Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antivir Fund: TR/kazy.2369.1

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.10.2010, 18:11   #1
Nightbreed
 
Antivir Fund: TR/kazy.2369.1 - Standard

Antivir Fund: TR/kazy.2369.1



Liebes Trojaner Board Team,

als ich meinen PC vorhin einschaltete, meldete sich Antivir sofort mit einem Fund in: C:/Users/***/Appdata/Roaming/appconfig32.exe . Es fand Folgendes: TR/Kazy.2369.1
Hab ich dann in Quarantäne verschoben.

MBAM Log:


Datenbank Version: 4998

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

30.10.2010 17:59:50
mbam-log-2010-10-30 (17-59-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142363
Laufzeit: 6 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\linkrdr.aiebho (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\linkrdr.aiebho.1 (Trojan.Banker) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\***\AppData\Roaming\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully.


defogger_disable log:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:05 on 30/10/2010 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


Nach einem Neustart startete ich Gmer.exe (als Admin, alle Programme geschlossen, Antivir geschlossen, Internetverbindung getrennt)

Ca. 5 Minuten nach Scanstart kam folgende Meldung:

gmer.exe funktioniert nicht mehr

Das Programm wird aufgrund einens Problems nicht richtig
ausgeführt. Das Programm wird geschlossen und Sie werden
benachrichtigt, wenn eine Lösung verfügbar ist.

Ich versuchte das Programm nochmals zu starten, doch alles was ich sah, war ein Bluescreen. Nach erneutem Neustart die dazugehörige Meldung von Windows:

Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.0.6002.2.2.0.768.3
Gebietsschema-ID: 1031

Zusatzinformationen zum Problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 82291D95
BCP3: AE22AA54
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\Mini103010-02.dmp
C:\Users\***\AppData\Local\Temp\WER-48906-0.sysdata.xml
C:\Users\***\AppData\Local\Temp\WER1238.tmp.version.txt

Lesen Sie unsere Datenschutzrichtlinie:
hxxp://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0407


OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.10.2010 18:42:13 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,12 Gb Total Space | 119,42 Gb Free Space | 53,52% Space Free | Partition Type: NTFS
Drive D: | 700,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.30 17:48:14 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Tom\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010.10.30 17:36:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.08.22 13:02:26 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.0\ICQ.exe
PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.02.06 13:39:06 | 004,853,760 | ---- | M] (Shareaza Development Team) -- C:\Programme\Shareaza\Shareaza.exe
PRC - [2010.02.01 23:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.01 23:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.25 12:46:12 | 000,928,768 | ---- | M] (IVT Corporation) -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2010.01.22 12:35:32 | 000,319,574 | ---- | M] (IVT Corporation) -- C:\Programme\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2010.01.22 12:33:26 | 000,102,503 | ---- | M] (IVT Corporation) -- C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2010.01.22 12:31:54 | 000,143,467 | ---- | M] (IVT Corporation) -- C:\Programme\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.25 03:47:04 | 001,069,576 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2009.06.23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.06.23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.05.14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.05.13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.19 04:39:58 | 006,793,760 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.02.01 08:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint2K\Hidfind.exe
PRC - [2009.01.21 01:41:24 | 000,202,024 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2009.01.21 01:41:18 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.01.10 00:23:42 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008.12.26 17:30:58 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.10.21 16:30:54 | 007,892,992 | ---- | M] (Convesoft) -- C:\Programme\Convesoft\Orion\Messenger.exe
PRC - [2008.09.23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.30 17:36:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
MOD - [2010.10.04 16:36:09 | 000,050,688 | -H-- | M] () -- C:\Windows\System32\Presdt32.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009.09.25 04:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.06.23 17:19:38 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll
MOD - [2009.05.14 23:03:00 | 000,268,584 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\sysenv.dll
MOD - [2009.05.14 23:02:48 | 000,120,104 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009.04.11 08:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.04.11 08:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008.01.21 04:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.21 04:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.21 04:23:54 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2008.01.21 04:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.01.25 12:46:12 | 000,928,768 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2010.01.22 12:33:26 | 000,102,503 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2010.01.22 12:31:54 | 000,143,467 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Programme\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.05.14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008.12.18 14:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.09.23 15:11:34 | 000,144,632 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008.09.23 15:11:32 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008.09.08 08:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.01.21 02:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010.01.21 02:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010.01.21 02:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.07.08 11:17:36 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2009.06.23 09:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.06.17 15:02:46 | 000,029,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2009.06.17 15:02:40 | 000,017,928 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2009.06.17 15:01:42 | 000,025,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2009.06.17 15:01:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009.06.17 15:01:10 | 000,032,392 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2009.06.17 15:01:04 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.26 21:14:32 | 000,021,000 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2009.03.26 01:48:32 | 000,015,360 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009.02.23 04:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.02.19 04:30:38 | 002,323,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.12 18:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.12.23 20:43:54 | 002,476,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.12.04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008.12.04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.12.04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008.09.22 15:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.31 03:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:23 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
FF - prefs.js..network.proxy.http: "139.7.29.1"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\Tom\AppData\Roaming\5006 [2010.10.18 13:38:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.29 13:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.29 13:59:29 | 000,000,000 | ---D | M]
 
