avira funde =( HTML/Infected.WebPage.Gen2 und weitere =(

olli-0-8-15 · 17.08.2010, 21:38

nabend leuts

ich hab mächtig mist gebaut. hab aufm htc smartphone das tower defense spiel robo defense oder so gefunden und wollts für meinen vista-läppi auch haben und hab unvorsichtiger weise nen download ausgeführt.

danach hatte ich ne weile n arg langsames system mit immer wieder kommenden fund-meldungen von avira, teilweise nur das obere linke viertel meines firefox browsers dargestellt (rest war weiß) und hab mir quasi in der letzten woche fast täglich nen komplett check angewöhnt.

fund-meldungen von avira kommen nun eigentlich nicht mehr, aber wie krieg ich den mist aus der quarantäne von avira weg? ich kann mir nicht vorstellen, dass einfaches datei-löschen in windoof ausreicht, oder? außerdem mag man ja schon sicher gehen, dass das system einigermaßen sauber is.

systeminfos:
Betriebssystemname Microsoft® Windows Vista™ Home Premium
Version 6.0.6001 Service Pack 1 Build 6001
Zusätzliche Betriebssystembeschreibung Nicht verfügbar
Betriebssystemhersteller Microsoft Corporation
Systemname ******
Systemhersteller Acer
Systemmodell Aspire 5739G
Systemtyp X86-basierter PC
Prozessor Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz, 2000 MHz, 2 Kern(e), 2 logische(r) Prozessor(en)
BIOS-Version/-Datum Phoenix V0.3214, 13.05.2009
SMBIOS-Version 2.5
Windows-Verzeichnis C:\Windows
Systemverzeichnis C:\Windows\system32
Startgerät \Device\HarddiskVolume2
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "6.0.6001.22216"
Benutzername **********
Zeitzone Mitteleuropäische Sommerzeit
Installierter physikalischer Speicher (RAM) 4,00 GB
Gesamter realer Speicher 2,96 GB
Verfügbarer realer Speicher 1,33 GB
Gesamter virtueller Speicher 6,13 GB
Verfügbarer virtueller Speicher 4,40 GB
Größe der Auslagerungsdatei 3,26 GB
Auslagerungsdatei C:\pagefile.sys

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4440

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

17.08.2010 22:07:33
mbam-log-2010-08-17 (22-07-33).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133283
Laufzeit: 6 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.08 [/B]

Code:

ATTFilter

(written by random/random)
Run by ******* at 2010-08-17 22:14:07
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 16 GB (32%) free of 50 GB
Total RAM: 3036 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:14:16, on 17.08.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VimiMagic\vicamon.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\*******\AppData\Local\Temp\Password.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\*******\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\*******.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5739g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5739g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5739g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMMON] "C:\Program Files\VimiMagic\Vicamon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Password.lnk = C:\Users\******\AppData\Local\Temp\Password.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 9060 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-08 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-08 297808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2008-12-02 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2009-03-26 345384]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-04-22 7420448]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-03-05 805384]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-04-15 440864]
"VitaKeyPdtWzd"=C:\Program Files\Acer Bio Protection\PdtWzd.exe [2009-03-25 3560448]
"PLFSetI"=C:\Windows\PLFSetI.exe [2009-07-29 200704]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-04-22 1833504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
"IMMON"=C:\Program Files\VimiMagic\Vicamon.exe [2008-12-25 143360]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-23 13793824]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-11-17 135168]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Password.lnk - C:\Users\******\AppData\Local\Temp\Password.exe

C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Orion.lnk - C:\Program Files\Convesoft\Orion\Messenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\spba]
C:\Program Files\Common Files\SPBA\homefus2.dll [2008-09-16 568072]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=C:\Program Files\Acer Bio Protection\PwdFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-08-17 22:14:08 ----D---- C:\Program Files\trend micro
2010-08-17 22:14:07 ----D---- C:\rsit
2010-08-17 22:07:48 ----A---- C:\Windows\system32\drivers\fltrcsl.sys
2010-08-17 21:58:58 ----D---- C:\Users\*******\AppData\Roaming\Malwarebytes
2010-08-17 21:58:48 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-17 21:58:47 ----D---- C:\ProgramData\Malwarebytes
2010-08-17 21:58:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-17 21:58:46 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-12 16:32:10 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 16:32:05 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 16:32:04 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\occache.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\mstime.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\mshtmled.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\iertutil.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\ieencode.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-12 16:32:03 ----A---- C:\Windows\system32\ieaksie.dll
2010-08-12 16:32:02 ----A---- C:\Windows\system32\ieapfltr.dll
2010-08-12 16:31:57 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 16:31:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 16:31:49 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 16:31:46 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 16:31:43 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 16:31:40 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 16:31:37 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 16:31:37 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 16:31:34 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-12 15:32:49 ----D---- C:\Program Files\Common Files\Java
2010-08-12 15:32:39 ----A---- C:\Windows\system32\javaws.exe
2010-08-12 15:32:39 ----A---- C:\Windows\system32\javaw.exe
2010-08-12 15:32:39 ----A---- C:\Windows\system32\java.exe
2010-08-02 20:23:37 ----A---- C:\Windows\system32\shell32.dll
2010-07-20 11:56:11 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-08-17 22:14:16 ----D---- C:\Windows\Prefetch
2010-08-17 22:14:10 ----D---- C:\Windows\Temp
2010-08-17 22:14:08 ----RD---- C:\Program Files
2010-08-17 22:07:48 ----RSD---- C:\Windows\Media
2010-08-17 22:07:48 ----D---- C:\Windows\system32\drivers
2010-08-17 22:07:33 ----D---- C:\Windows\Tasks
2010-08-17 22:03:52 ----D---- C:\Users\*\AppData\Roaming\ICQ
2010-08-17 21:58:47 ----HD---- C:\ProgramData
2010-08-17 21:47:27 ----D---- C:\Windows\Debug
2010-08-17 21:47:27 ----D---- C:\Windows
2010-08-17 21:43:15 ----D---- C:\Program Files\CCleaner
2010-08-17 17:55:56 ----SHD---- C:\System Volume Information
2010-08-16 19:44:18 ----D---- C:\Users\***\AppData\Roaming\Skype
2010-08-16 19:09:29 ----D---- C:\Users\****\AppData\Roaming\skypePM
2010-08-16 14:45:59 ----D---- C:\Windows\System32
2010-08-16 14:45:59 ----D---- C:\Windows\inf
2010-08-16 14:45:59 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-13 10:38:50 ----D---- C:\Windows\Microsoft.NET
2010-08-13 10:38:23 ----RSD---- C:\Windows\assembly
2010-08-12 23:44:25 ----D---- C:\Windows\winsxs
2010-08-12 23:29:49 ----D---- C:\Program Files\Movie Maker
2010-08-12 23:29:49 ----D---- C:\Program Files\Internet Explorer
2010-08-12 19:48:09 ----SHD---- C:\Windows\Installer
2010-08-12 19:45:50 ----D---- C:\Windows\system32\catroot
2010-08-12 19:45:18 ----D---- C:\Program Files\Windows Mail
2010-08-12 16:31:24 ----D---- C:\Windows\system32\catroot2
2010-08-12 15:32:49 ----D---- C:\Program Files\Common Files
2010-08-12 15:32:34 ----D---- C:\Program Files\Java
2010-08-12 11:52:49 ----D---- C:\Program Files\ICQ7.2
2010-08-08 21:25:17 ----D---- C:\Windows\system32\Tasks
2010-08-05 18:55:50 ----D---- C:\Users\****\AppData\Roaming\vlc
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-29 00:03:23 ----D---- C:\Program Files\Mozilla Firefox
2010-07-19 00:30:03 ----D---- C:\Users\****\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AlfaFF;AlfaFF; C:\Windows\system32\drivers\AlfaFF.sys [2008-07-10 42608]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-07 691696]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-11-11 19504]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-11-11 16432]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-11-11 59952]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-12 69632]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-01-21 1204128]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-04-22 2362784]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C60x86.sys [2009-04-07 50176]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-03-23 4232704]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-25 15360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-07-02 64032]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-02 9774880]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2008-09-16 50704]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
S0 heirtvcf;heirtvcf; C:\Windows\System32\drivers\fltrcsl.sys [2010-08-17 54016]
S0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
S3 ajvmktlw;ajvmktlw; C:\Windows\system32\drivers\ajvmktlw.sys []
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-02-06 23040]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-02-06 507392]
S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys [2009-02-06 30208]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2009-04-20 84256]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-04-20 106784]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-20 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-04-20 17056]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-07-08 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-07-08 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-07-08 40552]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-04-17 149504]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-02-06 62464]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 USB_RNDIS;SA USB RNDIS Cable Modem Network Device Driver; C:\Windows\system32\DRIVERS\usb8023.sys [2008-01-21 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-16 41472]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-01-21 14336]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-26 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-04-13 578848]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
R2 IGBASVC;EgisTec Service; C:\Program Files\Acer Bio Protection\BASVC.exe [2009-03-25 3444224]
R2 LicCtrlService;LicCtrl Service; C:\Windows\runservice.exe [2010-01-07 2560]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-03-26 305448]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-23 211488]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------

