Regestrieeinträge lassen sich nicht löschen

WaoWap · 18.04.2010, 20:50

Tag auch.

Ich habe mein System mit TrojanHunter geprüft und der hat mir folgendes gesagt. Die angezeigten Einträge können jedoch nicht entfernd werden.

Antivir kann dazu nichts finden.
Daher hab ich mal einen High-Log erstellt.
Vlt. könnt ihr mir helfen und mir sagen wie man das wieder weg bekommt.

Danke

Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:05, on 18.04.2010
Platform: Unknown Windows (WinNT 6.01.3504) ---> Windwos 7
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\TrojanHunter 5.3\THGuard.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TrojanHunter 5.1\THGuard.exe
C:\Program Files (x86)\TrojanHunter 5.1\TrojanHunter.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360410j345l0484z155t44l2k911
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360410j345l0484z155t44l2k911
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360410j345l0484z155t44l2k911
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [THGuard] "C:\Program Files (x86)\TrojanHunter 5.1\THGuard.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11544 bytes

cosinus · 19.04.2010, 11:11

Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

WaoWap · 19.04.2010, 12:10

Anbei die fehlenden logs.

Was ich noch anmerken möchte. Ich habe halt Probleme mit der Steam-Serverliste. Nach langen Tests bin ich zu dem Ergebnis gekommen, dass nurnoch Adware oder Ähnlichees für die Störung verandwortlich sein kann.
Und das einzige was auffällig war, war der Scan bei TrojanHunter mit der angeblich gefundenen BHO.342 (Adware) -> siehe Bild

Zitat:

OTL Extras logfile created on: 19.04.2010 12:54:12 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Markus\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 414,28 Gb Free Space | 91,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHORTY
Current User Name: Markus
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"Defraggler" = Defraggler
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"ST6UNST #1" = BurnSoft PortScanner ver 3.0
"Steam App 10" = Counter-Strike
"TrojanHunter_is1" = TrojanHunter 5.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05.03.2010 23:42:34 | Computer Name = WIN-I6E7CUABU3T | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.03.2010 23:42:34 | Computer Name = WIN-I6E7CUABU3T | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.03.2010 23:42:34 | Computer Name = WIN-I6E7CUABU3T | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.03.2010 23:42:34 | Computer Name = WIN-I6E7CUABU3T | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error - 05.03.2010 23:42:35 | Computer Name = WIN-I6E7CUABU3T | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error - 14.04.2010 05:54:19 | Computer Name = Shorty | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Markus\AppData\Local\Temp\RarSFX0\redist.dll".
Die
abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 15.04.2010 11:43:32 | Computer Name = Shorty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002dd7e ID des fehlerhaften Prozesses:
0x1e8 Startzeit der fehlerhaften Anwendung: 0x01cadcb266240756 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Trojancheck 6\tc6.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\ntdll.dll Berichtskennung: a50359fd-48a5-11df-ab0a-705ab63e6e2f

Error - 15.04.2010 11:44:03 | Computer Name = Shorty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: tc6.exe, Version: 6.0.0.0, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001f6c ID des fehlerhaften Prozesses:
0xd38 Startzeit der fehlerhaften Anwendung: 0x01cadcb26e4e7322 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Trojancheck 6\tc6.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\Trojancheck 6\tc6.exe Berichtskennung: b6fa00d3-48a5-11df-ab0a-705ab63e6e2f

Error - 15.04.2010 11:45:05 | Computer Name = Shorty | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00013aff ID des fehlerhaften
Prozesses: 0x1194 Startzeit der fehlerhaften Anwendung: 0x01cadcb27a74d39d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Trojancheck 6\tc6.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: dbfc1dec-48a5-11df-ab0a-705ab63e6e2f

[ System Events ]
Error - 14.04.2010 06:00:12 | Computer Name = Shorty | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5

Error - 14.04.2010 07:08:06 | Computer Name = Shorty | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 14.04.2010 07:08:06 | Computer Name = Shorty | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 14.04.2010 08:47:10 | Computer Name = Shorty | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ICQ Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 14.04.2010 08:47:10 | Computer Name = Shorty | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ICQ Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

< End of report >

Zitat:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4006

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.04.2010 12:51:40
mbam-log-2010-04-19 (12-51-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 211478
Laufzeit: 26 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 19.04.2010, 12:53