[2010.01.26 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.30 18:40:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vtpkqos1.default\extensions
[2010.02.02 16:01:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\vtpkqos1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.30 18:40:00 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.28 22:38:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.28 22:38:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.28 22:38:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.28 22:38:54 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.28 22:38:54 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Programme\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Programme\Convesoft\Orion\Messenger.exe (Convesoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll (Shareaza Development Team)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.01.17 18:48:52 | 000,000,049 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6f170c97-1efe-11df-89c9-001167c79378}\Shell - "" = AutoRun
O33 - MountPoints2\{6f170c97-1efe-11df-89c9-001167c79378}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{76999dba-804f-11de-81b6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{76999dba-804f-11de-81b6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SCREENFUN.exe -- [2003.03.28 17:16:28 | 002,904,064 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: comp_ssp - (C:\Windows\system32\Presdt32.dll) - C:\Windows\System32\Presdt32.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.30 18:15:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.10.30 17:51:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.10.30 17:51:29 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.10.30 17:37:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.10.30 17:37:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.30 17:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.30 17:37:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.30 17:37:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.30 17:36:48 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.10.30 17:36:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.10.30 17:36:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.10.18 16:33:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Softplicity
[2010.10.18 13:40:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\UAs
[2010.10.18 13:38:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5006
[2010.10.18 13:38:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm
[2010.10.18 13:38:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\cock
[2010.01.26 22:14:29 | 001,454,080 | ---- | C] (BioWare Corp.) -- C:\Programme\nwupdate.exe
[2010.01.26 22:14:28 | 006,717,952 | ---- | C] (BioWare Corp.) -- C:\Programme\nwtoolset.exe
[2010.01.26 22:14:28 | 001,998,848 | ---- | C] (Bioware Corp.) -- C:\Programme\nwserver.exe
[2010.01.26 22:14:26 | 006,458,368 | ---- | C] (BioWare Corp.) -- C:\Programme\nwn.exe
[2010.01.26 22:14:25 | 005,270,995 | ---- | C] (Bioware Corp.) -- C:\Programme\nwmain.exe
[2010.01.26 22:14:25 | 000,958,464 | ---- | C] (BioWare Corp.) -- C:\Programme\nwconfig.exe
[2009.08.04 03:52:21 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.30 18:41:33 | 000,019,769 | ---- | M] () -- C:\Users\***\Desktop\tr.odt
[2010.10.30 18:29:15 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.30 18:29:15 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.30 18:29:15 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.30 18:29:15 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.30 18:24:12 | 000,002,040 | ---- | M] () -- C:\Windows\System32\LOCALSERVICE.INI
[2010.10.30 18:24:11 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.30 18:24:05 | 000,001,100 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2010.10.30 18:23:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.30 18:23:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.30 18:23:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.30 18:23:45 | 3146,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.30 18:23:44 | 249,514,468 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.30 18:21:24 | 000,220,027 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.jpg
[2010.10.30 18:05:21 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2010.10.30 17:55:05 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.30 17:51:30 | 000,000,737 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.10.30 17:51:30 | 000,000,718 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.10.30 17:37:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.30 17:36:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.10.30 17:36:15 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\defogger.exe