--- --- ---

info.txtRSIT Logfile:

Code:
ATTFilter

logfile of random's system information tool 1.08

Code:

ATTFilter

2010-08-17 22:14:19

======Uninstall list======

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer Bio Protection-->"C:\Program Files\InstallShield Installation Information\{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}\setup.exe" -runfromtemp -l0x0407 -removeonly
Acer Crystal Eye webcam Ver:1.1.79.326-->C:\Program Files\InstallShield Installation Information\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}\setup.exe -runfromtemp -l0x0007 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer PowerSmart Manager-->"C:\Program Files\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer Product Registration-->"C:\Program Files\InstallShield Installation Information\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}\setup.exe" -runfromtemp -l0x0007 -removeonly
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Agere Systems HDA Modem-->C:\Windows\agrsmdel
AmoK Exif Sorter 2.5.6 (nur deinstallieren)-->"C:\bilder umbenennen\AmoK Exif Sorter\uninst.exe"
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0007 -removeonly
Audiograbber 1.83 SE -->"C:\Program Files\Audiograbber\Uninstall.exe"
Audiograbber Lame-MP3-Plugin-->"C:\Program Files\Audiograbber\Lame-Uninstall.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Components Setup-->C:\Program Files\InstallShield Installation Information\{31187E06-E131-4709-9285-7D105D77AA89}\setup.exe -runfromtemp -l0x0009
Fingerprint Solution-->MsiExec.exe /X{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MusicBrainz Picard-->G:\MusicBrainz Picard\uninst.exe
MyWinLocker-->MsiExec.exe /X{68301905-2DEA-41CE-A4D4-E8B443B099BA}
NTI Shadow-->"C:\Program Files\InstallShield Installation Information\{F04CAFE3-D52F-4EFC-A1E8-316BD4C525D6}\setup.exe" -removeonly 
Nuvoton CIR Device Drivers-->MsiExec.exe /I{A20B067C-8A58-44BF-9FC7-11E92D916AD2}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
QuickStores-Toolbar 1.0.0-->"C:\Users\*****\AppData\Roaming\QuickStoresToolbar\unins000.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0007 -removeonly
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SPBA 5.8-->MsiExec.exe /I{ECCD28B2-8798-4D16-8126-625D728294A1}
SpeedRename-->MsiExec.exe /I{940CD260-FF12-435B-9B05-D43DC9AEBBC8}
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
videopower-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0678EDA2-DA4D-453D-8EAE-F794797A7C1C}\Setup.exe" -l0x9 
VimiMagic-->C:\Program Files\InstallShield Installation Information\{2969CB97-DF91-4752-BE47-8A73AE810E6C}\setup.exe -runfromtemp -l0x0009 -removeonly
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
XnView 1.97.6-->"C:\bilder umbenennen\XnView\unins000.exe"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: **********
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 132299
Source Name: Service Control Manager
Time Written: 20100817194031.000000-000
Event Type: Informationen
User: 

Computer Name: **********
Event Code: 1103
Message: Dem Computer wurde erfolgreich eine Netzwerkadresse zugeteilt. Eine Verbindung mit anderen Computern kann nun hergestellt werden.
Record Number: 132300
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20100817194537.000000-000
Event Type: Informationen
User: 

Computer Name: **********
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 132301
Source Name: Service Control Manager
Time Written: 20100817195426.000000-000
Event Type: Informationen
User: 

Computer Name: **********
Event Code: 3004
Message: Vom Windows-Defender-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. Windows-Defender kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.
 Weitere Informationen finden Sie im Folgenden:
Nicht zutreffend
 	Scan-ID: {3EEFF68E-6273-41E1-87A5-A1B53DA7A481}
  	Benutzer: **********\*****
 	Name: Unknown
 	ID: 
 	Schweregrad-ID: 
 	Kategorie-ID: 
 	Gefundener Pfad: regkey:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\heirtvcf;file:C:\Windows\system32\drivers\fltrcsl.sys
 	Warnungsart: Nicht klassifizierte Software
 	Feststellungstyp:  
Record Number: 132302
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100817200751.000000-000
Event Type: Warnung
User: 

Computer Name: **********
Event Code: 3005
Message: Zum Schutz dieses Computers vor Spyware und möglicherweise unerwünschter Software wurden vom Windows-Defender-Echtzeitschutz-Agent Maßnahmen ergriffen.
 Weitere Informationen finden Sie hier:
Nicht zutreffend
 	Scan-ID: {3EEFF68E-6273-41E1-87A5-A1B53DA7A481}
  	Benutzer: **********\*****
 	Name: Unknown
 	ID: 
 	Schweregrad-ID: 
 	Kategorie-ID: 
 	Warnungsart: Nicht klassifizierte Software
 	Aktion: Ignorieren
Record Number: 132303
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100817200751.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: **********
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledSPRetry 4478
Record Number: 23223
Source Name: Bonjour Service
Time Written: 20100817151108.000000-000
Event Type: Fehler
User: 

Computer Name: **********
Event Code: 100
Message: Task Scheduling Error: Continuously busy for more than a second
Record Number: 23224
Source Name: Bonjour Service
Time Written: 20100817151109.000000-000
Event Type: Fehler
User: 

Computer Name: **********
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledEvent 5507
Record Number: 23225
Source Name: Bonjour Service
Time Written: 20100817151109.000000-000
Event Type: Fehler
User: 

Computer Name: **********
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledSPRetry 5507
Record Number: 23226
Source Name: Bonjour Service
Time Written: 20100817151109.000000-000
Event Type: Fehler
User: 

Computer Name: **********
Event Code: 508
Message: Windows (2348) Windows: Eine Anforderung, in die Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" ab Offset 7143424 (0x00000000006d0000) insgesamt 8192 (0x00002000) Bytes zu schreiben, war erfolgreich, benötigte aber ungewöhnlich viel Zeit (720 Sekunden) von Seiten des Betriebssystems. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.
Record Number: 23227
Source Name: ESENT
Time Written: 20100817152310.000000-000
Event Type: Warnung
User: 

=====Security event log=====

Computer Name: **********
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 31812
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100817201415.840600-000
Event Type: Überwachung gescheitert
User: 

Computer Name: **********
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 31813
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100817201415.949800-000
Event Type: Überwachung gescheitert
User: 

Computer Name: **********
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 31814
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100817201416.043400-000
Event Type: Überwachung gescheitert
User: 

Computer Name: **********
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 31815
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100817201416.152600-000
Event Type: Überwachung gescheitert
User: 

Computer Name: **********
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys	
Record Number: 31816
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100817201416.261800-000
Event Type: Überwachung gescheitert
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\EgisTec\MyWinLocker 3\x86;C:\Program Files\EgisTec\MyWinLocker 3\x64
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file;OnFirstLog=command,environment
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\EgisTec\MyWinLocker 3\x86;C:\Program Files\EgisTec\MyWinLocker 3\x64

-----------------EOF-----------------

--- --- ---

cosinus · 18.08.2010, 11:44

Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

olli-0-8-15 · 18.08.2010, 14:18

moin arne,

schonma tusend dank für deine hilfe, nehm ich sofort in angriff und solangs geht is mir das reinigen lieber als das neu aufsetzen

so, hier nun erstmal das log von malwarebytes

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4445

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

18.08.2010 16:30:01
mbam-log-2010-08-18 (16-30-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 267492
Laufzeit: 1 Stunde(n), 12 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

bzgl OTL:

ich hab auch ma "lop- und purity-prüfung" angehakt, hoffentlich hab ich da nix falsch gemacht, aber im OTL-thread war dies so beschrieben

