Backdoorprogramm auf Laptop

Kékfrankos · 07.09.2010, 07:36

Hallo,

ich habe folgendes Problem. Beim öffnen der meisten Ordner, Seiten im Internet etc. öffnet sich ein kleiner Hinweis ( siehe Bild unten ). Nun meine Frage. Wie bekomme ich das wieder weg? Ein Antimalewareprogramm fand nichts, genauso wie Antivira. Greift das Backdoorprogramm schon auf meinen Laptop zu? Systemwiederherstellung schlug fehl. Was kann ich noch machen? Bitte um eure Hilfe. Vielen Dank im voraus. Falls ich im falschen Unterforum bin, sorry dafür.

Chris4You · 07.09.2010, 08:12

Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris

Kékfrankos · 07.09.2010, 09:34

Hallo,

vielen Dank für die schnelle Antwort. Den Laptop hats gerade heruntergefahren. Deswegen darf ich jetzt nochmal alles wiederholen (schlechtes Zeichen??). OTL hab ich aber schon fertig bekommen.

OTL-Editor

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.09.2010 09:49:58 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Melanie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 8,27 Gb Free Space | 5,74% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 144,02 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MELANIE-PC
Current User Name: Melanie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.07 09:44:40 | 000,293,376 | ---- | M] () -- C:\Users\Melanie\Desktop\qeze52ry.exe
PRC - [2010.09.07 08:52:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
PRC - [2010.08.30 08:25:04 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010.06.26 08:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.06.16 09:17:52 | 000,753,664 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 7\PcSync2.exe
PRC - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.06.07 13:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.04.15 08:03:03 | 000,208,896 | ---- | M] (JMMG Communications, Jochen Moschko) -- C:\Programme\BackProtection 8\bp.exe
PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.10.27 10:13:44 | 000,090,112 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclIrSrv.exe
PRC - [2009.08.05 20:46:59 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.10 20:11:46 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.06.01 23:20:12 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.26 22:23:34 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.04 16:32:23 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.10.04 16:32:21 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Melanie\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.07.25 05:40:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.07.17 01:31:32 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008.05.22 15:05:06 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.14 17:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.05.08 02:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.30 19:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.04.10 16:30:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.04.10 16:30:14 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.04.06 22:42:36 | 000,034,040 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008.04.06 22:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008.04.04 03:03:14 | 000,131,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.03.05 11:56:30 | 001,216,512 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe
PRC - [2008.03.03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.03.27 12:00:32 | 000,196,608 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Acer VCM\acp2HID.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.07 08:52:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
MOD - [2009.04.26 22:22:52 | 000,023,864 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.04.30 16:00:02 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006.07.11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\SweetIM\Messenger\msvcr71.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.05 20:46:59 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.10 20:11:46 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.06.01 23:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.10.04 16:32:16 | 000,024,064 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100)
SRV - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.04.06 22:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008.04.04 03:03:14 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.03.03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009.12.21 12:24:06 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.03 16:13:34 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.06.10 20:11:46 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.07 18:23:00 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2009.04.27 21:59:29 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.11 20:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.05.14 17:05:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008.05.14 17:05:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008.05.14 17:05:42 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008.05.08 05:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.18 15:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.03.11 21:02:32 | 000,061,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.22 21:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.01.31 03:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008.01.31 03:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:23 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.01.21 04:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007.12.06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.27 00:41:02 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006.11.10 19:23:50 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE2Emdm.sys -- (SE2Emdm)
DRV - [2006.11.10 19:23:48 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE2Emdfl.sys -- (SE2Emdfl)
DRV - [2006.11.10 19:23:42 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE2Ebus.sys -- (SE2Ebus) Sony Ericsson Device 046 Driver driver (WDM)
DRV - [2006.11.03 07:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Programme\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 20 68 53 4C 41 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Programme\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2391419"
FF - prefs.js..network.proxy.type: 0
 
