Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Recovery Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 26.04.2011, 19:15   #1
Spirit_1
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Hallo,

da mich der Windows Recovery Trojaner nun auch getroffen hat, habe ich mich hier angemeldet.
Habe bereits ein Malwarebytes Scan durchlaufen lassen, dadurch wurden alle Infizierten Objekte Entfernt und der PC läuft auch wieder sehr gut.

Um ganz sicher zu gehen das der PC nun auch wirklich sauber ist, sende ich hier mal die Logfiles.

Malwarebytes Logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6439

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

25.04.2011 11:01:10
mbam-log-2011-04-25 (11-01-10).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158260
Laufzeit: 8 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efHhjWihQgMsG (Trojan.FakeAlert) -> Value: efHhjWihQgMsG -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\7\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\efhhjwihqgmsg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\7\AppData\Local\Temp\tmpE2D0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\7\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\7\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\7\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

Und hier noch einer von heute:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6439

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

26.04.2011 19:06:33
mbam-log-2011-04-26 (19-06-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 319761
Laufzeit: 1 Stunde(n), 18 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\7\downloads\76735\pdtrain.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Hoffe das ist so richtig!

Gruß

Geändert von Spirit_1 (26.04.2011 um 19:24 Uhr)

Alt 27.04.2011, 20:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 27.04.2011, 20:37   #3
Spirit_1
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Hi,

hab noch 2 Logs:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6450

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

26.04.2011 21:59:05
mbam-log-2011-04-26 (21-59-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158721
Laufzeit: 9 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
--------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6458

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

27.04.2011 19:21:01
mbam-log-2011-04-27 (19-21-01).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158518
Laufzeit: 7 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Das sind alle.

Gruß
__________________

Alt 28.04.2011, 09:46   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.04.2011, 17:01   #5
Spirit_1
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Hier die OTL Logs:

Extras.TxtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.04.2011 17:42:09 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\7\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 64,92 Gb Free Space | 44,99% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 92,51 Gb Free Space | 64,23% Space Free | Partition Type: NTFS
 
