Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antimailware Doktor Befall

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.08.2010, 21:40   #1
Flare
 
Antimailware Doktor Befall - Beitrag

Antimailware Doktor Befall



Hey liebe Com,

auch ich bin aufgrund irgendeiner Flash-Seite nicht von dem wohl nervigsten Plagegeist #1, dem Antimailware-Doctor, nicht verschont geblieben. Hab mir jetzt rkill.exe runtergeladen, damit alle Prozesse vom AMW-Doctor gestoppt werden und im Anschluss darauf zweimal Malwarebytes drüber scannen lassen. Nach nem Neustart tauchen aber bereits die altbekannten Probleme erneut auf und ein Hagel an Werbung und Nachrichten erscheint wie aus dem Nichts auf meinem Bildschirm. Es ist wirklich lästig, hoffentlich kann mir hier jemand helfen.

Hier die log-files von MWB:

Malwarebytes nach dem 1. Scan:

Code:
ATTFilter
01.08.2010 11:53:55
mbam-log-2010-08-01 (11-53-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 232106
Laufzeit: 1 Stunde(n), 1 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Malwarebytes nach dem 2. Scan:


Code:
ATTFilter
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 232280
Laufzeit: 3 Stunde(n), 1 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
OTL-Logs:

Code:
ATTFilter
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - c:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - c:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer VCM\VC.exe (Acer Incoporated)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IGBASVC) -- c:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (AlfaFF) -- C:\Windows\system32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (FPSensor) EgisTech-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\System32\drivers\FPSensor.sys (Egis)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_7738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_7738
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_7738
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.1.14
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.2.106
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NRO&o=101917&locale=de_DE&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 21:10:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 21:10:22 | 000,000,000 | ---D | M]
 