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.08.2010 16:40:01 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\*******\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 15,51 Gb Free Space | 31,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *******
Current User Name: *******
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*******\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\Runservice.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\VimiMagic\vicamon.exe (Vimisoft Studio)
PRC - C:\Users\*******\AppData\Local\Temp\Password.exe (Freecom)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*******\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LicCtrlService) -- C:\Windows\Runservice.exe ()
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (IGBASVC) -- C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (iaStor) -- C:\Windows\System32\DRIVERS\iaStor.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (AlfaFF) -- C:\Windows\system32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = GMX - E-Mail, FreeMail, De-Mail, Themen- & Shopping-Portal - kostenlos
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://gmx.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.29 00:03:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.29 00:03:23 | 000,000,000 | ---D | M]
 
[2009.09.30 11:35:51 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Extensions
[2010.08.17 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\vppl9zsr.default\extensions
[2010.02.06 01:21:09 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\vppl9zsr.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.07.10 19:56:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\vppl9zsr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.01 16:58:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\vppl9zsr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.17 16:37:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.20 11:56:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.26 05:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.12 15:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.28 19:18:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.28 19:18:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.28 19:18:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.28 19:18:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.28 19:18:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [IMMON] C:\Program Files\VimiMagic\Vicamon.exe (Vimisoft Studio)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.198 80.69.100.206
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6bdd7129-891c-11df-9644-f731de68d212}\Shell - "" = AutoRun
O33 - MountPoints2\{6bdd7129-891c-11df-9644-f731de68d212}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a303c2dd-20a1-11df-a82e-00269e07cf9b}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe
O33 - MountPoints2\{a303c2dd-20a1-11df-a82e-00269e07cf9b}\Shell\open\command - "" = RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe
O33 - MountPoints2\{a303c2f8-20a1-11df-a82e-00269e07cf9b}\Shell - "" = AutoRun
O33 - MountPoints2\{a303c2f8-20a1-11df-a82e-00269e07cf9b}\Shell\AutoRun\command - "" = H:\Password.exe -- File not found
O33 - MountPoints2\{b8a48572-4f11-11df-ae43-00269e07cf9b}\Shell - "" = AutoRun
O33 - MountPoints2\{b8a48572-4f11-11df-ae43-00269e07cf9b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f703131a-ce29-11de-9639-00269e07cf9b}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe -- File not found
O33 - MountPoints2\{f703131a-ce29-11de-9639-00269e07cf9b}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.18 15:24:03 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\system reinigen
[2010.08.18 15:15:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe
[2010.08.17 22:14:08 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.08.17 22:14:07 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.17 21:58:58 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Malwarebytes
[2010.08.17 21:58:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.17 21:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.17 21:58:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.17 21:58:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.16 19:01:41 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\MSN
[2010.08.12 16:32:10 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 16:32:03 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 16:32:03 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 16:32:03 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.08.12 16:32:03 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 16:32:03 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.08.12 16:32:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 16:32:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.12 16:32:03 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 16:32:02 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 16:32:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.12 16:31:49 | 003,600,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 16:31:49 | 003,548,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.12 16:31:46 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 16:31:43 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 15:32:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.08.12 15:32:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.12 15:32:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.12 15:32:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.11 13:49:04 | 000,000,000 | ---D | C] -- C:\Users\*******\DoctorWeb
[2010.07.20 11:56:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2009.05.22 09:03:24 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.18 16:40:17 | 002,359,296 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT
[2010.08.18 15:37:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 15:37:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 15:15:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe
[2010.08.18 11:44:01 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.18 11:44:01 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.18 11:44:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.18 11:44:01 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.18 11:44:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.18 11:37:53 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.18 11:37:50 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.18 11:37:34 | 000,001,369 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2010.08.18 11:37:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.18 11:37:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.18 02:58:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.18 02:58:15 | 000,524,288 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.18 02:58:15 | 000,065,536 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.18 02:58:03 | 003,663,399 | -H-- | M] () -- C:\Users\*******\AppData\Local\IconCache.db
[2010.08.17 22:11:19 | 000,339,991 | ---- | M] () -- C:\Users\*******\Desktop\RSIT.exe
[2010.08.17 21:51:28 | 000,005,304 | ---- | M] () -- C:\Users\*******\Documents\cc_20100817_215121.reg
[2010.08.17 21:51:02 | 000,077,836 | ---- | M] () -- C:\Users\*******\Documents\cc_20100817_215042.reg
[2010.08.17 21:43:15 | 000,000,808 | ---- | M] () -- C:\Users\*******\Desktop\CCleaner.lnk
[2010.08.13 01:36:00 | 000,139,264 | ---- | M] () -- C:\Users\*******\Desktop\Time to go.xls
[2010.08.12 23:33:38 | 000,293,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.20 23:24:24 | 000,360,033 | ---- | M] () -- C:\Users\*******\Desktop\boss approval 2.jpg
[2010.07.20 23:22:59 | 000,362,717 | ---- | M] () -- C:\Users\*******\Desktop\boss approval 1.jpg
[2010.07.19 21:47:53 | 000,001,748 | ---- | M] () -- C:\Users\*******\Desktop\Trillian.lnk
 
========== Files Created - No Company Name ==========
 
[2010.08.17 22:11:18 | 000,339,991 | ---- | C] () -- C:\Users\*******\Desktop\RSIT.exe
[2010.08.17 21:51:22 | 000,005,304 | ---- | C] () -- C:\Users\*******\Documents\cc_20100817_215121.reg
[2010.08.17 21:50:49 | 000,077,836 | ---- | C] () -- C:\Users\*******\Documents\cc_20100817_215042.reg
[2010.07.20 23:24:24 | 000,360,033 | ---- | C] () -- C:\Users\*******\Desktop\boss approval 2.jpg
[2010.07.20 23:22:59 | 000,362,717 | ---- | C] () -- C:\Users\*******\Desktop\boss approval 1.jpg
[2010.07.11 14:18:01 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log
[2010.07.11 14:05:41 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.07.11 14:05:31 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.27 19:55:57 | 000,059,904 | ---- | C] () -- C:\Windows\System32\ZLIB1.DLL
[2010.05.11 16:55:14 | 000,000,680 | ---- | C] () -- C:\Users\*******\AppData\Local\d3d9caps.dat
[2010.04.30 02:29:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.04.07 23:12:46 | 000,000,598 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.09 18:59:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.13 16:34:21 | 000,001,369 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2010.01.07 21:24:36 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009.10.27 22:52:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.26 11:04:41 | 000,026,624 | ---- | C] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.11 21:32:56 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.02 21:29:56 | 000,000,029 | ---- | C] () -- C:\Windows\Battle.ini
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.29 16:47:06 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2009.07.29 16:42:17 | 000,007,074 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2008.09.11 14:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.09.09 11:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll
[2008.09.09 11:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.05.21 20:46:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.03.12 13:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2009.11.03 23:46:29 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Acer
[2009.05.22 01:49:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Acer GameZone Console
[2010.04.30 02:29:46 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Canneverbe Limited
[2009.10.11 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite
[2009.09.29 19:20:02 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\eSobi
[2010.01.09 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\GetRightToGo
[2010.08.18 11:43:30 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ICQ
[2010.01.04 19:14:14 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\IrfanView
[2010.02.27 22:48:17 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\iWin
[2010.04.04 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\MusicBrainz
[2010.05.14 19:07:05 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\QuickStoresToolbar
[2009.10.01 15:31:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\SoftDMA
[2010.05.06 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\uTorrent
[2010.06.25 01:05:20 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Vimisoft Studio
[2010.06.23 00:06:59 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\XnView
[2010.08.18 02:58:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
< End of report >

