer.ini
[2010/12/15 05:09:01 | 000,000,056 | -H-- | C] () -- D:\Windows\System32\ezsidmv.dat
[2010/08/14 06:03:54 | 000,000,952 | -HS- | C] () -- D:\ProgramData\KGyGaAvL.sys
[2010/07/28 06:25:01 | 000,711,120 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2010/07/28 06:25:01 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2010/07/28 06:25:01 | 000,153,548 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2010/07/28 06:25:01 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2010/07/27 20:40:45 | 000,206,208 | ---- | C] () -- D:\Windows\PLFSetI.exe
[2010/07/27 20:40:45 | 000,113,264 | ---- | C] () -- D:\Windows\FixUVC.exe
[2010/07/27 20:40:45 | 000,000,302 | ---- | C] () -- D:\Windows\PidList_C.ini
[2010/06/23 23:49:34 | 000,870,560 | ---- | C] () -- D:\Windows\System32\igkrng575.bin
[2010/06/23 23:49:34 | 000,208,896 | ---- | C] () -- D:\Windows\System32\iglhsip32.dll
[2010/06/23 23:49:34 | 000,143,360 | ---- | C] () -- D:\Windows\System32\iglhcp32.dll
[2010/06/23 23:49:33 | 000,127,868 | ---- | C] () -- D:\Windows\System32\igcompkrng575.bin
[2010/06/23 23:49:33 | 000,104,636 | ---- | C] () -- D:\Windows\System32\igfcg575m.bin
[2010/06/23 23:49:33 | 000,000,151 | ---- | C] () -- D:\Windows\System32\GfxUI.exe.config
[2010/06/23 23:03:07 | 000,001,096 | ---- | C] () -- D:\Windows\System32\drivers\SamSfPa.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,446,168 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,662,740 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,123,934 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2007/01/15 02:19:16 | 000,016,473 | ---- | C] () -- D:\Windows\System32\SELF32.INI
 
========== LOP Check ==========
 
[2010/06/23 23:23:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Acer
[2010/06/23 23:04:31 | 000,000,000 | ---D | M] -- D:\ProgramData\AmUStor
[2010/08/09 07:16:50 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/06/23 23:28:28 | 000,000,000 | ---D | M] -- D:\ProgramData\BackupManager
[2011/07/10 05:07:09 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2012/02/17 12:40:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Canneverbe Limited
[2012/05/14 06:52:21 | 000,000,000 | ---D | M] -- D:\ProgramData\DATEV
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/08/09 07:16:50 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2010/07/27 20:56:29 | 000,000,000 | ---D | M] -- D:\ProgramData\EgisTec
[2010/07/27 21:14:50 | 000,000,000 | ---D | M] -- D:\ProgramData\EgisTec IPS
[2010/06/23 23:15:04 | 000,000,000 | ---D | M] -- D:\ProgramData\eSobi
[2010/08/09 07:16:50 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/02/06 03:26:04 | 000,000,000 | ---D | M] -- D:\ProgramData\maxdome
[2012/02/06 10:13:56 | 000,000,000 | ---D | M] -- D:\ProgramData\nightclub.de
[2010/08/09 07:18:27 | 000,000,000 | ---D | M] -- D:\ProgramData\OEM
[2010/09/18 04:07:17 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/08/09 07:16:50 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2010/08/09 07:16:50 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/07/07 01:09:04 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 11/20/2012 5:13:09 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 138.94 Gb Total Space | 98.45 Gb Free Space | 70.85% Space Free | Partition Type: NTFS
Drive E: | 139.05 Gb Total Space | 138.95 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{1164B166-AE7D-4CD2-B641-E30A9A7AC992}" = Mobile Broadband drivers
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E49D2F5-18C5-4097-B30B-9AC73168B5E9}" = Acer 3G Connection Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.181.602
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F26DE123-C491-4D8C-BC86-FDF604F00226}" = Broadcom Gigabit Integrated Controller
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD588AD4-9150-4A41-83E8-61596E0954E4}" = Fingerprint Solution
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CDex" = CDex extraction audio
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DATEVB00000482.0" = DATEV Installation V.2.8
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"InstallShield_{FD588AD4-9150-4A41-83E8-61596E0954E4}" = Acer Bio Protection
"INTERSPORT Orderportal 2.0_is1" = INTERSPORT Orderportal 2.0
"LManager" = Launch Manager
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MyCamera" = Canon Utilities MyCamera
"nightclub.de - Ihre Online Videothek_is1" = nightclub.de - Ihre Online Videothek Version 3.1.0
"Office14.STANDARD" = Microsoft Office Standard 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PhotoStitch" = Canon Utilities PhotoStitch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
< End of report >

--- --- ---

t'john · 21.11.2012, 04:18

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O4 - HKU\helsy_ON_D..\Run: [CONNMGRTRAY] File not found 
O20 - HKU\helsy_ON_D Winlogon: Shell - (C:\Users\helsy\AppData\Roaming\msconfig.dat) - D:\Users\helsy\AppData\Roaming\msconfig.dat () 
[2012/02/06 03:31:03 | 000,066,919 | ---- | C] () -- D:\Users\helsy\AppData\Roaming\msconfig.dat 
[2011/07/10 05:07:09 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess 
:Files
D:\ProgramData\*.exe
D:\ProgramData\*.dll
D:\ProgramData\*.tmp
D:\ProgramData\TEMP
D:\Users\helsy\*.tmp
D:\Users\helsy\AppData\Local\Temp\*.exe
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

ALMUM · 06.12.2012, 14:26

HTML-Code:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_USERS\helsy_ON_D\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\helsy_ON_D\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon not found.
D:\Users\helsy\AppData\Roaming\msconfig.dat moved successfully.
File D:\Users\helsy\AppData\Roaming\msconfig.dat not found.
D:\ProgramData\boost_interprocess\D91D3434E73ECC01 folder moved successfully.
D:\ProgramData\boost_interprocess folder moved successfully.
========== FILES ==========
File\Folder D:\ProgramData\*.exe not found.
File\Folder D:\ProgramData\*.dll not found.
File\Folder D:\ProgramData\*.tmp not found.
File\Folder D:\ProgramData\TEMP not found.
File\Folder D:\Users\helsy\*.tmp not found.
File\Folder D:\Users\helsy\AppData\Local\Temp\*.exe not found.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
D:\Users\helsy\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
D:\cmd.bat deleted successfully.
D:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
 
User: Default User
 
User: helsy
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 186 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 11212012_195819

läuft wieder auser Internet geht nicht lg

t'john · 06.12.2012, 17:24

Sehr gut!

ggf. mit USB Stick von anderem PC

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

t'john · 12.02.2013, 08:13

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

18.11.2012, 01:13	#2
t'john /// Helfer-Team	UKCASH Virus mit webcam Komme nicht mehr auf desktop im BIOS nach SATA Einstellungen suchen und dort von AHCI auf IDE Modus umstellen. __________________ __________________

UKCASH Virus mit webcam Komme nicht mehr auf desktop

Plagegeister aller Art und deren Bekämpfung: UKCASH Virus mit webcam Komme nicht mehr auf desktop