[2010.10.30 17:36:14 | 000,286,404 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2010.10.28 22:02:28 | 000,000,235 | ---- | M] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2010.10.26 23:56:07 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.10.24 13:23:47 | 000,074,240 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Users\***\Desktop\gmer.exe
[2010.10.18 18:54:23 | 000,000,265 | ---- | M] () -- C:\Users\***\Goya.ini
[2010.10.18 18:54:23 | 000,000,130 | ---- | M] () -- C:\Windows\Goya.INI
[2010.10.18 18:53:09 | 000,000,028 | ---- | M] () -- C:\Windows\Robota.INI
[2010.10.18 16:33:45 | 000,000,944 | ---- | M] () -- C:\Users\***\Desktop\Total Audio Converter.lnk
[2010.10.15 20:31:47 | 000,347,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.15 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010.10.07 21:45:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2010.10.04 16:36:09 | 000,050,688 | -H-- | M] () -- C:\Windows\System32\Presdt32.dll
[2010.10.03 12:04:40 | 000,006,080 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.10.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.30 18:21:24 | 000,220,027 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.jpg
[2010.10.30 18:15:08 | 249,514,468 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.10.30 18:05:21 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2010.10.30 17:51:30 | 000,000,737 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.10.30 17:51:30 | 000,000,718 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.10.30 17:37:26 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.30 17:36:14 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\defogger.exe
[2010.10.30 17:36:13 | 000,286,404 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2010.10.30 17:35:24 | 000,019,769 | ---- | C] () -- C:\Users\***\Desktop\tr.odt
[2010.10.20 18:33:11 | 000,000,235 | ---- | C] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2010.10.19 16:00:08 | 000,294,912 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2010.10.18 16:33:45 | 000,000,944 | ---- | C] () -- C:\Users\***\Desktop\Total Audio Converter.lnk
[2010.10.18 13:38:16 | 000,000,065 | ---- | C] () -- C:\Users\***\AppData\Roaming\AcroIEHelpe.txt
[2010.10.07 21:45:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
[2010.10.04 16:36:09 | 000,050,688 | -H-- | C] () -- C:\Windows\System32\Presdt32.dll
[2010.03.12 00:49:32 | 000,002,040 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2010.03.12 00:49:29 | 000,000,098 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2010.03.12 00:46:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2010.02.24 00:43:23 | 000,000,130 | ---- | C] () -- C:\Windows\Goya.INI
[2010.02.16 22:24:43 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010.02.08 18:40:57 | 000,001,731 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.02.08 15:38:07 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2010.01.29 18:08:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.01.29 01:08:37 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2010.01.29 00:37:49 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.01.29 00:19:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.01.29 00:18:36 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.01.28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.01.28 00:22:33 | 000,006,080 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.01.26 22:33:57 | 000,001,632 | ---- | C] () -- C:\Programme\nwnplayer.ini
[2010.01.26 22:31:24 | 000,001,026 | ---- | C] () -- C:\Programme\nwconfig.ini
[2010.01.26 22:29:41 | 000,001,037 | ---- | C] () -- C:\Programme\nwn.ini
[2010.01.26 22:14:29 | 000,197,120 | ---- | C] () -- C:\Programme\Patchw32.dll
[2010.01.26 22:14:29 | 000,001,378 | ---- | C] () -- C:\Programme\nwtoolset.ini
[2010.01.26 22:14:28 | 000,000,024 | ---- | C] () -- C:\Programme\nwnpatch.ini
[2010.01.26 22:14:25 | 000,593,408 | ---- | C] () -- C:\Programme\nwloader.exe
[2010.01.26 22:14:25 | 000,348,160 | ---- | C] () -- C:\Programme\Mss32.dll
[2010.01.26 22:14:24 | 008,253,580 | ---- | C] () -- C:\Programme\dialogF.TLK
[2010.01.26 22:14:23 | 008,253,418 | ---- | C] () -- C:\Programme\dialog.TLK
[2010.01.26 22:14:23 | 000,965,865 | ---- | C] () -- C:\Programme\chitin.key
[2010.01.26 22:14:23 | 000,357,939 | ---- | C] () -- C:\Programme\binkw32.dll
[2010.01.26 22:13:02 | 000,000,380 | ---- | C] () -- C:\Programme\nwncdkey.ini
[2010.01.26 21:29:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.01.26 21:29:28 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.01.26 18:13:26 | 000,074,240 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.25 12:46:18 | 000,001,100 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2010.01.22 12:31:56 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2010.01.22 11:04:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2009.08.04 03:38:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2009.08.04 03:38:23 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.08.03 19:22:09 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.06.17 15:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 02:31:52 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 05:26:46 | 000,004,536 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.03.05 21:30:25 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2010.10.18 13:38:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5006