[2009.12.19 21:48:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2010.07.31 22:54:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\pwyzupcv.default\extensions
[2009.12.23 13:18:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\pwyzupcv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.02 19:20:37 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\pwyzupcv.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
[2010.05.12 23:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\pwyzupcv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.12.30 06:18:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\pwyzupcv.default\extensions\bookmarkpreviews@mozdev.org
[2010.07.03 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\pwyzupcv.default\extensions\toolbar@ask.com
[2010.08.01 15:12:07 | 000,002,253 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\pwyzupcv.default\searchplugins\askcom.xml
[2010.01.03 19:11:01 | 000,002,163 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\pwyzupcv.default\searchplugins\bing.xml
[2010.07.25 20:54:03 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\pwyzupcv.default\searchplugins\icqplugin-1.xml
[2010.07.04 05:19:39 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\pwyzupcv.default\searchplugins\icqplugin-2.xml
[2010.07.24 03:44:09 | 000,000,950 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\pwyzupcv.default\searchplugins\icqplugin-3.xml
[2010.05.12 23:05:43 | 000,000,168 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\pwyzupcv.default\searchplugins\icqplugin.gif
[2010.05.12 23:05:43 | 000,000,618 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\pwyzupcv.default\searchplugins\icqplugin.src
[2010.07.02 07:33:51 | 000,000,947 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\pwyzupcv.default\searchplugins\icqplugin.xml
[2010.08.01 21:31:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.29 12:08:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.01 21:31:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.09.21 10:59:40 | 001,275,296 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv501.dll
[2010.08.01 21:10:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.01 21:10:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.01 21:10:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.01 21:10:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.01 21:10:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VitaKeyPdtWzd] c:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ\ICQ6\ICQ.exe (ICQ, Inc.)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ\ICQ6\ICQ.exe (ICQ, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Chris\AppData\Roaming\ogix.exe) - C:\Users\Chris\AppData\Roaming\ogix.exe File not found
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d5ff9d22-1719-11df-82c5-001f16bdfc68}\Shell\AutoRun\command - "" = E:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.01 22:31:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.01 21:32:08 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.08.01 21:31:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.01 21:31:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.01 21:31:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.29 12:08:40 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.29 12:03:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Avira
[2010.07.29 11:54:32 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.07.29 11:54:32 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.07.28 11:32:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\Application Data
[2010.07.27 18:54:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\HHB_MixP3_9458
[2010.07.27 18:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.07.27 14:13:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2010.07.27 14:12:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.27 14:12:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.27 14:12:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.27 14:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.27 12:34:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\fhtexjviw
[2010.07.27 12:34:43 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Roaming\lowsec
[2010.07.27 12:34:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\09FD9C70E768F60812737987054A3AEF
[2010.07.26 23:04:59 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\VDownloader
[2010.07.19 13:52:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Satire_-_I Need Aufmerksamkeit
[2010.07.18 12:23:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Eminem - Recovery (2010)
[2010.07.15 18:50:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\30 Seconds to Mars - This is War
[2010.07.15 18:49:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\30 Seconds to Mars - A Beautiul Lie
[2010.07.11 11:55:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Curren$y - Pilot Talk 2010 Retail
[2010.07.08 20:45:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Hip Hop EJay 6
[2009.08.25 04:04:27 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.01 22:35:48 | 002,097,152 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010.08.01 22:35:10 | 000,768,000 | ---- | M] () -- C:\Windows\System32\drivers\jkqff.sys
[2010.08.01 22:31:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.01 22:18:28 | 004,687,026 | ---- | M] () -- C:\Users\Chris\Desktop\Speedin - Rick Ross ft R. Kelly.mp3
[2010.08.01 22:01:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.01 21:13:25 | 002,156,962 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.01 21:13:25 | 001,060,534 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.01 21:13:25 | 000,555,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.01 21:13:24 | 000,625,822 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.01 21:13:24 | 000,004,926 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.01 21:08:24 | 000,111,608 | ---- | M] () -- C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.01 21:08:22 | 002,328,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.01 21:08:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 21:08:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 21:08:09 | 000,064,943 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.01 21:08:00 | 000,064,943 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.01 21:07:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.01 21:07:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.01 21:07:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.01 21:07:03 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.01 21:06:10 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.01 21:06:10 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.01 21:06:08 | 002,482,493 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010.08.01 12:34:38 | 005,448,547 | ---- | M] () -- C:\Users\Chris\Desktop\The Way (Original Mix) - Klaas.mp3
[2010.07.29 12:15:46 | 000,363,520 | ---- | M] () -- C:\Users\Chris\Desktop\rkill.exe
[2010.07.29 12:11:29 | 000,007,808 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2010.07.29 11:59:47 | 000,027,872 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\UserTile.png
[2010.07.27 19:57:56 | 005,752,822 | ---- | M] () -- C:\Users\Chris\Desktop\Klaas Feat. Jasper Forks - River Flows In You (Eclipse Vocal Version) (Klaas Club Mix).mp3
[2010.07.27 19:04:17 | 011,784,645 | ---- | M] () -- C:\Users\Chris\Desktop\Lady_Gaga_-_Bad_Romance_ALX.mp3
[2010.07.27 14:12:57 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.26 23:15:52 | 000,050,688 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.26 13:40:19 | 027,197,627 | ---- | M] () -- C:\Users\Chris\Desktop\Computerbild_16-2010.rar
[2010.07.25 22:59:18 | 734,113,792 | ---- | M] () -- C:\Users\Chris\Desktop\crcl-kampg.der.titanen.bdrip-cd1.avi
[2010.07.25 21:46:28 | 742,584,872 | ---- | M] () -- C:\Users\Chris\Desktop\Toy.Story.3.2010.German.MD.DVDSCREENER.Xvid.Chefflo.rar
[2010.07.24 13:20:40 | 209,715,200 | ---- | M] () -- C:\Users\Chris\Desktop\D2J_T33ies54to_-_Kale54idot4scope__2009_.part1.rar
[2010.07.20 15:11:12 | 742,595,214 | ---- | M] () -- C:\Users\Chris\Desktop\Moon.DVDRip.MD.German.XviD-XCOPY.rar
[2010.07.17 19:45:55 | 741,232,609 | ---- | M] () -- C:\Users\Chris\Desktop\Das.Zimmer.im.Spiegel.German.DVDRip.XviD-LOGiCAL.rar
[2010.07.17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.15 18:55:09 | 117,447,300 | ---- | M] () -- C:\Users\Chris\Desktop\30.Seconds.To.Mars.30.Seconds.To.Mars.2002.320kbps.rar
[2010.07.13 16:36:58 | 840,846,550 | ---- | M] () -- C:\Users\Chris\Desktop\tor1.rar
[2010.07.10 16:11:21 | 053,038,035 | ---- | M] () -- C:\Users\Chris\Desktop\Ignition.rar
[2010.07.10 12:01:45 | 000,077,426 | ---- | M] () -- C:\Users\Chris\Desktop\exponentialfunktion (1).jpg
[2010.07.10 11:59:14 | 000,118,894 | ---- | M] () -- C:\Users\Chris\Desktop\ableitungen & stammfunktionen.jpg
[2010.07.10 02:06:38 | 000,332,184 | ---- | M] () -- C:\Users\Chris\Desktop\Cover.jpg
[2010.07.10 00:23:08 | 000,334,627 | ---- | M] () -- C:\Users\Chris\Desktop\20 Jahre.jpg
[2010.07.09 23:15:46 | 000,924,049 | ---- | M] () -- C:\Users\Chris\Desktop\cdtemplate-300dpi-v2.zip
[2010.07.04 15:47:42 | 680,132,418 | ---- | M] () -- C:\Users\Chris\Desktop\Corel.VideoStudio.Pro.X3.v13.6.2.36.Multilingual.Incl.Keymaker-CORE.rar
 