--- --- ---

-----------------------------------------------------------------------------OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.08.2010 16:40:01 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\********\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 15,51 Gb Free Space | 31,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ********
Current User Name: ********
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093BD766-9ABE-48C9-8B2D-E5D83F710A53}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1A86D812-0D5B-4366-BAB9-2BA5E94B39F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B75C6B0-F522-4FEA-B62F-7E4E3A39F897}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{1F2B1B0C-E75D-4C54-9F37-D055D0D71709}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{633FF4D0-8A72-441D-8BEC-AE42BBE5E3D7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{73AE7F13-78D5-4E4F-95CE-826259076F66}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8EFEA7BE-379E-45FE-8023-3D7B7F5E680B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9642A5E7-8D99-4FC1-9092-BA18A2D3C75F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B4C80E99-8EF8-497E-9A08-7C396C9FE375}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FE0B4D45-4C61-49D6-A593-23684E2C3AD0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE3462F-0F00-4572-9568-9D73EA36FB9F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{0D6A6283-27FC-44DB-845F-956552E21A13}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{14EE7DB1-6F08-4D4F-855D-7445CAE1245F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{203C29C6-E582-4796-8E69-6A027BB1B309}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{39108BDB-E88A-4329-B1F0-47ED66934B2E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{3C901E7B-89CE-40A1-A695-B78A6C76C22A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{436BCAF5-42B4-4F60-A0E2-F93CAAF441E1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4596D15B-02ED-4C1A-991C-AC49A7929459}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{4C3E6150-6D91-417B-B6A0-3435677B0326}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{4D741BEC-4A87-466B-8AD1-8633797BCE5E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{562718D0-702B-4284-B20B-188786E55B50}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{71DF64EF-1C2B-4433-BBD1-CF9DA57D0D57}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{75715970-0D00-4EC6-9359-7E2176380BD1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{77BB7A81-FE43-4BA4-8284-06B48EF03C0E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7B8A714C-CABF-4373-B6CE-CAE958CAD087}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{7E7EB961-6638-444A-AF60-22DDEC0A5B67}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{9A451472-5B50-47DC-A5C7-FAFB8BBD5496}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A4DED2DB-D8E1-4961-9CDE-7F0136997200}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A5D47474-3664-4A73-A76B-AA20A359C1F8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B58BEE7D-B5C4-4ECE-8D90-AA2D219CE1B7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B8138701-945B-45E0-8AF6-B906D69C2A90}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C03C9B73-F562-4873-8DF1-80A89CE2EA2B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C34796CB-D65F-4C5D-9BCD-8FE4C1C237B7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{D5C04779-BE66-4A4A-9F6A-8912520A7799}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D9353327-2941-4EB5-B0AB-E3D86FF9C552}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DE328C54-B259-4C11-B13B-39006283A51A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{EA71889C-9DDD-49C1-B196-6A9B1E936B70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EB2A20C1-792A-4BDB-B85E-4E27E1285955}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"TCP Query User{02D3EC64-4D09-4417-841F-0C9A844C16CA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{058A75EB-9E4A-4187-A420-B0A41BFC5833}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{2D7B845A-7880-43CE-9649-36B5EA853AE0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{484CCEEB-39BC-438B-9C6E-06FB5D2CF0DD}E:\program files\eidos\battlestations pacific\bsp.exe" = protocol=6 | dir=in | app=e:\program files\eidos\battlestations pacific\bsp.exe | 
"TCP Query User{5C3F4C3D-7B6F-4290-9CE1-376D758B0087}G:\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=g:\musicbrainz picard\picard.exe | 
"TCP Query User{77978591-0DB8-455F-9A09-8307A8FB3579}C:\program files\battlefront\theatre of war\tow.exe" = protocol=6 | dir=in | app=c:\program files\battlefront\theatre of war\tow.exe | 
"TCP Query User{8393AFA6-A287-4FD5-8008-5AC0D04D4C29}C:\program files\eidos\battlestations pacific\bsp.exe" = protocol=6 | dir=in | app=c:\program files\eidos\battlestations pacific\bsp.exe | 
"TCP Query User{B0A09E4F-6640-4DF8-9552-391EB3DD7E27}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe | 
"TCP Query User{C9E353A0-C618-4012-863F-8842D552C89B}F:\skype\phone\skype.exe" = protocol=6 | dir=in | app=f:\skype\phone\skype.exe | 
"TCP Query User{E28E6847-ADE1-461D-AFB7-34923F054224}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{EE63DA2B-7F0B-495D-A159-161504DF755B}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{1139C839-06CA-43CC-89F3-1AEE13D7AB42}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{15135AB3-1203-4E3C-81EE-8536E828A7AC}F:\skype\phone\skype.exe" = protocol=17 | dir=in | app=f:\skype\phone\skype.exe | 
"UDP Query User{2C4D7468-D9A3-4AEF-AFA8-90835A1F6CB8}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{4D9C3473-211B-4845-89C3-21B581B881E0}G:\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=g:\musicbrainz picard\picard.exe | 
"UDP Query User{5DAAC34F-5177-45B1-B193-85C913C08B2A}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe | 
"UDP Query User{7428F3DD-B5D7-49BB-BB83-713B83BB31B6}C:\program files\eidos\battlestations pacific\bsp.exe" = protocol=17 | dir=in | app=c:\program files\eidos\battlestations pacific\bsp.exe | 
"UDP Query User{918FCB43-D0BD-428D-B372-448A07E67F09}E:\program files\eidos\battlestations pacific\bsp.exe" = protocol=17 | dir=in | app=e:\program files\eidos\battlestations pacific\bsp.exe | 
"UDP Query User{BDA62ED6-7D80-469D-BF8F-A24A98B97883}C:\program files\battlefront\theatre of war\tow.exe" = protocol=17 | dir=in | app=c:\program files\battlefront\theatre of war\tow.exe | 
"UDP Query User{CC604AD7-9085-4758-B89C-F3FD8901DFAF}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{EB82E8D3-CDC8-4EF8-88FC-36769E1A3077}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{F09D8FD6-4A00-4BC6-866C-B4B7F9C5BBA2}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0678EDA2-DA4D-453D-8EAE-F794797A7C1C}" = videopower
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2969CB97-DF91-4752-BE47-8A73AE810E6C}" = VimiMagic
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31187E06-E131-4709-9285-7D105D77AA89}" = Components Setup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{940CD260-FF12-435B-9B05-D43DC9AEBBC8}" = SpeedRename
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A20B067C-8A58-44BF-9FC7-11E92D916AD2}" = Nuvoton CIR Device Drivers
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BDDEE95D-0671-4A38-AAF3-2A7D5801B323}" = Components Setup
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.79.326
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F04CAFE3-D52F-4EFC-A1E8-316BD4C525D6}" = NTI Shadow
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AmoKExifSorter2" = AmoK Exif Sorter 2.5.6 (nur deinstallieren)
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"GridVista" = Acer GridVista
"InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MusicBrainz Picard" = MusicBrainz Picard
"NVIDIA Drivers" = NVIDIA Drivers
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"XnView_is1" = XnView 1.97.6
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.07.2010 16:05:56 | Computer Name = ******** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.07.2010 16:07:08 | Computer Name = ******** | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.07.2010 16:11:12 | Computer Name = ******** | Source = SPP | ID = 16387
Description = 
 
Error - 27.07.2010 16:11:12 | Computer Name = ******** | Source = System Restore | ID = 8193
Description = 
 
Error - 28.07.2010 18:03:04 | Computer Name = ******** | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.07.2010 18:03:06 | Computer Name = ******** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.07.2010 18:03:06 | Computer Name = ******** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.07.2010 14:45:22 | Computer Name = ******** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.07.2010 14:45:22 | Computer Name = ******** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.07.2010 14:45:24 | Computer Name = ******** | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16.08.2010 08:39:18 | Computer Name = ******** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.08.2010 04:52:15 | Computer Name = ******** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 17.08.2010 10:37:54 | Computer Name = ******** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 17.08.2010 16:44:39 | Computer Name = ******** | Source = HTTP | ID = 15016
Description = 
 
Error - 17.08.2010 16:45:05 | Computer Name = ******** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.08.2010 16:45:17 | Computer Name = ******** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 18.08.2010 05:37:23 | Computer Name = ******** | Source = HTTP | ID = 15016
Description = 
 
Error - 18.08.2010 05:37:52 | Computer Name = ******** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 18.08.2010 05:38:01 | Computer Name = ******** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 18.08.2010 05:43:03 | Computer Name = ******** | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >

--- --- ---

olli-0-8-15 · 18.08.2010, 15:50

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.08.2010 16:40:01 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\*******\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 15,51 Gb Free Space | 31,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *******
Current User Name: *******
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*******\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\Runservice.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\VimiMagic\vicamon.exe (Vimisoft Studio)
PRC - C:\Users\*******\AppData\Local\Temp\Password.exe (Freecom)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*******\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LicCtrlService) -- C:\Windows\Runservice.exe ()
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (IGBASVC) -- C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (iaStor) -- C:\Windows\System32\DRIVERS\iaStor.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (AlfaFF) -- C:\Windows\system32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = GMX - E-Mail, FreeMail, De-Mail, Themen- & Shopping-Portal - kostenlos
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://gmx.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.29 00:03:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.29 00:03:23 | 000,000,000 | ---D | M]
 