[2009.08.03 19:22:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console
[2010.10.18 13:38:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cock
[2010.03.05 21:31:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EA
[2010.04.07 11:06:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi
[2010.07.13 23:34:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FrostWire
[2010.10.30 18:02:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.01.29 01:08:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2010.02.24 21:45:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.01.26 18:05:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2010.01.29 01:08:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc
[2010.06.03 15:26:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Shareaza
[2010.10.18 16:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softplicity
[2010.10.29 13:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2010.02.08 15:27:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs
[2010.10.29 23:26:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2010.10.15 01:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010.10.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010.10.30 18:00:28 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.02.06 01:25:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.10.30 18:23:45 | 3146,604,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.30 18:23:44 | 3460,395,008 | -HS- | M] () -- C:\pagefile.sys
[2009.07.24 18:35:06 | 000,012,479 | -HS- | M] () -- C:\Patch.rev
[2009.03.12 15:05:01 | 000,000,147 | RHS- | M] () -- C:\Preload.rev
[2009.08.03 19:07:45 | 000,002,498 | ---- | M] () -- C:\RHDSetup.log
[2010.01.15 17:06:17 | 000,000,000 | ---- | M] () -- C:\_wdsuef.dmp
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.02.11 17:10:08 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007.03.28 14:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2010.04.17 01:45:28 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2002.05.16 13:48:36 | 000,357,939 | ---- | M] () -- C:\Programme\binkw32.dll
[2002.06.06 14:10:52 | 000,965,865 | ---- | M] () -- C:\Programme\chitin.key
[2010.10.30 18:25:49 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
[2002.06.10 00:24:40 | 008,253,418 | ---- | M] () -- C:\Programme\dialog.TLK
[2002.06.10 00:24:40 | 008,253,580 | ---- | M] () -- C:\Programme\dialogF.TLK
[2001.10.16 17:55:52 | 000,348,160 | ---- | M] () -- C:\Programme\Mss32.dll
[2002.06.08 15:12:22 | 000,958,464 | ---- | M] (BioWare Corp.) -- C:\Programme\nwconfig.exe
[2010.01.26 22:32:27 | 000,001,026 | ---- | M] () -- C:\Programme\nwconfig.ini
[2002.06.06 22:02:38 | 000,593,408 | ---- | M] () -- C:\Programme\nwloader.exe
[2002.06.12 01:59:52 | 005,270,995 | ---- | M] (Bioware Corp.) -- C:\Programme\nwmain.exe
[2002.06.11 18:35:22 | 006,458,368 | ---- | M] (BioWare Corp.) -- C:\Programme\nwn.exe
[2010.01.29 17:23:47 | 000,001,037 | ---- | M] () -- C:\Programme\nwn.ini
[2010.01.26 22:13:02 | 000,000,380 | ---- | M] () -- C:\Programme\nwncdkey.ini
[2002.04.25 17:33:10 | 000,000,024 | ---- | M] () -- C:\Programme\nwnpatch.ini
[2010.01.29 17:43:08 | 000,001,632 | ---- | M] () -- C:\Programme\nwnplayer.ini
[2002.06.12 01:49:46 | 001,998,848 | ---- | M] (Bioware Corp.) -- C:\Programme\nwserver.exe
[2002.06.11 23:48:44 | 006,717,952 | ---- | M] (BioWare Corp.) -- C:\Programme\nwtoolset.exe
[2002.06.07 20:33:10 | 000,001,378 | ---- | M] () -- C:\Programme\nwtoolset.ini
[2002.06.09 17:10:22 | 001,454,080 | ---- | M] (BioWare Corp.) -- C:\Programme\nwupdate.exe
[2002.02.27 19:50:00 | 000,197,120 | ---- | M] () -- C:\Programme\Patchw32.dll
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Elements\patch\QFE\KB958624\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.08.04 03:43:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Elements\patch\QFE\KB958624\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.08.04 03:43:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Elements\patch\QFE\KB958624\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.08.04 03:43:34 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Elements\patch\QFE\KB958624\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2009.08.04 03:43:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-27 05:18:54
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Tom\Music:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Users\Tom\Downloads:Shareaza.GUID
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:8750DCE4
 