Das andere OTL-Log vermisse ich (OTL erzeugt die OTL.log und die extras.log, letztere hast Du nur gepostet)

WaoWap · 19.04.2010, 13:07

x ) tut mir leid. der hat beides mal nur eins ausgespuckt. beim 2. mal war es das normale, nicht das "extras"

Zitat:

OTL logfile created on: 19.04.2010 14:02:57 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Markus\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 414,29 Gb Free Space | 91,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHORTY
Current User Name: Markus
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\TrojanHunter 5.1\THGuard.exe (Mischel Internet Security)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mwlPSDVDisk) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDVdisk.sys (Egis Technology Inc.)
DRV - (mwlPSDFilter) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDFilter.sys (Egis Technology Inc.)
DRV - (mwlPSDNServ) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDNServ.sys (Egis Technology Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360410j345l0484z155t44l2k911
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360410j345l0484z155t44l2k911
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360410j345l0484z155t44l2k911
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360410j345l0484z155t44l2k911

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360410j345l0484z155t44l2k911
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: treestyletab@piro.sakura.ne.jp:0.10.2010040201
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.14 12:08:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.15 15:07:19 | 000,000,000 | ---D | M]

[2010.04.14 12:08:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions
[2010.04.18 20:43:57 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\dzx072o4.default\extensions
[2010.04.14 14:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\dzx072o4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.18 20:43:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\dzx072o4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.15 19:46:47 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\dzx072o4.default\extensions\treestyletab@piro.sakura.ne.jp
[2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Mozilla\FireFox\Profiles\dzx072o4.default\searchplugins\icqplugin.xml
[2010.04.15 15:07:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [THGuard] C:\Program Files (x86)\TrojanHunter 5.1\THGuard.exe (Mischel Internet Security)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.19 12:24:45 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2010.04.19 12:24:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.19 12:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.19 12:24:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.19 12:24:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.04.18 21:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.04.18 20:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.1
[2010.04.18 20:54:59 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\Neuer Ordner
[2010.04.17 00:26:53 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\ElevatedDiagnostics
[2010.04.17 00:22:45 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\FixItCenter
[2010.04.17 00:19:25 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2010.04.17 00:19:24 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Fix it Center
[2010.04.16 11:40:26 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.04.16 11:37:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010.04.15 20:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Port Scanner
[2010.04.15 19:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BurnSoft
[2010.04.15 19:08:13 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.04.15 19:08:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.04.15 18:49:57 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\TrojanHunter
[2010.04.15 18:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.04.15 18:02:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.04.15 17:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.3
[2010.04.15 17:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojancheck 6
[2010.04.15 15:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.04.15 15:07:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010.04.15 15:07:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.04.15 15:07:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.04.15 15:07:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.04.15 15:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.04.15 12:52:59 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Microsoft Help
[2010.04.15 10:55:13 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.04.15 10:55:13 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.04.15 10:55:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.04.15 10:55:12 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.04.15 10:55:12 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.04.15 10:55:12 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.04.15 10:55:12 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.04.15 10:55:12 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.04.15 10:55:12 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.04.15 10:55:12 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.04.15 10:55:12 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.04.15 10:55:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.04.15 10:55:11 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.04.15 10:55:11 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.04.15 10:55:11 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.04.15 10:55:11 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.04.15 10:55:11 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.04.15 10:55:11 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.04.15 10:55:10 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.04.15 10:55:10 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.04.15 10:55:10 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.04.15 10:55:10 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.04.15 10:55:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.04.15 10:55:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.04.15 10:55:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.04.15 10:55:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.04.15 10:55:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.04.15 10:55:09 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.04.15 10:55:09 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.04.15 10:55:09 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.04.15 10:55:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.04.15 10:55:04 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.04.15 10:55:04 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.04.15 