[2009.09.30 11:35:51 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Extensions
[2010.08.17 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\vppl9zsr.default\extensions
[2010.02.06 01:21:09 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\vppl9zsr.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.07.10 19:56:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\vppl9zsr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.01 16:58:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\vppl9zsr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.17 16:37:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.20 11:56:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.26 05:39:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.12 15:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.28 19:18:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.28 19:18:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.28 19:18:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.28 19:18:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.28 19:18:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
O4 - HKLM..\Run: [IMMON] C:\Program Files\VimiMagic\Vicamon.exe (Vimisoft Studio)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.198 80.69.100.206
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6bdd7129-891c-11df-9644-f731de68d212}\Shell - "" = AutoRun
O33 - MountPoints2\{6bdd7129-891c-11df-9644-f731de68d212}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a303c2dd-20a1-11df-a82e-00269e07cf9b}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe
O33 - MountPoints2\{a303c2dd-20a1-11df-a82e-00269e07cf9b}\Shell\open\command - "" = RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe
O33 - MountPoints2\{a303c2f8-20a1-11df-a82e-00269e07cf9b}\Shell - "" = AutoRun
O33 - MountPoints2\{a303c2f8-20a1-11df-a82e-00269e07cf9b}\Shell\AutoRun\command - "" = H:\Password.exe -- File not found
O33 - MountPoints2\{b8a48572-4f11-11df-ae43-00269e07cf9b}\Shell - "" = AutoRun
O33 - MountPoints2\{b8a48572-4f11-11df-ae43-00269e07cf9b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f703131a-ce29-11de-9639-00269e07cf9b}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe -- File not found
O33 - MountPoints2\{f703131a-ce29-11de-9639-00269e07cf9b}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.18 15:24:03 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\system reinigen
[2010.08.18 15:15:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe
[2010.08.17 22:14:08 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.08.17 22:14:07 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.17 21:58:58 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Malwarebytes
[2010.08.17 21:58:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.17 21:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.17 21:58:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.17 21:58:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.16 19:01:41 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\MSN
[2010.08.12 16:32:10 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 16:32:03 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 16:32:03 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 16:32:03 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.08.12 16:32:03 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 16:32:03 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.08.12 16:32:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 16:32:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.12 16:32:03 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 16:32:02 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 16:32:02 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.12 16:31:49 | 003,600,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 16:31:49 | 003,548,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.12 16:31:46 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 16:31:43 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 15:32:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.08.12 15:32:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.12 15:32:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.12 15:32:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.11 13:49:04 | 000,000,000 | ---D | C] -- C:\Users\*******\DoctorWeb
[2010.07.20 11:56:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2009.05.22 09:03:24 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.18 16:40:17 | 002,359,296 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT
[2010.08.18 15:37:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 15:37:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 15:15:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\OTL.exe
[2010.08.18 11:44:01 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.18 11:44:01 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.18 11:44:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.18 11:44:01 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.18 11:44:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.18 11:37:53 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.18 11:37:50 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.18 11:37:34 | 000,001,369 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2010.08.18 11:37:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.18 11:37:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.18 02:58:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.18 02:58:15 | 000,524,288 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.18 02:58:15 | 000,065,536 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.18 02:58:03 | 003,663,399 | -H-- | M] () -- C:\Users\*******\AppData\Local\IconCache.db
[2010.08.17 22:11:19 | 000,339,991 | ---- | M] () -- C:\Users\*******\Desktop\RSIT.exe
[2010.08.17 21:51:28 | 000,005,304 | ---- | M] () -- C:\Users\*******\Documents\cc_20100817_215121.reg
[2010.08.17 21:51:02 | 000,077,836 | ---- | M] () -- C:\Users\*******\Documents\cc_20100817_215042.reg
[2010.08.17 21:43:15 | 000,000,808 | ---- | M] () -- C:\Users\*******\Desktop\CCleaner.lnk
[2010.08.13 01:36:00 | 000,139,264 | ---- | M] () -- C:\Users\*******\Desktop\Time to go.xls
[2010.08.12 23:33:38 | 000,293,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.20 23:24:24 | 000,360,033 | ---- | M] () -- C:\Users\*******\Desktop\boss approval 2.jpg
[2010.07.20 23:22:59 | 000,362,717 | ---- | M] () -- C:\Users\*******\Desktop\boss approval 1.jpg
[2010.07.19 21:47:53 | 000,001,748 | ---- | M] () -- C:\Users\*******\Desktop\Trillian.lnk
 
========== Files Created - No Company Name ==========
 
[2010.08.17 22:11:18 | 000,339,991 | ---- | C] () -- C:\Users\*******\Desktop\RSIT.exe
[2010.08.17 21:51:22 | 000,005,304 | ---- | C] () -- C:\Users\*******\Documents\cc_20100817_215121.reg
[2010.08.17 21:50:49 | 000,077,836 | ---- | C] () -- C:\Users\*******\Documents\cc_20100817_215042.reg
[2010.07.20 23:24:24 | 000,360,033 | ---- | C] () -- C:\Users\*******\Desktop\boss approval 2.jpg
[2010.07.20 23:22:59 | 000,362,717 | ---- | C] () -- C:\Users\*******\Desktop\boss approval 1.jpg
[2010.07.11 14:18:01 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log
[2010.07.11 14:05:41 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.07.11 14:05:31 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.27 19:55:57 | 000,059,904 | ---- | C] () -- C:\Windows\System32\ZLIB1.DLL
[2010.05.11 16:55:14 | 000,000,680 | ---- | C] () -- C:\Users\*******\AppData\Local\d3d9caps.dat
[2010.04.30 02:29:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.04.07 23:12:46 | 000,000,598 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.09 18:59:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.13 16:34:21 | 000,001,369 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2010.01.07 21:24:36 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009.10.27 22:52:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.26 11:04:41 | 000,026,624 | ---- | C] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.11 21:32:56 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.02 21:29:56 | 000,000,029 | ---- | C] () -- C:\Windows\Battle.ini
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.29 16:47:06 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2009.07.29 16:42:17 | 000,007,074 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2008.09.11 14:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.09.09 11:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll
[2008.09.09 11:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.05.21 20:46:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.03.12 13:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2009.11.03 23:46:29 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Acer
[2009.05.22 01:49:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Acer GameZone Console
[2010.04.30 02:29:46 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Canneverbe Limited
[2009.10.11 21:38:20 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite
[2009.09.29 19:20:02 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\eSobi
[2010.01.09 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\GetRightToGo
[2010.08.18 11:43:30 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ICQ
[2010.01.04 19:14:14 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\IrfanView
[2010.02.27 22:48:17 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\iWin
[2010.04.04 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\MusicBrainz
[2010.05.14 19:07:05 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\QuickStoresToolbar
[2009.10.01 15:31:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\SoftDMA
[2010.05.06 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\uTorrent
[2010.06.25 01:05:20 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Vimisoft Studio
[2010.06.23 00:06:59 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\XnView
[2010.08.18 02:58:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
< End of report >