< End of report >
         
--- --- ---


Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.10.2010 18:42:13 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Tom\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,12 Gb Total Space | 119,42 Gb Free Space | 53,52% Space Free | Partition Type: NTFS
Drive D: | 700,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11226E7B-4842-4369-8107-01B396860127}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{1629A393-4BFB-40B2-A3AF-59927CA7A2AC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{34034550-19B1-4498-9EB2-976FC7AFA00C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{346C81F8-F7C5-40EF-A215-F5438124C1D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{418632F9-2316-4F34-944C-3D38158C1755}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{73C77E05-9448-4B5D-B51A-C3D42848C011}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7EB2D6BB-DAA2-4EF4-9413-6A04B995B14C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EA1C592-9DAC-436A-8960-E3E6CE4B0EA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A95C914D-C111-49E0-8E37-269FCDF0123C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B207F36B-DBFE-4446-B197-F1237B0A96A6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E3992CB8-7C8C-4782-A31D-8648850FC787}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E4891793-C8A1-497B-A480-3DB36409ED68}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0469A020-E09C-4EC4-AEBC-35071A2724D7}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0C7E61BD-68CE-4BEE-8569-1CB79428524C}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{208C4739-060E-43E8-8115-61366CC25023}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{2322FF58-EDE6-4430-8735-5520DAC75EF7}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{2E9A2AEA-200F-4904-8147-0395602C2B7E}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{47612632-AA2A-453A-97C0-D0A2EACBD35F}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe | 
"{494F2D35-CA57-424F-9F02-77046873CC06}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{4C950FA1-7054-4788-86E1-31516BCBA3E1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6072A242-AB75-48E9-BD07-D9D115C6E447}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{60F58D96-FEB5-4734-9F45-F67B61A5B2C0}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{75BFA8EA-7D3D-4852-81DF-AFDDF1B9F382}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe | 
"{767912B0-A607-4DCD-AC41-873EA454A981}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{7C1886C8-B193-4193-936E-7231F1E60B88}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{91B9E36C-3D2E-42C8-9CCA-D18C57C6B08E}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{96C11CA6-84DB-4D58-B2C8-98F463EBA933}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{97699849-63CB-4A5C-A640-AF9D34C75FDA}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{A522D08C-2957-409B-8B09-1E677966D3F0}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{A537B6C3-D981-4413-972B-3DA9D75BB49C}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{BA8B038C-AD0E-45A1-9488-981FC11ABC45}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{C86AB242-DD64-495E-ACB5-55FD6CB0930D}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{CFCA8C9D-4E16-46DF-872E-43A68BBC4A11}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{E4512163-624D-437C-8CF5-54D457F68D48}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{EB959111-CF3A-4F42-8F74-E67FD04146B8}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{FD882B5D-E4F3-4862-82B8-2D67CBDABB0B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{E4AC9495-B076-4600-AF07-E7075AF5A1EA}C:\users\tom\appdata\local\temp\temp1_patches,trainer,editor,etc-1.zip\patches,trainer,editor,etc\patches\rctrec.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\temp1_patches,trainer,editor,etc-1.zip\patches,trainer,editor,etc\patches\rctrec.exe | 
"UDP Query User{3E595285-874C-4A53-B919-4C07FD8F4C78}C:\users\***\appdata\local\temp\temp1_patches,trainer,editor,etc-1.zip\patches,trainer,editor,etc\patches\rctrec.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\temp1_patches,trainer,editor,etc-1.zip\patches,trainer,editor,etc\patches\rctrec.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D15456-F679-4AD4-8BD2-56450D4C3F72}" = WarRock
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18B0210F-7B11-45C4-9F9D-5366D7160AB0}" = WER WIRD MILLIONÄR - JUNIOR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = Die Sims™ 3 Erstelle ein Muster-Tool
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FD0CA9-884F-4525-97B8-0AE6179302E6}" = F2100
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B53848F1-8708-4270-AFB0-C58574055F40}" = BlueSoleil 6.4.299.0
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDC7BEC8-D631-4e36-81D7-FC3689209AA6}" = F2100_Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB48851B-96A4-489f-9F95-29F3731E9764}" = F2100_doccd
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"FrostWire" = FrostWire 4.20.5
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"LManager" = Launch Manager
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Music Maker 15 D" = MAGIX Music Maker 15 15.0.0.19 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"Patrimonium_is1" = Patrimonium Akt 1+2
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RollerCoaster Tycoon Setup" = Roll
"Shareaza_is1" = Shareaza 2.5.2.0
"Total Audio Converter_is1" = TotalAudioConverter
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