========== Files Created - No Company Name ==========
 
[2010.08.01 22:10:14 | 004,687,026 | ---- | C] () -- C:\Users\Chris\Desktop\Speedin - Rick Ross ft R. Kelly.mp3
[2010.08.01 12:34:22 | 005,448,547 | ---- | C] () -- C:\Users\Chris\Desktop\The Way (Original Mix) - Klaas.mp3
[2010.07.29 12:15:24 | 000,363,520 | ---- | C] () -- C:\Users\Chris\Desktop\rkill.exe
[2010.07.27 19:57:36 | 005,752,822 | ---- | C] () -- C:\Users\Chris\Desktop\Klaas Feat. Jasper Forks - River Flows In You (Eclipse Vocal Version) (Klaas Club Mix).mp3
[2010.07.27 19:02:25 | 011,784,645 | ---- | C] () -- C:\Users\Chris\Desktop\Lady_Gaga_-_Bad_Romance_ALX.mp3
[2010.07.27 14:12:57 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.27 12:37:35 | 000,768,000 | ---- | C] () -- C:\Windows\System32\drivers\jkqff.sys
[2010.07.26 13:39:26 | 027,197,627 | ---- | C] () -- C:\Users\Chris\Desktop\Computerbild_16-2010.rar
[2010.07.25 22:22:36 | 734,113,792 | ---- | C] () -- C:\Users\Chris\Desktop\crcl-kampg.der.titanen.bdrip-cd1.avi
[2010.07.25 18:44:39 | 742,584,872 | ---- | C] () -- C:\Users\Chris\Desktop\Toy.Story.3.2010.German.MD.DVDSCREENER.Xvid.Chefflo.rar
[2010.07.24 12:20:18 | 209,715,200 | ---- | C] () -- C:\Users\Chris\Desktop\D2J_T33ies54to_-_Kale54idot4scope__2009_.part1.rar
[2010.07.20 14:47:53 | 742,595,214 | ---- | C] () -- C:\Users\Chris\Desktop\Moon.DVDRip.MD.German.XviD-XCOPY.rar
[2010.07.17 19:21:38 | 741,232,609 | ---- | C] () -- C:\Users\Chris\Desktop\Das.Zimmer.im.Spiegel.German.DVDRip.XviD-LOGiCAL.rar
[2010.07.15 18:49:32 | 117,447,300 | ---- | C] () -- C:\Users\Chris\Desktop\30.Seconds.To.Mars.30.Seconds.To.Mars.2002.320kbps.rar
[2010.07.13 13:01:48 | 840,846,550 | ---- | C] () -- C:\Users\Chris\Desktop\tor1.rar
[2010.07.10 16:10:04 | 053,038,035 | ---- | C] () -- C:\Users\Chris\Desktop\Ignition.rar
[2010.07.10 12:01:45 | 000,077,426 | ---- | C] () -- C:\Users\Chris\Desktop\exponentialfunktion (1).jpg
[2010.07.10 11:59:14 | 000,118,894 | ---- | C] () -- C:\Users\Chris\Desktop\ableitungen & stammfunktionen.jpg
[2010.07.10 02:06:33 | 000,332,184 | ---- | C] () -- C:\Users\Chris\Desktop\Cover.jpg
[2010.07.10 00:22:57 | 000,334,627 | ---- | C] () -- C:\Users\Chris\Desktop\20 Jahre.jpg
[2010.07.09 23:15:51 | 003,114,841 | ---- | C] () -- C:\Users\Chris\Desktop\CD Template - 300 dpi - minimal.psd
[2010.07.09 23:15:46 | 000,924,049 | ---- | C] () -- C:\Users\Chris\Desktop\cdtemplate-300dpi-v2.zip
[2010.07.08 20:26:10 | 093,649,256 | ---- | C] () -- C:\Users\Chris\Desktop\Die Zeit - Studienfuehrer 2010 2011(VOLUMEN).pdf
[2010.07.04 15:25:20 | 680,132,418 | ---- | C] () -- C:\Users\Chris\Desktop\Corel.VideoStudio.Pro.X3.v13.6.2.36.Multilingual.Incl.Keymaker-CORE.rar
[2010.01.17 16:47:39 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.24 19:48:10 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.08.24 19:26:48 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.02.13 02:50:52 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll
[2009.02.13 02:50:52 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.02.13 02:50:52 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2009.02.13 02:50:52 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2009.02.13 02:50:04 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
< End of report >
         