--- --- ---

--------------------------------------------------------------------------

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.08.2010 16:40:01 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\********\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 15,51 Gb Free Space | 31,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ********
Current User Name: ********
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093BD766-9ABE-48C9-8B2D-E5D83F710A53}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1A86D812-0D5B-4366-BAB9-2BA5E94B39F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B75C6B0-F522-4FEA-B62F-7E4E3A39F897}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{1F2B1B0C-E75D-4C54-9F37-D055D0D71709}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{633FF4D0-8A72-441D-8BEC-AE42BBE5E3D7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{73AE7F13-78D5-4E4F-95CE-826259076F66}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8EFEA7BE-379E-45FE-8023-3D7B7F5E680B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9642A5E7-8D99-4FC1-9092-BA18A2D3C75F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B4C80E99-8EF8-497E-9A08-7C396C9FE375}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FE0B4D45-4C61-49D6-A593-23684E2C3AD0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE3462F-0F00-4572-9568-9D73EA36FB9F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{0D6A6283-27FC-44DB-845F-956552E21A13}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{14EE7DB1-6F08-4D4F-855D-7445CAE1245F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{203C29C6-E582-4796-8E69-6A027BB1B309}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{39108BDB-E88A-4329-B1F0-47ED66934B2E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{3C901E7B-89CE-40A1-A695-B78A6C76C22A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{436BCAF5-42B4-4F60-A0E2-F93CAAF441E1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4596D15B-02ED-4C1A-991C-AC49A7929459}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{4C3E6150-6D91-417B-B6A0-3435677B0326}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{4D741BEC-4A87-466B-8AD1-8633797BCE5E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{562718D0-702B-4284-B20B-188786E55B50}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{71DF64EF-1C2B-4433-BBD1-CF9DA57D0D57}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{75715970-0D00-4EC6-9359-7E2176380BD1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{77BB7A81-FE43-4BA4-8284-06B48EF03C0E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7B8A714C-CABF-4373-B6CE-CAE958CAD087}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{7E7EB961-6638-444A-AF60-22DDEC0A5B67}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{9A451472-5B50-47DC-A5C7-FAFB8BBD5496}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A4DED2DB-D8E1-4961-9CDE-7F0136997200}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A5D47474-3664-4A73-A76B-AA20A359C1F8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B58BEE7D-B5C4-4ECE-8D90-AA2D219CE1B7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B8138701-945B-45E0-8AF6-B906D69C2A90}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C03C9B73-F562-4873-8DF1-80A89CE2EA2B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C34796CB-D65F-4C5D-9BCD-8FE4C1C237B7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{D5C04779-BE66-4A4A-9F6A-8912520A7799}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D9353327-2941-4EB5-B0AB-E3D86FF9C552}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DE328C54-B259-4C11-B13B-39006283A51A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{EA71889C-9DDD-49C1-B196-6A9B1E936B70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EB2A20C1-792A-4BDB-B85E-4E27E1285955}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"TCP Query User{02D3EC64-4D09-4417-841F-0C9A844C16CA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{058A75EB-9E4A-4187-A420-B0A41BFC5833}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{2D7B845A-7880-43CE-9649-36B5EA853AE0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{484CCEEB-39BC-438B-9C6E-06FB5D2CF0DD}E:\program files\eidos\battlestations pacific\bsp.exe" = protocol=6 | dir=in | app=e:\program files\eidos\battlestations pacific\bsp.exe | 
"TCP Query User{5C3F4C3D-7B6F-4290-9CE1-376D758B0087}G:\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=g:\musicbrainz picard\picard.exe | 
"TCP Query User{77978591-0DB8-455F-9A09-8307A8FB3579}C:\program files\battlefront\theatre of war\tow.exe" = protocol=6 | dir=in | app=c:\program files\battlefront\theatre of war\tow.exe | 
"TCP Query User{8393AFA6-A287-4FD5-8008-5AC0D04D4C29}C:\program files\eidos\battlestations pacific\bsp.exe" = protocol=6 | dir=in | app=c:\program files\eidos\battlestations pacific\bsp.exe | 
"TCP Query User{B0A09E4F-6640-4DF8-9552-391EB3DD7E27}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe | 
"TCP Query User{C9E353A0-C618-4012-863F-8842D552C89B}F:\skype\phone\skype.exe" = protocol=6 | dir=in | app=f:\skype\phone\skype.exe | 
"TCP Query User{E28E6847-ADE1-461D-AFB7-34923F054224}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{EE63DA2B-7F0B-495D-A159-161504DF755B}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{1139C839-06CA-43CC-89F3-1AEE13D7AB42}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{15135AB3-1203-4E3C-81EE-8536E828A7AC}F:\skype\phone\skype.exe" = protocol=17 | dir=in | app=f:\skype\phone\skype.exe | 
"UDP Query User{2C4D7468-D9A3-4AEF-AFA8-90835A1F6CB8}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{4D9C3473-211B-4845-89C3-21B581B881E0}G:\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=g:\musicbrainz picard\picard.exe | 
"UDP Query User{5DAAC34F-5177-45B1-B193-85C913C08B2A}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe | 
"UDP Query User{7428F3DD-B5D7-49BB-BB83-713B83BB31B6}C:\program files\eidos\battlestations pacific\bsp.exe" = protocol=17 | dir=in | app=c:\program files\eidos\battlestations pacific\bsp.exe | 
"UDP Query User{918FCB43-D0BD-428D-B372-448A07E67F09}E:\program files\eidos\battlestations pacific\bsp.exe" = protocol=17 | dir=in | app=e:\program files\eidos\battlestations pacific\bsp.exe | 
"UDP Query User{BDA62ED6-7D80-469D-BF8F-A24A98B97883}C:\program files\battlefront\theatre of war\tow.exe" = protocol=17 | dir=in | app=c:\program files\battlefront\theatre of war\tow.exe | 
"UDP Query User{CC604AD7-9085-4758-B89C-F3FD8901DFAF}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{EB82E8D3-CDC8-4EF8-88FC-36769E1A3077}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{F09D8FD6-4A00-4BC6-866C-B4B7F9C5BBA2}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0678EDA2-DA4D-453D-8EAE-F794797A7C1C}" = videopower
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2969CB97-DF91-4752-BE47-8A73AE810E6C}" = VimiMagic
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31187E06-E131-4709-9285-7D105D77AA89}" = Components Setup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{940CD260-FF12-435B-9B05-D43DC9AEBBC8}" = SpeedRename
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A20B067C-8A58-44BF-9FC7-11E92D916AD2}" = Nuvoton CIR Device Drivers
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BDDEE95D-0671-4A38-AAF3-2A7D5801B323}" = Components Setup
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.79.326
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F04CAFE3-D52F-4EFC-A1E8-316BD4C525D6}" = NTI Shadow
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AmoKExifSorter2" = AmoK Exif Sorter 2.5.6 (nur deinstallieren)
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"GridVista" = Acer GridVista
"InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MusicBrainz Picard" = MusicBrainz Picard
"NVIDIA Drivers" = NVIDIA Drivers
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Trillian" = Trillian
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"XnView_is1" = XnView 1.97.6
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.07.2010 16:05:56 | Computer Name = ******** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.07.2010 16:07:08 | Computer Name = ******** | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.07.2010 16:11:12 | Computer Name = ******** | Source = SPP | ID = 16387
Description = 
 
Error - 27.07.2010 16:11:12 | Computer Name = ******** | Source = System Restore | ID = 8193
Description = 
 
Error - 28.07.2010 18:03:04 | Computer Name = ******** | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.07.2010 18:03:06 | Computer Name = ******** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.07.2010 18:03:06 | Computer Name = ******** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.07.2010 14:45:22 | Computer Name = ******** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.07.2010 14:45:22 | Computer Name = ******** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.07.2010 14:45:24 | Computer Name = ******** | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16.08.2010 08:39:18 | Computer Name = ******** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.08.2010 04:52:15 | Computer Name = ******** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 17.08.2010 10:37:54 | Computer Name = ******** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 17.08.2010 16:44:39 | Computer Name = ******** | Source = HTTP | ID = 15016
Description = 
 
Error - 17.08.2010 16:45:05 | Computer Name = ******** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.08.2010 16:45:17 | Computer Name = ******** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 18.08.2010 05:37:23 | Computer Name = ******** | Source = HTTP | ID = 15016
Description = 
 
Error - 18.08.2010 05:37:52 | Computer Name = ******** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 18.08.2010 05:38:01 | Computer Name = ******** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 18.08.2010 05:43:03 | Computer Name = ******** | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >

--- --- ---

cosinus · 18.08.2010, 18:31

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - (LicCtrlService) -- C:\Windows\Runservice.exe ()
PRC - C:\Windows\Runservice.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O33 - MountPoints2\{6bdd7129-891c-11df-9644-f731de68d212}\Shell - "" = AutoRun
O33 - MountPoints2\{6bdd7129-891c-11df-9644-f731de68d212}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a303c2dd-20a1-11df-a82e-00269e07cf9b}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe
O33 - MountPoints2\{a303c2dd-20a1-11df-a82e-00269e07cf9b}\Shell\open\command - "" = RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe
O33 - MountPoints2\{a303c2f8-20a1-11df-a82e-00269e07cf9b}\Shell - "" = AutoRun
O33 - MountPoints2\{a303c2f8-20a1-11df-a82e-00269e07cf9b}\Shell\AutoRun\command - "" = H:\Password.exe -- File not found
O33 - MountPoints2\{b8a48572-4f11-11df-ae43-00269e07cf9b}\Shell - "" = AutoRun
O33 - MountPoints2\{b8a48572-4f11-11df-ae43-00269e07cf9b}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f703131a-ce29-11de-9639-00269e07cf9b}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe -- File not found
O33 - MountPoints2\{f703131a-ce29-11de-9639-00269e07cf9b}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

olli-0-8-15 · 18.08.2010, 22:32

beim neustart hat der rechner rumgezickt, was er leider öfter macht. dann bleibt der rechner beim windows-scrollbalken hängen und man kann ewig dem scrollbalken zusehen. dies hab ich wie gewohnt behoben durchs power-knopf gedrückt halten und neustarten. dann beschwert sich windoof zwar, dass es nicht richtig gestartet wurde, aber wenn man "windows normal starten" auswählt, dann startet er richtig und alles läuft.