10:55:04 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.04.15 10:55:03 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.04.15 10:55:03 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.04.15 10:55:03 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.04.15 10:55:03 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.04.15 10:55:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.04.15 10:55:01 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.04.15 10:55:00 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.04.15 10:55:00 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.04.15 10:55:00 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.04.15 10:55:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.04.15 10:55:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.04.15 10:55:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.04.15 10:55:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.04.15 10:55:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.04.15 10:54:59 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.04.15 10:54:59 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.04.15 10:54:59 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.04.15 10:54:58 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.04.15 10:54:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.04.15 10:54:57 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.04.15 10:54:57 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.04.15 10:54:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.04.15 10:54:57 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.04.15 10:54:57 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.04.15 10:54:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.04.15 10:54:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.04.14 18:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Friends Games
[2010.04.14 17:03:06 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\WinRAR
[2010.04.14 17:02:56 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.04.14 15:30:58 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Avira
[2010.04.14 14:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.04.14 14:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.04.14 14:46:35 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\ICQ
[2010.04.14 14:46:34 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\AOL
[2010.04.14 14:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.1
[2010.04.14 13:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.04.14 13:06:03 | 000,000,000 | ---D | C] -- C:\Games
[2010.04.14 12:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2010.04.14 12:47:21 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Adobe
[2010.04.14 12:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.04.14 12:28:03 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler
[2010.04.14 12:08:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Mozilla
[2010.04.14 12:08:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Mozilla
[2010.04.14 12:08:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.04.14 11:59:58 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.04.14 11:59:58 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.04.14 11:59:58 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.04.14 11:59:58 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.04.14 11:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.14 11:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.04.14 11:49:10 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Adobe
[2010.04.14 11:49:07 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Google
[2010.04.14 11:49:07 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Google
[2010.04.14 11:28:07 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.04.14 11:28:06 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.04.14 11:28:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.04.14 11:28:06 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.04.14 11:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McQcModifier-5c47-a7b0
[2010.04.14 11:27:10 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Intel Corporation
[2010.04.14 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Macromedia
[2010.04.14 11:26:54 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\EgisTec
[2010.04.14 11:26:27 | 000,000,000 | R--D | C] -- C:\Users\Markus\Searches
[2010.04.14 11:26:15 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Identities
[2010.04.14 11:26:12 | 000,000,000 | R--D | C] -- C:\Users\Markus\Contacts
[2010.04.14 11:26:09 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\VirtualStore
[2010.04.14 11:24:51 | 000,000,000 | ---D | C] -- C:\Programme\Acer Accessory Store
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Vorlagen
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Verlauf
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Temporary Internet Files
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Startmenü
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\SendTo
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Recent
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Netzwerkumgebung
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Lokale Einstellungen
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Videos
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Musik
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Eigene Dateien
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Bilder
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Druckumgebung
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Cookies
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Anwendungsdaten
[2010.04.14 11:24:30 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Anwendungsdaten
[2010.04.14 11:24:30 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Temp
[2010.04.14 11:24:30 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Microsoft
[2010.04.14 11:24:30 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Media Center Programs
[2010.04.14 11:24:29 | 000,000,000 | --SD | C] -- C:\Users\Markus\AppData\Roaming\Microsoft
[2010.04.14 11:24:29 | 000,000,000 | R--D | C] -- C:\Users\Markus\Videos
[2010.04.14 11:24:29 | 000,000,000 | R--D | C] -- C:\Users\Markus\Saved Games
[2010.04.14 11:24:29 | 000,000,000 | R--D | C] -- C:\Users\Markus\Pictures
[2010.04.14 11:24:29 | 000,000,000 | R--D | C] -- C:\Users\Markus\Music
[2010.04.14 11:24:29 | 000,000,000 | R--D | C] -- C:\Users\Markus\Links
[2010.04.14 11:24:29 | 000,000,000 | R--D | C] -- C:\Users\Markus\Favorites
[2010.04.14 11:24:29 | 000,000,000 | R--D | C] -- C:\Users\Markus\Downloads
[2010.04.14 11:24:29 | 000,000,000 | R--D | C] -- C:\Users\Markus\Documents
[2010.04.14 11:24:29 | 000,000,000 | R--D | C] -- C:\Users\Markus\Desktop
[2010.04.14 11:24:29 | 000,000,000 | -H-D | C] -- C:\Users\Markus\AppData