Ich hoff ihr könnt mir helfen.
Bedanke mich schon im Vorraus,
Nightbreed

Alt 30.10.2010, 18:18   #2
markusg
/// Malware-holic
 
Antivir Fund: TR/kazy.2369.1 - Standard

Antivir Fund: TR/kazy.2369.1



• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O36 - AppCertDlls: comp_ssp - (C:\Windows\system32\Presdt32.dll) - C:\Windows\System32\Presdt32.dll ()
:FILES
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

öffne mein computer, c:\_OTL rechtsklick auf moved files und zu moved files.rar oder zip hinzufügen.
archiv zu uns hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html

machst du onlinebanking oder ähnliches?
__________________


Alt 30.10.2010, 18:38   #3
Nightbreed
 
Antivir Fund: TR/kazy.2369.1 - Standard

Antivir Fund: TR/kazy.2369.1



OtL- Log:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\comp_ssp:C:\Windows\system32\Presdt32.dll deleted successfully.
C:\Windows\System32\Presdt32.dll moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: ***
->Flash cache emptied: 434 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: ***
->Temp folder emptied: 598794 bytes
->Temporary Internet Files folder emptied: 2231103 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32512486 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11721 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34,00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10302010_193119

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




edit: Nicht richtiges Online Banking, das mach ich an einem anderen Computer. Ich logge mich aber auf der Sparkassen Seite ein um meinen Kontostand einzusehen. Das letzte Mal allerdings vor über einem Monat.
__________________

Geändert von Nightbreed (30.10.2010 um 18:41 Uhr) Grund: vergessen

Alt 30.10.2010, 19:06   #4
markusg
/// Malware-holic
 
Antivir Fund: TR/kazy.2369.1 - Standard

Antivir Fund: TR/kazy.2369.1



hmm
auch wenn du den pc nur nutzen willst, um auf deiner bank seite nachzusehen, wäre dann ein format c: mit anschließendem absichern das sicherste.
du hast da einiges an malware drauf und das bs ist dann nicht mehr vertrauenswürdig.
ich würd dir dazu ne anleitung geben.

Alt 30.10.2010, 19:12   #5
Nightbreed
 
Antivir Fund: TR/kazy.2369.1 - Standard

Antivir Fund: TR/kazy.2369.1



Das wäre super.
Wie kann ich meine Dateien noch sichern?