 
[2010.08.03 14:40:32 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Extensions
[2010.08.03 14:42:39 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions
[2010.08.03 14:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.03 14:42:39 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\uoiz31cn.default\extensions\staged-xpis
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (TranslatorBar 1.2 Toolbar) - {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Programme\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (TranslatorBar 1.2 Toolbar) - {548f6736-8fe4-4680-82f2-170d6c07e1d2} - C:\Programme\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (TranslatorBar 1.2 Toolbar) - {548F6736-8FE4-4680-82F2-170D6C07E1D2} - C:\Programme\TranslatorBar_1.2\tbTran.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackProtection Hintergrunddienst.lnk = C:\Programme\BackProtection 8\bp.exe (JMMG Communications, Jochen Moschko)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1224782147 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Melanie\Pictures\02.06.09 schatz und ich\002.JPG
O24 - Desktop BackupWallPaper: C:\Users\Melanie\Pictures\02.06.09 schatz und ich\002.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: NAPSywiz - (C:\Windows\system32\krnlnify.dll) - C:\Windows\System32\krnlnify.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.09.07 08:52:46 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
[2010.09.07 08:39:46 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2010.09.06 21:19:06 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\Malwarebytes
[2010.09.06 21:18:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.06 21:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.06 21:18:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.06 21:18:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.06 20:53:33 | 000,000,000 | ---D | C] -- C:\EGIS_Drive
[2010.09.06 20:44:23 | 000,000,000 | --SD | C] -- C:\Users\Melanie\BackProtection
[2010.09.06 20:43:38 | 000,000,000 | ---D | C] -- C:\Programme\BackProtection 8
[2010.09.06 19:25:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PCSuite
[2010.09.06 19:25:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia
[2010.09.06 19:21:39 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.09.06 19:18:53 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.09.05 11:04:22 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Desktop\Motive
[2010.08.27 20:28:27 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Desktop\obb_bmpz
[2010.08.24 14:49:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.22 18:13:52 | 000,000,000 | ---D | C] -- C:\gamigo
[2010.08.22 17:50:17 | 657,758,657 | ---- | C] (gamigo.de                                                   ) -- C:\Users\Melanie\Desktop\SBO_Setup_v2.51_25022010.exe
[2010.08.22 17:50:09 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\PMB Files
[2010.08.22 17:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010.08.22 17:49:55 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
[2010.08.12 20:27:37 | 000,000,000 | ---D | C] -- C:\Need4Video files
[2010.08.12 20:24:24 | 000,000,000 | ---D | C] -- C:\Programme\Need4 Software Launcher
[2010.08.12 20:24:14 | 000,000,000 | ---D | C] -- C:\Programme\Need4 Video Converter 7
[2010.08.11 10:28:05 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Tracing
[2010.08.11 10:25:17 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.08.11 10:21:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.08.11 10:20:01 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.08.11 10:19:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.08.11 10:19:43 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.08.11 10:19:17 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.08.11 10:09:45 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.08.03 14:40:13 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\Mozilla
[2010.07.28 10:29:08 | 000,000,000 | ---D | C] -- C:\Programme\TranslatorBar_1.2
[2010.07.26 05:48:22 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.07.25 22:01:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.07.19 20:32:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.06.25 09:01:33 | 000,000,000 | ---D | C] -- C:\Programme\MW
[2010.06.25 07:21:19 | 000,000,000 | ---D | C] -- C:\gmax
[2010.06.25 07:20:33 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010.06.21 11:53:58 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Desktop\Bewerbung Melanie
[2010.06.10 16:11:08 | 000,000,000 | ---D | C] -- C:\Programme\Gmax
[2010.04.07 10:37:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeEEF3.dll