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.04.14 11:24:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.01.16 05:34:32 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2010.04.19 14:03:21 | 005,242,880 | -HS- | M] () -- C:\Users\Markus\NTUSER.DAT
[2010.04.19 13:34:19 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.19 13:34:19 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.19 13:30:25 | 000,007,605 | ---- | M] () -- C:\Users\Markus\AppData\Local\resmon.resmoncfg
[2010.04.19 13:26:32 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.19 13:26:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.19 13:26:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.19 13:26:02 | 3113,308,160 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.19 13:25:25 | 002,200,264 | -H-- | M] () -- C:\Users\Markus\AppData\Local\IconCache.db
[2010.04.19 13:13:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.19 12:24:35 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.19 10:45:32 | 000,000,510 | ---- | M] () -- C:\Windows\win.ini
[2010.04.18 21:42:01 | 000,085,707 | ---- | M] () -- C:\Users\Markus\Desktop\TrojanHunter.JPG
[2010.04.18 21:12:32 | 000,002,101 | ---- | M] () -- C:\Users\Markus\Desktop\HijackThis.lnk
[2010.04.18 20:58:13 | 000,000,032 | ---- | M] () -- C:\Windows\SysNative\thxcfg.ini
[2010.04.18 20:58:00 | 000,001,013 | ---- | M] () -- C:\Users\Markus\Desktop\TrojanHunter.lnk
[2010.04.17 09:30:06 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.17 09:30:06 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.04.17 09:30:06 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.17 09:30:06 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.04.17 09:30:06 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.17 00:19:25 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix*it Center.lnk
[2010.04.16 13:57:51 | 000,065,115 | ---- | M] () -- C:\Users\Markus\Desktop\Unbenannt.JPG
[2010.04.16 11:42:42 | 000,001,181 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010.04.15 19:37:43 | 000,001,642 | ---- | M] () -- C:\Users\Markus\Desktop\Counter-Strike.lnk
[2010.04.15 19:37:18 | 000,000,997 | ---- | M] () -- C:\Users\Markus\Desktop\Steam.exe - Verknüpfung.lnk
[2010.04.15 19:08:13 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.04.15 19:08:12 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.04.15 18:53:38 | 000,000,036 | ---- | M] () -- C:\Users\Markus\AppData\Local\housecall.guid.cache
[2010.04.15 17:53:35 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll
[2010.04.15 16:07:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.04.15 15:07:39 | 000,001,029 | ---- | M] () -- C:\Users\Markus\Desktop\JDownloader.lnk
[2010.04.15 15:07:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010.04.15 15:07:08 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.04.15 15:07:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.04.15 15:07:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.04.14 18:13:42 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.04.14 18:13:42 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.04.14 15:04:28 | 000,000,077 | ---- | M] () -- C:\desktop.scf
[2010.04.14 12:58:37 | 000,001,130 | ---- | M] () -- C:\Users\Markus\Desktop\EVEREST Ultimate Edition.lnk
[2010.04.14 12:28:41 | 000,001,893 | ---- | M] () -- C:\Users\Markus\Desktop\CCleaner.lnk
[2010.04.14 12:28:04 | 000,001,728 | ---- | M] () -- C:\Users\Markus\Desktop\Defraggler.lnk
[2010.04.14 12:08:19 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.04.14 11:43:06 | 000,524,288 | -HS- | M] () -- C:\Users\Markus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.04.14 11:43:06 | 000,524,288 | -HS- | M] () -- C:\Users\Markus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.04.14 11:43:06 | 000,065,536 | -HS- | M] () -- C:\Users\Markus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.04.14 11:24:56 | 000,079,152 | ---- | M] () -- C:\Users\Markus\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.14 11:24:53 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\Acer Zubehör Shop.lnk
[2010.04.14 11:24:30 | 000,000,020 | -HS- | M] () -- C:\Users\Markus\ntuser.ini
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010.04.19 13:29:51 | 000,007,605 | ---- | C] () -- C:\Users\Markus\AppData\Local\resmon.resmoncfg
[2010.04.19 12:24:35 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.18 21:42:01 | 000,085,707 | ---- | C] () -- C:\Users\Markus\Desktop\TrojanHunter.JPG
[2010.04.18 21:12:32 | 000,002,101 | ---- | C] () -- C:\Users\Markus\Desktop\HijackThis.lnk
[2010.04.18 20:58:13 | 000,000,032 | ---- | C] () -- C:\Windows\SysNative\thxcfg.ini
[2010.04.18 20:58:00 | 000,001,013 | ---- | C] () -- C:\Users\Markus\Desktop\TrojanHunter.lnk
[2010.04.17 00:19:25 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Fix*it Center.lnk
[2010.04.16 13:57:51 | 000,065,115 | ---- | C] () -- C:\Users\Markus\Desktop\Unbenannt.JPG
[2010.04.16 11:42:42 | 000,001,181 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010.04.15 19:37:03 | 000,000,997 | ---- | C] () -- C:\Users\Markus\Desktop\Steam.exe - Verknüpfung.lnk
[2010.04.15 18:53:38 | 000,000,036 | ---- | C] () -- C:\Users\Markus\AppData\Local\housecall.guid.cache
[2010.04.15 17:53:29 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2010.04.15 16:07:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.04.15 15:07:39 | 000,001,029 | ---- | C] () -- C:\Users\Markus\Desktop\JDownloader.lnk
[2010.04.14 15:03:19 | 000,000,077 | ---- | C] () -- C:\desktop.scf
[2010.04.14 13:10:08 | 000,001,642 | ---- | C] () -- C:\Users\Markus\Desktop\Counter-Strike.lnk
[2010.04.14 12:58:37 | 000,001,130 | ---- | C] () -- C:\Users\Markus\Desktop\EVEREST Ultimate Edition.lnk
[2010.04.14 12:28:41 | 000,001,893 | ---- | C] () -- C:\Users\Markus\Desktop\CCleaner.lnk
[2010.04.14 12:28:04 | 000,001,728 | ---- | C] () -- C:\Users\Markus\Desktop\Defraggler.lnk
[2010.04.14 12:08:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.04.14 12:03:48 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.14 12:03:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.14 11:24:52 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\Acer Zubehör Shop.lnk
[2010.04.14 11:24:30 | 000,524,288 | -HS- | C] () -- C:\Users\Markus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.04.14 11:24:30 | 000,524,288 | -HS- | C] () -- C:\Users\Markus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.04.14 11:24:30 | 000,262,144 | -HS- | C] () -- C:\Users\Markus\ntuser.dat.LOG1
[2010.04.14 11:24:30 | 000,065,536 | -HS- | C] () -- C:\Users\Markus\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.04.14 11:24:30 | 000,000,020 | -HS- | C] () -- C:\Users\Markus\ntuser.ini
[2010.04.14 11:24:30 | 000,000,000 | -HS- | C] () -- C:\Users\Markus\ntuser.dat.LOG2
[2010.04.14 11:24:29 | 005,242,880 | -HS- | C] () -- C:\Users\Markus\NTUSER.DAT
[2010.01.16 05:34:11 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
< End of report >