diesmal hat der läppi auch gleich nachm hochfahren und einloggen bein windoof die log-datei aufgemacht und folgendes angezeigt:

All processes killed
========== OTL ==========
Service LicCtrlService stopped successfully!
Service LicCtrlService deleted successfully!
C:\Windows\Runservice.exe moved successfully.
No active process named Runservice.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bdd7129-891c-11df-9644-f731de68d212}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bdd7129-891c-11df-9644-f731de68d212}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bdd7129-891c-11df-9644-f731de68d212}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bdd7129-891c-11df-9644-f731de68d212}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a303c2dd-20a1-11df-a82e-00269e07cf9b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a303c2dd-20a1-11df-a82e-00269e07cf9b}\ not found.
File C:\RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a303c2dd-20a1-11df-a82e-00269e07cf9b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a303c2dd-20a1-11df-a82e-00269e07cf9b}\ not found.
File C:\RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a303c2f8-20a1-11df-a82e-00269e07cf9b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a303c2f8-20a1-11df-a82e-00269e07cf9b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a303c2f8-20a1-11df-a82e-00269e07cf9b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a303c2f8-20a1-11df-a82e-00269e07cf9b}\ not found.
File H:\Password.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8a48572-4f11-11df-ae43-00269e07cf9b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8a48572-4f11-11df-ae43-00269e07cf9b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8a48572-4f11-11df-ae43-00269e07cf9b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8a48572-4f11-11df-ae43-00269e07cf9b}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f703131a-ce29-11de-9639-00269e07cf9b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f703131a-ce29-11de-9639-00269e07cf9b}\ not found.
File F:\RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f703131a-ce29-11de-9639-00269e07cf9b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f703131a-ce29-11de-9639-00269e07cf9b}\ not found.
File F:\RECYCLER\S-1-6-21-2534576401-1844291947-600103340-1263\explorer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe not found.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
ADS C:\ProgramData\Temp:131C0EE9 deleted successfully.
ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
ADS C:\ProgramData\Temp:814B9485 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:4F636E25 deleted successfully.
ADS C:\ProgramData\Temp:35759C73 deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
ADS C:\ProgramData\Temp:BB24555F deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: ***********
->Temp folder emptied: 293957 bytes
->Temporary Internet Files folder emptied: 5966546 bytes
->Java cache emptied: 27046480 bytes
->FireFox cache emptied: 86041782 bytes
->Flash cache emptied: 4471 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1880 bytes
RecycleBin emptied: 1338382 bytes

Total Files Cleaned = 115,00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08182010_232159

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 19.08.2010, 10:09

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

olli-0-8-15 · 19.08.2010, 17:05

nach dem neustart durch CCleaner mußte ich nochmal neustarten (log-datei wurd schon angezeigt), weil ich danach das gesamte sicherheitscentre nicht öffnen konnte und auch firefox nicht starten konnte; ich hab jedes mal angezeigt bekommen, dass das jeweilige programm auf einen registry schlüssel zugreifen wollte, der in der registry zum löschen vorgesehen gewesen wäre....

anyway, nachm neustart tauchte das prob net mehr auf und die log-datei ist die folgende

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-08-18.03 - ******* 19.08.2010  17:15:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3036.2217 [GMT 2:00]
ausgeführt von:: c:\users\*******\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-07-19 bis 2010-08-19  ))))))))))))))))))))))))))))))
.

2010-08-19 15:25 . 2010-08-19 15:32	--------	d-----w-	c:\users\*******\AppData\Local\temp
2010-08-19 15:25 . 2010-08-19 15:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-18 21:21 . 2010-08-18 21:21	--------	d-----w-	C:\_OTL
2010-08-17 20:14 . 2010-08-17 20:14	--------	d-----w-	c:\program files\trend micro
2010-08-17 20:14 . 2010-08-17 20:14	--------	d-----w-	C:\rsit
2010-08-17 19:58 . 2010-08-17 19:58	--------	d-----w-	c:\users\*******\AppData\Roaming\Malwarebytes
2010-08-17 19:58 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 19:58 . 2010-08-17 19:58	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-17 19:58 . 2010-08-17 19:58	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-17 19:58 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-12 14:31 . 2010-06-11 15:31	274432	----a-w-	c:\windows\system32\schannel.dll
2010-08-12 14:31 . 2010-06-08 16:47	3600784	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-12 14:31 . 2010-06-08 16:47	3548552	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-12 14:31 . 2010-06-18 16:43	36352	----a-w-	c:\windows\system32\rtutils.dll
2010-08-12 14:31 . 2010-06-21 13:25	2036736	----a-w-	c:\windows\system32\win32k.sys
2010-08-12 14:31 . 2010-06-11 15:30	1257472	----a-w-	c:\windows\system32\msxml3.dll
2010-08-12 14:31 . 2010-06-18 14:43	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-12 14:31 . 2010-06-18 14:43	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-12 14:31 . 2010-06-16 15:59	898952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-12 13:32 . 2010-08-12 13:32	--------	d-----w-	c:\program files\Common Files\Java
2010-08-11 11:49 . 2010-08-11 11:49	--------	d-----w-	c:\users\*******\DoctorWeb