...uuuuuuuuuund die Extras noch:

Code:
ATTFilter
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0138D96D-4148-4A63-AA48-763941D6EDED}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{0D36C13C-7FB3-47DC-A2B2-30617ACF850D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{117AEC48-AE2A-48F8-BED1-6902B6AA3796}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{28DE1051-8B56-49D7-9E97-B362FF06194B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{298E364F-795A-4511-9B12-C5DDA5DB0756}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2EC72400-497D-4218-BF7D-38A207B6F9CB}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{30A7301C-E8EF-4405-A72C-76191636EE5C}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{4A2D6576-B03E-48FB-A799-69DE7533A27B}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{562414F6-0ABD-4C1D-B503-86A9D48C728B}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{57BF3C22-4919-4F0B-ADB0-34D7040A88E6}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{60FBE465-B767-4934-9B85-823098AB46D7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6C979F17-A983-485F-96A2-19C032B35685}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{74365EA1-2689-42CF-84C7-C7B06642BA06}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{7D25537E-D59A-4371-8885-032222227932}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{8042AF08-32BD-445D-8D6D-2DDBD5769AB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{976920C5-7F79-4D4E-A2A4-9ECFEC705925}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{A028A2EE-FC5F-445A-9D9C-FA8D753AF994}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{A4F1CCE8-6E94-4691-80C9-7B6B39CF41DC}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{ADF14F6B-A0FB-4E26-9209-6190EEBB80B4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{B1F0FA51-C0AB-4427-8758-7558D0199544}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{B50FB41C-5044-4CF3-A100-7EB25E7B0913}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{BDE33658-03B4-4DA9-B084-830166DE09A8}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{C733094B-1CD1-4DB4-B21D-B0A4C318F7C2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{CD21E486-81EF-4F9A-B9DC-FA29D1C75DE8}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{D2896717-02A1-43D6-A942-2FAF27A1FFD5}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{DDB48B28-1925-4C24-B8BB-C9117851ED0A}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{E55755ED-9B32-49B3-A829-CE9E6DF1848D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{E7F1BB9B-127A-45FE-AEE7-5C5AE6AE6077}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{E938D2C8-7B4A-4D7F-A489-E55014671011}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{FE6AF13E-C974-43EB-9278-6605E2C489D7}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BC4E07-D8C6-4E51-B443-330292BCF5A7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{0770F749-3C86-4106-A83C-9CF3917F6AF4}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{08E410E7-909F-43C6-8ECC-0271B84C7B65}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{13732659-D399-4136-A1ED-AD7993328D34}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{28207A50-785A-4784-87A7-4893D2588EFC}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{2C6ADC39-542E-45C3-BC92-E2914A107935}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{414A97AC-03CC-4F0D-8A73-C36CCA29F5C4}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{440DB6EF-1385-4025-933E-D8FE3F67DDCE}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{5313AC02-12C2-4A9B-91B7-8EF37CB4279C}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6448469B-9953-443E-BAC2-E2A7E261523C}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{6C3C92CC-A354-4162-A1E5-814FFB63AF89}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{72337931-BB25-4479-862B-4B62A81FA72F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{79254341-656A-492F-8D0A-6027B2729A46}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{84CD8242-15EA-4FB0-9B55-F2E4FD7D236C}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{92706B80-EDBC-4D50-A265-33E2D0903717}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{9AE508E4-CCBE-4D3A-B87A-FD4B209BD07E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{9BA44346-55C4-459B-9B1E-3B62111B63C0}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{AFFDB9E3-67A6-4A57-B8F6-17057CBE9112}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{C0D51E5A-B202-4E67-995B-7A97DCD2BD17}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{C6EB2B9D-7C37-4AF6-AAE9-0D6D7B69D082}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C8C738D8-1B7D-47F9-924F-FD3E163FCAD0