[2008.09.10 18:54:41 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.09.07 09:54:04 | 003,932,160 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat
[2010.09.07 09:44:40 | 000,293,376 | ---- | M] () -- C:\Users\Melanie\Desktop\qeze52ry.exe
[2010.09.07 09:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.07 09:04:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 09:04:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 08:52:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
[2010.09.07 08:40:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010.09.07 07:10:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.07 06:04:43 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.09.06 21:18:55 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.06 21:09:26 | 000,002,299 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\acervcmtmp.ini
[2010.09.06 21:05:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.09.06 21:04:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.06 21:04:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.06 21:04:47 | 3146,633,216 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.06 20:59:39 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{86966b68-6af0-11df-adb2-001d72c6155e}.TMContainer00000000000000000001.regtrans-ms
[2010.09.06 20:59:39 | 000,065,536 | -HS- | M] () -- C:\Users\Melanie\ntuser.dat{86966b68-6af0-11df-adb2-001d72c6155e}.TM.blf
[2010.09.06 20:59:37 | 002,033,277 | -H-- | M] () -- C:\Users\Melanie\AppData\Local\IconCache.db
[2010.09.06 20:43:59 | 000,000,864 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackProtection Hintergrunddienst.lnk
[2010.09.06 19:25:41 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.09.06 19:04:34 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.06 19:04:34 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.06 19:04:34 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.06 19:04:34 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.06 19:04:34 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.31 21:38:53 | 000,000,000 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\FileOut.cns
[2010.08.31 21:38:53 | 000,000,000 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\FileIn.cns
[2010.08.28 17:54:33 | 000,001,979 | ---- | M] () -- C:\Users\Melanie\Desktop\Windows Live Messenger .lnk
[2010.08.28 00:46:00 | 000,328,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.27 21:26:52 | 000,087,144 | ---- | M] () -- C:\Users\Melanie\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.27 11:21:54 | 000,083,968 | ---- | M] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.23 19:28:07 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.23 08:12:37 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.22 18:17:53 | 000,000,727 | ---- | M] () -- C:\Users\Public\Desktop\SnowBound Online.lnk
[2010.08.22 18:13:01 | 657,758,657 | ---- | M] (gamigo.de                                                   ) -- C:\Users\Melanie\Desktop\SBO_Setup_v2.51_25022010.exe
[2010.08.22 17:49:01 | 001,683,128 | ---- | M] () -- C:\Users\Melanie\Desktop\SnowboundDownloader_DE_v2.51_25022010.exe
[2010.08.22 15:32:19 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.08.13 10:28:56 | 000,550,400 | ---- | M] () -- C:\Users\Melanie\Desktop\Tanja.MSWMM
[2010.08.12 20:25:26 | 000,005,056 | ---- | M] () -- C:\ProgramData\drctchbl.xvi
[2010.08.12 20:24:58 | 000,004,110 | ---- | M] () -- C:\ProgramData\xqkcebzs.dik
[2010.08.12 20:24:28 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\Need4 Software Launcher.lnk
[2010.08.12 20:23:13 | 044,272,661 | ---- | M] () -- C:\Users\Melanie\Desktop\videoconvertersetup.exe
[2010.08.03 14:40:15 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.07.28 10:13:59 | 003,229,546 | ---- | M] () -- C:\Users\Melanie\Desktop\YouTubeDownloaderSetup_256.exe
[2010.07.25 22:02:14 | 000,001,036 | ---- | M] () -- C:\Users\Melanie\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.22 16:33:06 | 000,005,972 | ---- | M] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat
[2010.06.30 12:11:54 | 000,000,158 | ---- | M] () -- C:\Windows\TSDataEx.ini
[2010.06.30 12:11:54 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010.06.30 12:11:54 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010.06.25 09:04:30 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\TGATool2A.lnk
[2010.06.25 09:04:09 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AceIt.lnk
[2010.06.25 09:00:40 | 000,001,716 | ---- | M] () -- C:\Users\Melanie\Desktop\Route_Riter.lnk
[2010.06.25 08:23:42 | 000,000,126 | ---- | M] () -- C:\MkrMaker.ini
[2010.06.10 15:37:17 | 019,683,840 | ---- | M] () -- C:\Users\Melanie\Desktop\gmax12.exe
 