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 15:32 . 2010-07-11 12:05	31776	----a-w-	c:\programdata\nvModes.dat
2010-08-19 15:25 . 2009-10-02 12:32	12	----a-w-	c:\windows\bthservsdp.dat
2010-08-19 15:20 . 2008-01-21 07:15	628742	----a-w-	c:\windows\system32\perfh007.dat
2010-08-19 15:20 . 2008-01-21 07:15	126454	----a-w-	c:\windows\system32\perfc007.dat
2010-08-19 14:56 . 2009-10-07 21:24	--------	d-----w-	c:\users\*******\AppData\Roaming\ICQ
2010-08-18 21:10 . 2010-01-13 14:34	1369	--sha-w-	c:\windows\system32\mmf.sys
2010-08-17 22:44 . 2010-06-17 16:18	--------	d-----w-	c:\program files\ICQ7.2
2010-08-17 19:43 . 2009-11-06 09:07	--------	d-----w-	c:\program files\CCleaner
2010-08-16 17:44 . 2009-10-27 20:51	--------	d-----w-	c:\users\*******\AppData\Roaming\Skype
2010-08-16 17:09 . 2009-10-27 20:52	--------	d-----w-	c:\users\*******\AppData\Roaming\skypePM
2010-08-12 17:45 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-12 13:32 . 2010-04-26 03:39	--------	d-----w-	c:\program files\Java
2010-08-05 16:55 . 2010-02-09 19:33	--------	d-----w-	c:\users\*******\AppData\Roaming\vlc
2010-07-20 09:56 . 2010-07-20 09:56	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-18 22:30 . 2009-11-06 09:52	--------	d-----w-	c:\users\*******\AppData\Roaming\dvdcss
2010-07-17 03:00 . 2010-04-26 03:39	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-16 15:28 . 2010-04-30 00:29	--------	d-----w-	c:\program files\CDBurnerXP
2010-07-11 22:03 . 2009-07-29 14:23	--------	d-----w-	c:\programdata\NVIDIA
2010-07-11 12:25 . 2009-05-22 00:29	--------	d-----w-	c:\program files\Acer
2010-07-11 12:25 . 2009-05-21 23:17	--------	d-----w-	c:\program files\Intel
2010-07-11 12:22 . 2009-05-21 23:21	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-11 12:21 . 2009-05-22 00:25	--------	d-----w-	c:\program files\eSobi
2010-07-11 12:21 . 2009-05-22 00:16	--------	d-----w-	c:\program files\NewTech Infosystems
2010-07-11 12:18 . 2009-07-29 14:42	--------	d-----w-	c:\programdata\CyberLink
2010-07-11 12:17 . 2009-07-29 14:42	36864	----a-w-	c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2010-07-11 12:14 . 2009-05-21 23:53	--------	d-----w-	c:\program files\Windows Live
2010-07-11 12:13 . 2009-09-29 13:48	69448	----a-w-	c:\users\*******\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-11 12:13 . 2009-05-21 23:43	--------	d-----w-	c:\program files\Microsoft Works
2010-07-02 16:18 . 2010-07-01 22:15	--------	d-----w-	c:\program files\Medieval II Total War
2010-06-30 20:04 . 2010-06-30 20:04	--------	d-----w-	c:\program files\SpeedRename
2010-06-28 16:17 . 2010-08-12 14:32	833024	----a-w-	c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 14:32	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-06-24 23:08 . 2010-06-24 23:08	--------	d-----w-	c:\program files\iCam
2010-06-24 23:08 . 2009-05-22 00:30	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-06-24 23:05 . 2010-06-24 23:05	--------	d-----w-	c:\users\*******\AppData\Roaming\Vimisoft Studio
2010-06-24 23:05 . 2010-06-24 23:04	--------	d-----w-	c:\program files\VimiMagic
2010-06-24 23:05 . 2010-06-24 23:04	--------	d-----w-	c:\program files\Common Files\Vimisoft Studio
2010-06-24 23:04 . 2010-06-24 23:04	--------	d-----w-	c:\program files\Vimicro Corporation
2010-06-22 23:05 . 2010-06-22 23:05	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-22 22:06 . 2010-06-22 22:06	--------	d-----w-	c:\users\*******\AppData\Roaming\XnView
2010-05-27 19:16 . 2010-08-12 14:32	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-05-27 17:55 . 2010-05-27 17:55	59904	----a-w-	c:\windows\system32\ZLIB1.DLL
2010-05-26 16:16 . 2010-06-10 11:58	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 11:58	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-25 13:00 . 2010-05-11 14:55	680	----a-w-	c:\users\*******\AppData\Local\d3d9caps.dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-03-26 18:38	39208	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-12-02 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-03-26 345384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-22 7420448]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-03-25 3560448]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-07-29 200704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-22 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"IMMON"="c:\program files\VimiMagic\Vicamon.exe" [2008-12-25 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-23 13793824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-09-16 13:11	568072	----a-w-	c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ff,51,cf,b6,4a,7c,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-20 29472]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-07 691696]
S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-07-10 42608]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-11-11 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-11-11 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-11-11 59952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-03-25 3444224]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-03-26 305448]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-07 50176]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-03-23 4232704]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-07-02 64032]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5739g
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\vppl9zsr.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://gmx.de/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-MusicBrainz Picard - g:\musicbrainz picard\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-19 17:32
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

 [0] 0x40000000

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3520)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer Bio Protection\CompPtcVUI.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-19  17:38:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-19 15:38

Vor Suchlauf: 12 Verzeichnis(se), 16.581.038.080 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 16.311.549.952 Bytes frei

- - End Of File - - CC5FFFD4EA2D8CD84F5A05F6EA85AE51

--- --- ---

cosinus · 19.08.2010, 17:37

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

olli-0-8-15 · 20.08.2010, 11:58

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-20 12:56:41
Windows 6.0.6001 Service Pack 1
Running: esfm9080.exe; Driver: C:\Users\*********\AppData\Local\Temp\kgtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            81FBA9CF                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 854                                                                                     826D70A8 4 Bytes  [CF, A9, FB, 81]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[3304] SHELL32.dll!InitNetworkAddressControl + 2939                                          768A0064 4 Bytes  [B0, 22, 00, 10] {MOV AL, 0x22; ADD [EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                         [10002480] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]             [10001DA0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                       [100027D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)
IAT             C:\Windows\Explorer.EXE[3304] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                         [10001290] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/EgisTec Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                             Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                             Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                           Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556fb66d7                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x0F 0xA8 0x46 0x45 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x72 0xAC 0x3A 0xE5 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xDF 0xC4 0x37 0xA9 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556fb66d7 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x0F 0xA8 0x46 0x45 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x72 0xAC 0x3A 0xE5 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xDF 0xC4 0x37 0xA9 ...

---- Files - GMER 1.0.15 ----

File            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0174C.log                                              0 bytes

---- EOF - GMER 1.0.15 ----

--- --- ---

olli-0-8-15 · 20.08.2010, 12:22

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:20:27 on 20.08.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AlfaFF" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\drivers\AlfaFF.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"Intel AHCI Controller" (iaStor) - ? - C:\Windows\System32\DRIVERS\iaStor.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"McAfee Inc. mfeavfk" (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys
"McAfee Inc. mfebopk" (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys
"McAfee Inc. mfehidk" (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys
"McAfee Inc. mferkdk" (mferkdk) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdk.sys
"McAfee Inc. mfesmfk" (mfesmfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfesmfk.sys
"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys
"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys
"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\Drivers\NTIDrvr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "EgisTec Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{EB47FF00-225E-11D2-9E1D-00A0C9AB0EEE} "eLicense Control" - ? - C:\Windows\lcmmfu.cpl
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\FPLaunchCache.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2F603045-309F-11CF-9774-0020AFD0CFF6} "Synaptics Control Panel" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
Shadow restore extension "{641D52A5-F996-4901" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
"Quick-Launch Area" - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\PwdBank.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Orion.lnk" - ? - C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk  (Shortcut exists | File not found)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"Password.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Password.lnk  (Shortcut exists | File not found)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"EgisTecLiveUpdate" - "EgisTec Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"IMMON" - "Vimisoft Studio" - "C:\Program Files\VimiMagic\Vicamon.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"mwlDaemon" - "EgisTec Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"VitaKeyPdtWzd" - "Egis Technology Inc." - "C:\Program Files\Acer Bio Protection\PdtWzd.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"EgisTec Service" (IGBASVC) - "Egis Technology Inc." - C:\Program Files\Acer Bio Protection\BASVC.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"MyWinLocker Service" (MWLService) - "EgisTec Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
"NMSAccess" (NMSAccess) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"spba" - "UPEK Inc." - C:\Program Files\Common Files\SPBA\homefus2.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 21.08.2010, 10:34

Was ist mit dem BootkitRemover?

olli-0-8-15 · 21.08.2010, 10:39

hmm, ich glaub nun haben wir uns grad mißverstanden....

ich hab mich an die anleitung von OSAM gehalten und da war die rede von

"Einträge deaktivieren

Nachdem ein Kompetenzler dir die ensprechenden Einträge genannt hat gehe folgendermaßen vor um diese zu deaktivieren."

und da dachte ich da würd erstmal noch ne anleitung von dir kommen?!

cosinus · 22.08.2010, 18:13

Da gibt es aber erstmal nichts zu deaktivieren. Ich brauch das OSAM-Log mehr oder weniger nur zur Kontrolle um Rootkits zu finden. Die sind aber offensichtlich nicht auf Deinem PC drauf. Da man aber noch den MBR prüfen muss, brauch ich das Log bzw. einen Screenshot vom BottkitRemover.

olli-0-8-15 · 22.08.2010, 19:28

ARGH

call me hornochse

ein wohl sicherlich nicht unwesentliches informatiönchen hab ich vergessen zu benennen

ich hatte ma vor komplett auf linux umzusteigen, dies is leider noch nicht sehr weit gediegen, aber suse is mit drauf und beim hochfahren kommt immer zuerst n auswahlschirm von suse und dann kann ich auf windoof vista gehen und dies booten

mea culpa und asche auf mein haupt, ich machs quasi fast immer automatisch, dass ich vista boote, daher hab ichs wohl vergessen

ich hoffe ich hab jetzt nicht damit all deine mühen mir zu helfen torpediert?!

21.08.2010, 10:34	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	avira funde =( HTML/Infected.WebPage.Gen2 und weitere =( Was ist mit dem BootkitRemover? __________________ Logfiles bitte immer in CODE-Tags posten

avira funde =( HTML/Infected.WebPage.Gen2 und weitere =(

Plagegeister aller Art und deren Bekämpfung: avira funde =( HTML/Infected.WebPage.Gen2 und weitere =(