Computer Name: KIMI | User Name: 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{89B4EF01-905C-48CC-8872-7CD20EB210A7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B09B40B8-2806-4B86-BC13-27DA58073611}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00881F97-EAEE-41C6-9362-AA52A41144A8}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{033BC8E4-C354-4D55-ADE3-F39FC15B3F74}" = protocol=6 | dir=in | app=d:\pc spiele\kane&lynch\kaneandlynch.exe | 
"{04C0D378-871B-4F17-AFDF-EB2B1D7B6ABD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{07912DAC-1A6D-40DD-9703-0AB05261B04A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{093992C2-433C-4715-AC56-2B01AE65B7C4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{0CDBB453-DBD9-44AC-B67F-DBC1BF9514D1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{0EC49438-8F0A-4040-8AAA-ED4BC61678DF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{10667D16-2BA4-49AC-BC62-45D0DCFA505C}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{1676170B-0AB5-4149-A13D-DD55CABACF7A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{20369679-E082-4B56-9FC4-7570BD426636}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{2143CB3F-8F35-4251-8B36-FD1FE952FC09}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{2200A927-CF83-417B-A2C3-3CB547DAA989}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe | 
"{2C6A8D8C-2D13-4677-A1FB-E3A555C89A2D}" = protocol=6 | dir=in | app=c:\program files\rapidsolution\rs audials one\tunebite\tunebitehelper.exe | 
"{2FFFD39F-7C72-41DD-8937-ADB64058E0B6}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe | 
"{37BD2B39-8B58-4E95-B74E-FF2BA84BCDDA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1196336032\ee\aolsoftware.exe | 
"{38CB3C76-78F5-40E6-8341-875F147C80B0}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{39443E23-F5FD-47F8-B5DA-67E9C37F124F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{39E3C019-5F90-48F7-A011-B8025F271307}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1196697833\ee\aolsoftware.exe | 
"{43508F5C-14B2-4717-B8E9-812ED9EF3C80}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{460BE376-DCC1-4871-A1DE-A9A3B96194BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{47D1AC52-BCFD-4F4A-BDD8-3996797F89C4}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe | 
"{48F9ADA6-A0AE-4C0F-B6A4-06241AF57930}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe | 
"{50386EB2-5E44-44B7-8845-DBF78F691BEE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{57228C1A-A6AA-4B06-9883-AB1E0AC011FC}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{5A801C4C-1F29-45EC-97AD-337D691AB30B}" = protocol=6 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{5AC42AA5-6D84-4E8C-9821-34D39894D5A4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{5DC1544A-8A3C-414A-91F8-81558962B707}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{636E765D-F601-4434-95E3-EA7F449E6912}" = protocol=6 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{63E6DDD5-DF24-4277-B22E-EF744A6516A8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{65D26928-DBB0-4E15-BCC6-E007F284B925}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe | 
"{69B34F51-06B3-416B-8219-A4A10B5C4805}" = protocol=17 | dir=in | app=d:\pc spiele\gears of war\binaries\wargame-g4wlive.exe | 
"{6AE190C0-5FC9-4D94-AB08-A41EFB502696}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{6B390095-D23A-42C8-A42D-7D58CE2F9D53}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
"{6B8A43A4-2C83-4125-89BA-13ADE7341EC2}" = protocol=17 | dir=in | app=d:\pc spiele\fear\fear.exe | 
"{6C59307C-9890-492E-8569-A4FCC4F3C202}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe | 
"{6D39FA59-0F18-404B-BF67-6932BA53B884}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{6E8E2A86-5796-4529-A666-0CEA2C4CEDB1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{716E9D8B-1810-431A-9B8E-B3661080BCA0}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{72FEEEAD-578B-46CE-8A9A-FEB86D175EFC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{739CFEB8-9D58-4C4C-AB81-3682ACEAE42D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{753F0EA5-B71C-45BF-AD80-57EEA5472313}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{7B2ADEC2-7FC6-421B-8A2C-AC9D38A5CCE6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{8042BB3C-8AC9-4A71-86DD-70E0D936FDE8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{85EF2E3C-CBCE-4655-B0FC-F29C1896D550}" = protocol=17 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{88B4323A-EF28-45CD-A4CB-651A2552C875}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{8B61664C-D979-4CF3-BBC2-203E2637756C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{8FC66E8E-A274-4EC9-A4A0-04AF95BD1BB4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9A53DCAE-15B1-4150-8A4F-EE672109158A}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{9C87FDF3-5A6E-4164-B5E0-63B9A95E7004}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{9D88428B-69BF-42C8-8D79-9B05033BBF7B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{A0BB3638-15AB-4369-8E6F-4845858BF637}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe | 
"{A62DCED7-6A06-4A1F-9E22-5615A7012006}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe | 
"{A983E2E2-1D7A-4D7A-BE58-049729767CA3}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe | 
"{AA4C476A-15A8-4906-A87E-E030A932E2DD}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{AB183F35-3D12-433A-83F6-C12C91EBE51A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{ABD8BF7C-C9B7-4C6E-90CE-A0305605B9B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{AC701468-614E-4C65-854D-78065A2F4622}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