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{D1761086-0A5C-476B-B053-CCF3F0119874}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{D22717E2-1953-4A56-8D3A-B12977D3C1BD}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{DBC3A10A-2423-4004-BEBC-4049B62284B9}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{DE0A2BE2-9E19-4584-A4AE-83601ECD6F66}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{E2B9A895-1DFF-484F-A74D-9A649B26B079}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{E84D0F18-C5D5-4AAD-821F-D9AA76C341C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E9AFDCF0-5A42-4909-847C-457985B71915}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{ED829439-83C3-4AC2-A948-C5D0BC05E34B}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{223EF69D-63B6-44C6-B46C-F6B0D9651FC1}C:\program files\metin2 de\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2 de\metin2.bin | 
"TCP Query User{48E8F8C1-273B-4D6C-AE9A-DC833C1920E3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{4FDB7A7F-027D-42A4-BA87-B2AFF5D00C7F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{5994F3AF-DF8F-4A2B-8180-BDE9E3C24796}C:\users\chris\appdata\local\virtualstore\program files\realworks\metin2client.bin" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\virtualstore\program files\realworks\metin2client.bin | 
"TCP Query User{600494BC-CB7C-466E-976C-5F74E6903167}C:\users\chris\appdata\local\virtualstore\program files\realworks\metin2.bin" = protocol=6 | dir=in | app=c:\users\chris\appdata\local\virtualstore\program files\realworks\metin2.bin | 
"TCP Query User{9E3C9EA0-7D03-47B6-875D-96DB74687A57}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{B2E112F5-F5D7-45C7-BC0B-58798D4E31E7}C:\program files\realworks\metin2.bin" = protocol=6 | dir=in | app=c:\program files\realworks\metin2.bin | 
"TCP Query User{D5FD3BBD-E759-4E91-9A1C-B8E45E25B1B6}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{E429B990-3DBE-46B1-AC4F-AFA88A8C7B89}C:\program files\realworks\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\realworks\metin2client.bin | 
"TCP Query User{ED05B331-7306-4A2D-BD45-EC9DFC4F269E}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{22B179EE-7A77-4349-AE0B-C10AA2711E61}C:\program files\realworks\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\realworks\metin2client.bin | 
"UDP Query User{39143638-4170-4774-ADFB-55C869FCF553}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{7AA242CD-C181-49C6-B596-4145230B1405}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{7F9DDEF0-BDED-4B5C-B4B7-46466A7382D3}C:\program files\realworks\metin2.bin" = protocol=17 | dir=in | app=c:\program files\realworks\metin2.bin | 
"UDP Query User{A97448DA-C397-474A-B109-06FE0BD5FD57}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{B6774D48-4271-4C9C-998E-3C136412EF3C}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{B87F8333-7EBD-4C4E-A076-119F8F88B782}C:\users\chris\appdata\local\virtualstore\program files\realworks\metin2.bin" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\virtualstore\program files\realworks\metin2.bin | 
"UDP Query User{C086AB2C-CD51-4039-AA8E-28BB3CABCD21}C:\program files\metin2 de\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2 de\metin2.bin | 
"UDP Query User{D4E6D801-F83C-4752-9DF1-5084E22691B7}C:\users\chris\appdata\local\virtualstore\program files\realworks\metin2client.bin" = protocol=17 | dir=in | app=c:\users\chris\appdata\local\virtualstore\program files\realworks\metin2client.bin | 
"UDP Query User{FD0C5D30-1802-4E3A-B3E1-2DEF0AA062E5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.9.443
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader  1.12
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.79.326
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Cultures - Die Entdeckung Vinlands" = Cultures - Die Entdeckung Vinlands
"eMule" = eMule
"Flatcast_is1" = Flatcast Viewer Plugin 5.0.356
"Free Audio Converter_is1" = Free Audio Converter version 1.2
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"IsoBuster_is1" = IsoBuster 2.7
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"Uninstall_is1" = Uninstall 1.0.0.1
"Vampirsagа - Büchse der Pandora" = Vampirsagа - Büchse der Pandora
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.06.2010 19:36:56 | Computer Name = Chris-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 23.06.2010 07:04:24 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.180.7, Zeitstempel 0x4b2aa6d3,
 fehlerhaftes Modul java.dll, Version 6.0.180.7, Zeitstempel 0x4b2ad748, Ausnahmecode
 0xc0000005, Fehleroffset 0x00005875,  Prozess-ID 0x1a04, Anwendungsstartzeit 01cb12c3cfb37b40.
 