Alt 30.10.2010, 19:14   #6
markusg
/// Malware-holic
 
Antivir Fund: TR/kazy.2369.1 - Standard

Antivir Fund: TR/kazy.2369.1



deine dateien kannst du erst mal auf nen externen datenträger tun, festplatte, rolinge etc.
wenn du damit fertig bist, kannst du dich ja melden, dann gehts weiter

Alt 30.10.2010, 19:20   #7
Nightbreed
 
Antivir Fund: TR/kazy.2369.1 - Standard

Antivir Fund: TR/kazy.2369.1



Okay.
Ist das denn nicht gefährlich? Könnte ich mich dann nicht wieder selbst anstecken mit der externen Festplatte oder so?

Alt 30.10.2010, 19:23   #8
markusg
/// Malware-holic
 
Antivir Fund: TR/kazy.2369.1 - Standard

Antivir Fund: TR/kazy.2369.1



nein kannst los legen.

Antwort

Themen zu Antivir Fund: TR/kazy.2369.1
0 bytes, 32 bit, 5 minuten, acroiehelpe.dll, alle programme, alternate, antivir, appconf32.exe, autorun, avgntflt.sys, avira, browser, components, corp./icp, defender, druck, error, excel.exe, firefox, firefox.exe, flash player, fontcache, helper, hilfreich, home, home premium, iastor.sys, install.exe, kazy trojaner, launch, location, locker, logfile, microsoft office word, minidump, mozilla, mywinlocker, national, nvstor.sys, office 2007, oldtimer, otl logfile, plug-in, port, programdata, realtek, registry, rundll, saver, searchplugins, security update, senden, shell32.dll, software, start menu, starten, svchost.exe, system, tr/kazy, tr/kazy.2369.1, trojaner, trojaner board, udp, usb 2.0, video converter, vista




Ähnliche Themen: Antivir Fund: TR/kazy.2369.1


  1. Windows 7: Fund mit Antivir
    Log-Analyse und Auswertung - 12.09.2014 (9)
  2. Fund von TR/PSW.Zbot.7439 und TR/Kazy.17952.100 mittels Avira AntiVir
    Log-Analyse und Auswertung - 01.03.2013 (15)
  3. AntiVir Fund: TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 10.05.2011 (19)
  4. Kazy Virus nur bei Antivir?
    Plagegeister aller Art und deren Bekämpfung - 09.05.2011 (4)
  5. Festplatte beschädigt. Private Daten sind in Gefahr. AntiVir Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (16)
  6. [FUND] TR/Kazy.mekml.1 auf meinem Laptop
    Log-Analyse und Auswertung - 29.04.2011 (29)
  7. Antivir findet TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 21.04.2011 (10)
  8. Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 20.04.2011 (25)
  9. CPU Auslastung 100% + Fund (AV): TR/Kazy+Osram HEUR/Crypted
    Plagegeister aller Art und deren Bekämpfung - 28.01.2011 (18)
  10. Verdächtiger Fund bei AntiVir
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (37)
  11. 'TR/Kazy.2369'!
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (23)
  12. TR/Banker.MultiBanker.acv, TR/Banker/MultiBankerack und TR/Kazy.2369.7
    Plagegeister aller Art und deren Bekämpfung - 09.11.2010 (1)
  13. AntiVir Fund tr/dynameter.dtc.562
    Plagegeister aller Art und deren Bekämpfung - 09.11.2010 (7)
  14. Antivir Fund: TR/DROPPER.GEN
    Mülltonne - 31.10.2008 (0)
  15. fund von antivir
    Log-Analyse und Auswertung - 01.09.2008 (4)
  16. Was tun nach Fund? (antivir)
    Plagegeister aller Art und deren Bekämpfung - 21.07.2006 (5)
  17. Fund von Antivir
    Plagegeister aller Art und deren Bekämpfung - 17.07.2006 (8)

Zum Thema Antivir Fund: TR/kazy.2369.1 - Liebes Trojaner Board Team, als ich meinen PC vorhin einschaltete, meldete sich Antivir sofort mit einem Fund in: C:/Users/***/Appdata/Roaming/appconfig32.exe . Es fand Folgendes: TR/Kazy.2369.1 Hab ich dann in Quarantäne verschoben. - Antivir Fund: TR/kazy.2369.1...
Archiv
Du betrachtest: Antivir Fund: TR/kazy.2369.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.