========== Files Created - No Company Name ==========
 
[2010.09.07 09:44:36 | 000,293,376 | ---- | C] () -- C:\Users\Melanie\Desktop\qeze52ry.exe
[2010.09.07 08:39:57 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010.09.06 21:18:55 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.06 20:43:59 | 000,000,864 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BackProtection Hintergrunddienst.lnk
[2010.09.06 19:25:41 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.08.28 17:54:33 | 000,001,979 | ---- | C] () -- C:\Users\Melanie\Desktop\Windows Live Messenger .lnk
[2010.08.28 00:47:58 | 000,002,299 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\acervcmtmp.ini
[2010.08.22 18:17:53 | 000,000,727 | ---- | C] () -- C:\Users\Public\Desktop\SnowBound Online.lnk
[2010.08.22 17:48:55 | 001,683,128 | ---- | C] () -- C:\Users\Melanie\Desktop\SnowboundDownloader_DE_v2.51_25022010.exe
[2010.08.12 20:25:26 | 000,005,056 | ---- | C] () -- C:\ProgramData\drctchbl.xvi
[2010.08.12 20:24:58 | 000,004,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010.08.12 20:24:28 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\Need4 Software Launcher.lnk
[2010.08.12 20:22:59 | 044,272,661 | ---- | C] () -- C:\Users\Melanie\Desktop\videoconvertersetup.exe
[2010.08.12 20:07:54 | 000,550,400 | ---- | C] () -- C:\Users\Melanie\Desktop\Tanja.MSWMM
[2010.08.03 14:40:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.28 10:13:53 | 003,229,546 | ---- | C] () -- C:\Users\Melanie\Desktop\YouTubeDownloaderSetup_256.exe
[2010.06.25 09:01:34 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\TGATool2A.lnk
[2010.06.25 08:55:14 | 000,001,716 | ---- | C] () -- C:\Users\Melanie\Desktop\Route_Riter.lnk
[2010.06.17 17:48:06 | 000,000,126 | ---- | C] () -- C:\MkrMaker.ini
[2010.06.14 18:39:54 | 000,000,000 | ---- | C] () -- C:\FileOut.Cns
[2010.06.14 18:39:54 | 000,000,000 | ---- | C] () -- C:\FileIn.Cns
[2010.06.10 15:36:48 | 019,683,840 | ---- | C] () -- C:\Users\Melanie\Desktop\gmax12.exe
[2010.05.28 07:31:00 | 000,000,012 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\vqdlkr.dat
[2010.05.09 19:22:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.02.24 12:57:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.23 14:50:06 | 000,005,972 | ---- | C] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat
[2009.11.14 18:33:49 | 000,000,158 | ---- | C] () -- C:\Windows\TSDataEx.ini
[2009.11.03 16:13:34 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.01 16:35:56 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\FileOut.cns
[2009.11.01 16:35:56 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\FileIn.cns
[2009.07.06 13:27:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.05 12:07:49 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.05.07 18:47:01 | 000,000,194 | ---- | C] () -- C:\Windows\Sierra.ini
[2008.10.05 00:05:18 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\wklnhst.dat
[2008.10.04 21:55:48 | 000,083,968 | ---- | C] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.10 18:43:58 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.09.10 09:12:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.09.10 09:10:18 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.09.10 09:10:18 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.09.10 09:09:20 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.05.07 20:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.07 20:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.07 20:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.30 10:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.30 10:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.04.30 10:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.04.30 10:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.07 01:01:19 | 000,121,562 | ---- | C] () -- C:\Windows\System32\PicFormat32.dll
[2003.07.13 05:40:28 | 000,217,088 | ---- | C] () -- C:\Windows\System32\SAWZipNG.dll
[2002.03.13 07:46:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997.11.10 16:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
 
========== LOP Check ==========
 
[2008.12.22 23:14:43 | 000,000,000 | -HSD | M] -- C:\Users\Melanie\AppData\Roaming\.#
[2008.10.08 18:17:35 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Acer
[2008.05.07 20:02:23 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Acer GameZone Console
[2008.10.12 20:08:34 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Big Fish Games
[2009.11.03 16:13:09 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\DAEMON Tools Pro
[2008.10.04 20:47:32 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\eSobi
[2008.10.10 18:12:11 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\FloodLightGames
[2008.10.15 23:19:55 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Gaijin Ent
[2008.10.10 14:58:35 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Gearbox Software
[2010.06.02 15:03:15 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\GHISLER
[2010.05.22 21:45:18 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\ICQ
[2008.10.13 19:37:42 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\iWin
[2010.05.09 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\MAGIX
[2010.09.06 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Nokia
[2010.08.25 11:10:23 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\PC Suite
[2008.10.11 23:33:04 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\PlayFirst
[2009.12.21 09:29:22 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\temp
[2008.10.05 00:05:56 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Template
[2010.03.12 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\TuneUp Software
[2010.03.15 12:20:46 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Uniblue
[2010.09.07 08:40:01 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010.09.06 20:59:55 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:131C0EE9
< End of report >