Error - 24.06.2010 11:46:23 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918c97, fehlerhaftes Modul nvd3dum.dll, Version 8.15.11.8624, Zeitstempel 0x4a4102c3,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00396d33,  Prozess-ID 0x578, Anwendungsstartzeit
 01cb0dabe7b49fcf.
 
Error - 26.06.2010 05:36:24 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918c97, fehlerhaftes Modul nvd3dum.dll, Version 8.15.11.8624, Zeitstempel 0x4a4102c3,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00396d33,  Prozess-ID 0x1380, Anwendungsstartzeit
 01cb13b4679d8a90.
 
Error - 30.06.2010 02:40:12 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.180.7, Zeitstempel 0x4b2aa6d3,
 fehlerhaftes Modul java.dll, Version 6.0.180.7, Zeitstempel 0x4b2ad748, Ausnahmecode
 0xc0000005, Fehleroffset 0x00005875,  Prozess-ID 0x1950, Anwendungsstartzeit 01cb181f14906010.
 
Error - 04.07.2010 04:28:30 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.07.2010 04:34:36 | Computer Name = Chris-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.07.2010 04:34:36 | Computer Name = Chris-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.07.2010 04:34:36 | Computer Name = Chris-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 07.07.2010 02:04:46 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.180.7, Zeitstempel 0x4b2aa6d3,
 fehlerhaftes Modul java.dll, Version 6.0.180.7, Zeitstempel 0x4b2ad748, Ausnahmecode
 0xc0000005, Fehleroffset 0x00005875,  Prozess-ID 0x934, Anwendungsstartzeit 01cb1d9a4c577440.
 
[ System Events ]
Error - 01.08.2010 04:41:17 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 01.08.2010 04:41:17 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 01.08.2010 04:41:17 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 01.08.2010 04:41:17 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 01.08.2010 04:41:17 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 01.08.2010 04:41:17 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 01.08.2010 04:41:17 | Computer Name = Chris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 01.08.2010 15:07:55 | Computer Name = Chris-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 01.08.2010 15:08:26 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.08.2010 16:03:50 | Computer Name = Chris-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
 
< End of report >
         
Danke schon mal im Voraus für jede mögliche Hilfe.