cosinus · 19.04.2010, 13:20

Die Logs sehen ok aus. Diesen TrojanHunter kenn ich nicht, ih würd dem nicht allzuviel Vertrauen schenken...

Überhaupt Probleme mit dem Rechner bis auf die angeblich schädlichen Registry-Einträge?

WaoWap · 19.04.2010, 13:27

Ja wie gesagt, bei Steam hab ich Probleme mit der Serverliste, Server zu finden und die Verbindung zu den Servern inerhalb der Liste zu halten (nicht im Spiel).

Hab da schon den Router gecheckt und die erforderlichen Ports freigeschaltet.
Auch eventuelle Firewalls, Virenprogramme und Windows blocken Steam nicht.

Daher dachte ich es könnte evt. an Adware liegen.

Aber irgw. bin ich mit meinem Latein am Ende.

Letzten endes war das der Grund warum ich meinen Rechner halt diese Tests unterzogen hab.

19.04.2010, 12:53	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Regestrieeinträge lassen sich nicht löschen Das andere OTL-Log vermisse ich (OTL erzeugt die OTL.log und die extras.log, letztere hast Du nur gepostet) __________________ Logfiles bitte immer in CODE-Tags posten

19.04.2010, 13:20	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Regestrieeinträge lassen sich nicht löschen Die Logs sehen ok aus. Diesen TrojanHunter kenn ich nicht, ih würd dem nicht allzuviel Vertrauen schenken... Überhaupt Probleme mit dem Rechner bis auf die angeblich schädlichen Registry-Einträge? __________________ --> Regestrieeinträge lassen sich nicht löschen

Regestrieeinträge lassen sich nicht löschen

Log-Analyse und Auswertung: Regestrieeinträge lassen sich nicht löschen