--- --- ---

Extras-Editor

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.09.2010 09:49:58 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Melanie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 8,27 Gb Free Space | 5,74% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 144,02 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MELANIE-PC
Current User Name: Melanie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B0CCEC36-0F68-4200-9333-07ABDC9E6849}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B3743900-03CE-48DB-AB35-E7E997A036C3}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046CAE90-41BD-4DFF-9F66-69CBDABEA0DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0515AB49-D391-4A91-8DAF-53C4D3C2F355}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{057C4092-4B25-4539-939B-63111302ADC0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AA0CB6D-250A-497E-896F-CC4E0E01269B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C6E0F10-7302-4C2B-8930-67DB8668572A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{0E42E275-4EDB-4BE4-9107-69835DD8382A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1078D01E-5551-4BBA-B6D4-0A4CB6DB4C87}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{13B1B061-F775-40F5-BC17-822DAEDA0C4E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{174BDFC6-5957-4BEA-BC23-14F8680CF8FD}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{18F13C8A-2F99-4689-A939-5F2BEEEE4676}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B31B917-3FB6-4893-AEFB-86D65F402F3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1F4BF65C-AD70-4820-A638-34912EDC82B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{201477B6-A117-44F3-A075-F09B1F3E8CC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2BD739EF-A368-40D8-8694-38C445AFF41E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2CDCF5F8-6BE7-4195-B77A-DBE6DC9C8B00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D6C587F-53A7-41DA-A284-844F79B44E52}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2DB9864A-7249-4E0B-9B05-84DF35F6E304}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{2E12FE3B-F0BF-4E1B-875B-01449643E220}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E39948B-3696-4D57-A6BE-DC4061598B5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F95D4F7-1A70-4609-8797-1F4695C71702}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30B1BB7C-47DA-409F-9A46-272821AD65E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{31A2002C-2D07-4788-A180-D1FB7DF92E6E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{31EE60CF-0E6A-4F5E-A2B9-23EE956A20DA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{32C776B1-88B3-498B-BDDD-382E5DA221A5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{34F8E6F2-3633-4471-8D44-EA6DD247C4BE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{357157BD-043D-4229-97C7-6BEABC42647F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{381AAF77-5325-44C7-BBDF-1F1A67E76AC2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3867FFCB-159C-405B-AB2E-64EEAB55BD47}" = protocol=6 | dir=in | app=c:\gamigo\snowboundonline\run.exe | 
"{38FE7F86-9D6B-43F3-A7D0-D452EB973705}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{39543FCA-E84E-4C40-BDBD-3AD976759DFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F191BD8-E698-460A-8E8B-39B1F3923758}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{40F6633E-C7F1-4B60-A140-293DB36D74F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{473D0EBB-ED72-4BCD-9868-A12242E9F7ED}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{4D013F74-3C09-499E-9EE2-04EC2B33842C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4E03B8D7-3820-4ABB-B0FD-3C8D279BE0B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4E68C5A0-5745-45E5-9D6F-310383B088EA}" = protocol=17 | dir=in | app=e:\libneap.dll | 
"{5042E790-1744-4447-AD2D-8B89F17ADD43}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5426B4D8-11C5-4418-B531-70355A855A0D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5AD711F2-CD42-429E-818E-E2A72FAD3FF2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{5EB66F48-0DF4-49AE-8897-76AEDA2FA512}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F445A37-1343-4DEB-A2C3-B705E4382C35}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{623F3F0C-96E3-4507-BC2C-6751D634CA79}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{663E24DB-746F-4613-A025-711B5352DF9A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6698C2B0-0C8C-4BB4-AC2D-76CBD39FA84B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{66EB64F4-4600-4C86-B478-2BC2E528FDAA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{686C827B-3F1E-4B91-834A-B92FBE144655}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{69E15D11-2F91-4A1A-BA60-6DFB87DF6DBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C6D270D-9A2E-495B-B7B3-20CCAC190787}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6CAD8071-31AD-4DBA-B819-2FEE6DD0200E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6CD629A3-AF4A-4EE4-B3DB-759E3ED6EEA3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{74BEE852-5C5F-4F60-9C63-6033F6513F06}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{785670C8-D6E0-41A8-B487-054B9F423C3A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7C0A7420-F5A9-4FB3-A313-79B5B5F94228}" = protocol=6 | dir=in | app=e:\libneap.dll | 
"{7EC7D901-F7A4-4E8A-8BEF-B0AA9FB84F81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A242C81-33AC-4B6C-9D23-50A4360AC30C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8AF0D93E-83E2-460D-B674-27487D45D47D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B2B9469-10B8-4B65-9139-D84FB2585854}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B3488E5-E66D-4C64-A6D6-400D01F097BA}" = protocol=17 | dir=in | app=e:\dwizard615.exe | 
"{912C173F-76FA-43A2-9A1B-1217ADBCA054}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{92199FC9-675B-41DD-A674-A697D6DF84FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E00047A-456B-4324-9237-5B8996187512}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A14FF724-1692-4982-9999-8DDA3BD64CF4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A7898854-4855-42AD-A680-595A87E9CCC5}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{A7F136AA-66E0-4782-AD73-4100136243C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ABE5CFA9-8510-4F6C-A17F-FA7AF7F79FBF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5195AB3-74D6-41FD-AC3E-F13518F4641A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7750CF6-AD6A-4023-B1F8-4AFF7CC5C0E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B77F9E97-92E6-4165-8073-C25B985F7ABA}" = protocol=17 | dir=in | app=c:\gamigo\snowboundonline\run.exe | 
"{C120845B-15ED-4155-878E-ABE812208B34}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C815E185-D1CB-49C9-ADE5-0C3CA3A3EC04}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{C9361CDA-5327-41E0-986C-6AC76875DDCA}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{CAE458B9-6B41-469F-81C2-009550143045}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD04A254-A2E8-4ADB-96D2-91074CD83499}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{D4B234B0-B109-4106-8A6F-C16FC6F18713}" = protocol=6 | dir=in | app=e:\dwizard615.exe | 
"{D5CB2415-F15F-4148-88D8-73081C54F0D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D72A2A13-2176-4554-B5AB-EC4DCC6F27CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D89BC81B-F048-4FFE-A0FC-7F79DCDDF241}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DBF97DF8-19E3-4347-9A10-EBB5EAE7D1D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DC5A5504-5DBC-44E1-9F93-576CA513434C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DFCE3B1E-5608-4F48-9692-11E4FE1FB82D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{E951B1DB-74A9-4390-A214-B7CC94EA1A66}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9BB441F-C6F6-4FBD-A10D-C7B17E32BEB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9D31E29-0BE1-4F04-8955-5B8661B6F271}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF8F2DCF-6C91-4317-9FFF-5F6773A7FD87}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F25B8834-D667-4269-B7F7-932B44911059}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F39D629A-C59F-4EFE-8701-1FB8572EA983}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F85931DE-2FCE-4B1D-9202-52E3324F2007}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{F96C5476-AEE3-4280-A7D4-5953188EFA71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{0A04BDCF-CCDA-4B29-B6B4-20626F0EA5B5}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"TCP Query User{2986400D-C5D6-486C-9ADD-CDE44E75D3ED}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{3574FA08-1F87-4ED2-B8DC-3A7BEFF021B0}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=6 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"TCP Query User{4BF1F50E-E8AF-4079-BEEA-27C2A6AC8D50}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{A4685A39-4761-488F-AEEE-68E338D03644}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | 
"TCP Query User{E79382BD-A4B3-499A-802B-41D15751A6B6}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | 