Gruß,
Flare

Alt 03.08.2010, 11:35   #2
Larusso
/// Selecta Jahrusso
 
Antimailware Doktor Befall - Standard

Antimailware Doktor Befall





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Erkläre mir mal was das ist ?
[2010.07.04 15:25:20 | 680,132,418 | ---- | C] () -- C:\Users\Chris\Desktop\Corel.VideoStudio.Pro.X3.v13.6.2.36.Multilingual.Incl.Keymaker-CORE.rar
__________________

__________________

Alt 09.08.2010, 12:38   #3
Larusso
/// Selecta Jahrusso
 
Antimailware Doktor Befall - Standard

Antimailware Doktor Befall



Fehlende Rückmeldung

Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.

PN an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere eröffnet bitte einen eigenen Thread.
__________________
__________________

Antwort

Themen zu Antimailware Doktor Befall
0x00000001, agere systems, antivir, ask toolbar, ask.com, autorun, avgntflt.sys, avira, bho, components, converter, corp./icp, desktop, dwm.exe, error, excel, excel.exe, firefox, firefox.exe, flash player, google, iastor.sys, install.exe, internet, internet explorer, intranet, launch, locker, log-files, metin2, microsoft office word, mozilla, mywinlocker, national, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl.exe, plug-in, popup, programdata, prozesse, realtek, registry, rogue.antimalwaredoctor, rundll, saver, scan, sched.exe, searchplugins, security, shell32.dll, software, start menu, svchost.exe, vlc media player, werbung, windows




Ähnliche Themen: Antimailware Doktor Befall


  1. Laptop (Win 7, 64bit) von "System Doktor 2014" infiziert
    Log-Analyse und Auswertung - 09.06.2013 (31)
  2. Herzlichen Dank an "Doktor" Ryder ...
    Lob, Kritik und Wünsche - 07.06.2013 (0)
  3. System Doktor 2014 auf Windows 7
    Log-Analyse und Auswertung - 07.06.2013 (7)
  4. GVU 2.07 Befall
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (4)
  5. Sinowal Befall
    Log-Analyse und Auswertung - 10.02.2012 (1)
  6. Malware Doktor, hurra.
    Plagegeister aller Art und deren Bekämpfung - 28.09.2010 (5)
  7. Antimalware doktor und Security Tool, Anleitungen funktionieren nicht!
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (5)
  8. Auch Probleme nach antimalware Doktor
    Log-Analyse und Auswertung - 30.07.2010 (0)
  9. Virus Anti Malware Doktor, wie überprüfe ich die vollständige Löschung?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2010 (19)
  10. Virus Anti Malware Doktor, wie überprüfe ich vollständige Löschung?
    Plagegeister aller Art und deren Bekämpfung - 22.06.2010 (3)
  11. Auch mich hat es erwischt! (Antimailware Doctor)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2010 (29)
  12. Antimalware Doktor korrekt entfernt?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2010 (2)
  13. virtumonde befall
    Plagegeister aller Art und deren Bekämpfung - 22.05.2008 (11)
  14. PC Befall
    Plagegeister aller Art und deren Bekämpfung - 24.11.2007 (0)
  15. PC befall!!!!
    Plagegeister aller Art und deren Bekämpfung - 30.05.2007 (1)
  16. W32 Befall
    Plagegeister aller Art und deren Bekämpfung - 05.04.2006 (4)
  17. Befall!
    Log-Analyse und Auswertung - 27.11.2004 (7)

Zum Thema Antimailware Doktor Befall - Hey liebe Com, auch ich bin aufgrund irgendeiner Flash-Seite nicht von dem wohl nervigsten Plagegeist #1, dem Antimailware-Doctor, nicht verschont geblieben. Hab mir jetzt rkill.exe runtergeladen, damit alle Prozesse vom - Antimailware Doktor Befall...
Archiv
Du betrachtest: Antimailware Doktor Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.