"UDP Query User{0894D49F-80BA-4011-A4BB-59E5B5CB123C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{54B5A8BF-7CE4-41F3-B3CD-51C0929F8BD8}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"UDP Query User{5763FB3E-FBCE-4FE8-A52D-332677094EA9}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | 
"UDP Query User{9410DC36-2531-4B37-AC81-84863F76C926}C:\program files\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fussball manager 10\manager10.exe | 
"UDP Query User{CA796A13-5E4C-43B8-BCCD-510B80B436E6}C:\program files\activision value\world series of poker toc\wsoptoc.exe" = protocol=17 | dir=in | app=c:\program files\activision value\world series of poker toc\wsoptoc.exe | 
"UDP Query User{FEAD0ED5-B023-4930-A4EB-EEA445753E6A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1D049523-F355-4848-AB92-0CB5AC9409AF}_is1" = SnowBound Online v2.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.7.0519
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79AE77D7-7E8C-4A98-B32B-A941736DBFA6}_is1" = Texas Hold'em Poker - Royal-Flush-Edition 2007
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8226A577-657C-4961-8DDC-EAC8DF61B465}" = Microsoft Train Simulator gmax Gamepack
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16ECDF4-DA6F-418F-947A-C1652B5CFD96}" = SweetIM for Messenger 2.7
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem  (11/03/2006 6.82.0.1)
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"AceIt_is1" = AceIt v1.3.1
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Big Fun Maxi Minigolf" = Big Fun Maxi Minigolf
"BrothersInArms" = Brothers In Arms
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Convoi" = Convoi 1.50
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EA Download Manager" = EA Download Manager
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"H-Start Bc fekvõhelyes kocsi" = H-Start Bc fekvõhelyes kocsi
"H-Start WLAB hálókocsi" = H-Start WLAB hálókocsi
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MÁV-Start Bd Telepítõ program" = MÁV-Start Bd Telepítõ program
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSTS Activity Mover_is1" = MSTS Activity Mover, 1.0
"Need4 Software Launcher" = Need4 Software Launcher 7.1
"Need4 Video Converter 7" = Need4 Video Converter 7
"Nokia PC Suite" = Nokia PC Suite
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TGATool2A_is1" = TGATool2A version 4.00.34
"The route Bratislava-Brno-Praha for MSTS_is1" = The route Bratislava-Brno-Praha for MSTS version from  BP 77 / 
"Train Simulator 1.0" = Microsoft Train Simulator
"Train Store (German Language Pack)" = Train Store (German Language Pack)
"Train Store V3.2" = Train Store V3.2
"TranslatorBar_1.2 Toolbar" = TranslatorBar 1.2 Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World Series of Poker TOC" = World Series of Poker: TOC
"Yahoo! Companion" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyProduct" = MyProduct
"Route_Riter v7.5" = Route_Riter v7.5
"Tiszántúl 2" = Tiszántúl 2
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2010 23:51:58 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.05.2010 23:52:02 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.05.2010 23:52:02 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.05.2010 13:56:23 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2010 13:56:27 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.05.2010 13:56:27 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.05.2010 14:03:26 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2010 14:04:48 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2010 14:04:51 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.05.2010 14:04:51 | Computer Name = Melanie-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 05.09.2010 05:07:19 | Computer Name = Melanie-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 05.09.2010 05:07:19 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 05.09.2010 05:07:19 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 05.09.2010 14:34:31 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 05.09.2010 14:34:31 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 05.09.2010 14:36:53 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 05.09.2010 14:36:53 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 06.09.2010 00:02:51 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.09.2010 13:19:09 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 06.09.2010 15:05:16 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 12.06.2010 15:01:08 | Computer Name = Melanie-PC | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >

--- --- ---

Ich hoffe, damit kann man schon was anfangen? Nachdem der Lappi wieder hochgefahren wurde, kam eine Meldung, das irgendwas im Programm geändert wurde.
Vielen Dank im voraus.

Viele Grüße

Chris4You · 07.09.2010, 10:04

Hi,

wer oder was hat den Laptop runtergefahren? Windows oder MAM nach dem Scannen?

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Windows\system32\krnlnify.dll
C:\Windows\System32\NTIOFM4.dll
C:\Windows\System32\NTIBUN5.dll
e:\libneap.dll

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Achtung: Die ersten zwei Files sind hidden!

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O36 - AppCertDlls: NAPSywiz - (C:\Windows\system32\krnlnify.dll) - C:\Windows\System32\krnlnify.dll File not found
[2010.08.12 20:24:58 | 000,004,110 | ---- | M] () -- C:\ProgramData\xqkcebzs.dik
[2010.08.12 20:25:26 | 000,005,056 | ---- | M] () -- C:\ProgramData\drctchbl.xvi
[2010.05.28 07:31:00 | 000,000,012 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\vqdlkr.dat

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:131C0EE9

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = dword:0x00

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Lass unbedingt GMER laufen...

Zusätzlich noch:

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.

Vista und Win7 User mit Rechtsklick "als Administrator starten"

Das Tool braucht nur eine Sekunde.

Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

chris

Kékfrankos · 07.09.2010, 10:41

Hallo,

der Laptop wurde schier unscheinbar ohne Fremdeinwirkung heruntergefahren. Zumindest nicht durch mich.
Und bei Virtustotal muss ich ja auf "Search" klicken. Da kam bei allen 4 Dateien "Not found". Ist das normal.

MBR-Check

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5730
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 156):
0x82643000 \SystemRoot\system32\ntkrnlpa.exe
0x82610000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047D000 \SystemRoot\system32\PSHED.dll
0x8048E000 \SystemRoot\system32\BOOTVID.dll
0x80496000 \SystemRoot\system32\CLFS.SYS
0x804D7000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\System32\Drivers\spup.sys
0x8078F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80798000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x805B7000 \SystemRoot\system32\drivers\acpi.sys
0x807BE000 \SystemRoot\system32\drivers\msisadrv.sys
0x807C6000 \SystemRoot\system32\drivers\pci.sys
0x807ED000 \SystemRoot\System32\drivers\partmgr.sys
0x807FC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A40A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A414000 \SystemRoot\system32\drivers\volmgr.sys
0x8A423000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A46D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A47D000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A485000 \SystemRoot\system32\drivers\atapi.sys
0x8A48D000 \SystemRoot\system32\drivers\ataport.SYS
0x8A4AB000 \SystemRoot\system32\drivers\msahci.sys
0x8A4B5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A4C3000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A4F5000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A505000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A50E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A602000 \SystemRoot\system32\drivers\ndis.sys
0x8A70D000 \SystemRoot\system32\drivers\msrpc.sys
0x8A738000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A80A000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB1C000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB55000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB5D000 \SystemRoot\System32\Drivers\mup.sys
0x8AB6C000 \SystemRoot\System32\drivers\ecache.sys
0x8AB93000 \SystemRoot\system32\drivers\disk.sys
0x8ABA4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABC5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABF0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8F403000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8FAE7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FB88000 \SystemRoot\System32\drivers\watchdog.sys
0x8FB94000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FB9F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FBDD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A90F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A99C000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8FC0A000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8FD0C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FD10000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FD23000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8FD2D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FD38000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FD67000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FD69000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FD74000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FD8C000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8FD94000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8FD9D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8FDAC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A773000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FDDB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FDE6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

OTL wurde auch ausgeführt.

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\NAPSywiz:C:\Windows\system32\krnlnify.dll deleted successfully.
C:\ProgramData\xqkcebzs.dik moved successfully.
C:\ProgramData\drctchbl.xvi moved successfully.
C:\Users\Melanie\AppData\Roaming\vqdlkr.dat moved successfully.
ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:193426B4 deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
ADS C:\ProgramData\TEMP:8173A019 deleted successfully.
ADS C:\ProgramData\TEMP:2B99FE60 deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
ADS C:\ProgramData\TEMP:FC420CE6 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully.
ADS C:\ProgramData\TEMP:131C0EE9 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 56620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Melanie
->Temp folder emptied: 306820804 bytes
->Temporary Internet Files folder emptied: 52810998 bytes
->Java cache emptied: 52144375 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 292205 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5906401 bytes
RecycleBin emptied: 50409058 bytes

Total Files Cleaned = 448,00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 09072010_112415

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

GMER

Zitat:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit quick scan 2010-09-07 11:40:38
Windows 6.0.6002 Service Pack 2
Running: qeze52ry.exe; Driver: C:\Users\Melanie\AppData\Local\Temp\pwldifow.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 858AF1F8
Device \FileSystem\fastfat \Fat 86FD61F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Hoffe das ist alles so richtig.
Vielen Dank.

Chris4You · 07.09.2010, 11:36

Hi,

kopiere bei Virustotal den Pfad mit file gleich in das eingabefeld...
Also z. B. C:\Windows\system32\krnlnify.dll markieren, kopieren und in das Eingabefeld bei virustotal einfügen (strg+v)...

Taucht der Fehler noch auf?

chris

Backdoorprogramm auf Laptop

Antiviren-, Firewall- und andere Schutzprogramme: Backdoorprogramm auf Laptop