"{B0BF9390-7BB5-465F-A2EF-6F3F68294987}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{BB4C1A59-3668-4365-8890-CAF393219A91}" = protocol=6 | dir=in | app=d:\pc spiele\gears of war\binaries\wargame-g4wlive.exe | 
"{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{BED37DA5-CCC7-4127-9399-7C9540180E26}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{C1CAEDF8-58A8-4EB1-A26D-0AF0F53F123F}" = protocol=17 | dir=in | app=d:\pc spiele\kane&lynch\kaneandlynch.exe | 
"{C318C7B3-74B0-432F-8D18-56C555CBD326}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{C4A7F102-7ED7-4C5B-8A7A-1F882355E324}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{C6256626-0912-4990-98D4-697452CAB04F}" = protocol=17 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{C702B647-3647-4722-ABFE-7002B1C5A698}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{C783260A-EA35-441C-936E-8C808C8A99C6}" = protocol=17 | dir=in | app=c:\program files\rapidsolution\rs audials one\tunebite\tunebitehelper.exe | 
"{CE6C5139-02AB-420D-89DB-941D13902D42}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{D351B421-BB61-46E0-A4F9-9B71E717A3D1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{D39353BA-952A-4798-8D76-40B595920E04}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{D3F60A33-9B6A-4598-BE63-A0D44A2594A1}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe | 
"{D6C1A101-9FDF-4849-A2EC-D3B2B51E8D94}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{D7261367-0EB4-4E9E-B03C-A5D7B459F59E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{D84CEABD-9BD6-49DD-87B1-503474E37904}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{DF69DF74-ABBB-4F95-9B5C-997D55348E93}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
"{E874F2E9-0CA2-48DC-ACBC-2C3E76EFAC7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{E99353F8-2131-483D-9BCA-C8E33D7FC3D7}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe | 
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
"{EAAA9DE9-7DA1-4583-8119-8AFAEC1CE63D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1196697833\ee\aolsoftware.exe | 
"{ECA0D9FE-2F62-4C10-B25E-6B61704E9E16}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe | 
"{EFD48411-205C-4ADD-85D4-B5D73E9AE19B}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe | 
"{F1566BAF-C5BF-48EE-9E0A-CD71351E5E8C}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{F22A275C-3996-4B68-9DDD-C2F26D7DFE9E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1196336032\ee\aolsoftware.exe | 
"{F6F6DA57-BA61-4367-A504-BD3EC8D1351E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{F95C589B-C1D3-4B77-ABE5-7D0ACE38B25C}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{F9E0BBA9-9818-4CF7-9AD2-EC5AED7FEBCA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{FC2FE601-4E44-402C-9888-4C80411F0066}" = protocol=6 | dir=in | app=d:\pc spiele\fear\fear.exe | 
"{FD254CEB-12B4-48DF-8913-A99BFC0FFC8A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{FDE4CF68-1D98-4DB1-A7AF-E5B105519B83}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
"{FF58AE98-5FF4-4A9F-833D-377DC5180D4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"TCP Query User{01E31ECE-0085-4B72-B20E-3C12BA46A1D3}D:\pc spiele\fear\fpupdate.exe" = protocol=6 | dir=in | app=d:\pc spiele\fear\fpupdate.exe | 
"TCP Query User{090D0BA8-B644-46E8-B74E-35784BCF3068}D:\vga\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\vga\icq6.5\icq.exe | 
"TCP Query User{0EAD0715-7848-4603-83D5-DE6CFEEBEE14}D:\pc spiele\bin32\farcry.exe" = protocol=6 | dir=in | app=d:\pc spiele\bin32\farcry.exe | 
"TCP Query User{52D450CE-4B9D-4E90-A986-86982EAED7B3}D:\pc spiele\pes 2009\pes2009.exe" = protocol=6 | dir=in | app=d:\pc spiele\pes 2009\pes2009.exe | 
"TCP Query User{65097D5C-FFF4-443F-995F-E057B360C2A3}C:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe | 
"TCP Query User{6563F20A-CCAE-4AB5-8DD0-7237C40BB7B8}D:\pc spiele\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=d:\pc spiele\far cry\bin32\farcry.exe | 
"TCP Query User{66F4EF41-2A1D-4EE7-9D04-98E9BB36BFF3}C:\test drive\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\test drive\testdriveunlimited.exe | 
"TCP Query User{6AAA06DC-5610-4300-98F0-2E520A67F83D}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{766864EC-B6BC-473A-8ADF-4CF4D7E6815F}F:\kituri\torent\utorrent.exe" = protocol=6 | dir=in | app=f:\kituri\torent\utorrent.exe | 
"TCP Query User{A96EACA2-B7DF-4C1E-B5ED-10E1F36A2997}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{AF5126A3-6396-4291-B79B-383482B04A98}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B681F4F1-30D2-49F3-B339-31AEF74E9CB8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C0149211-4F1B-48C9-A1D0-3DA71AA1933D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{C0DEF41C-1468-4075-AF47-2F77922CDDB5}D:\pc spiele\moh pacific\mohpa.exe" = protocol=6 | dir=in | app=d:\pc spiele\moh pacific\mohpa.exe | 
"TCP Query User{D1FAAEBA-DBDA-4628-98DE-82C66E933EE1}C:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=6 | dir=in | app=c:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe | 
"TCP Query User{FCDA7CF5-EC7A-43AB-AD29-F4DB1D840FCF}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe | 
"TCP Query User{FD31CD66-4500-4512-9940-494900798374}D:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=d:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe | 
"UDP Query User{0702EAAA-0508-42DA-98D5-B7C7B563D43E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{15DD011C-A065-471D-BDDD-5D35A57EBDC2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{2C0B62B4-E381-46A7-A7B4-6FC42593CA0D}D:\pc spiele\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=d:\pc spiele\far cry\bin32\farcry.exe | 
"UDP Query User{2C65ABE8-612F-460C-A135-EEE620FF5ABD}D:\pc spiele\pes 2009\pes2009.exe" = protocol=17 | dir=in | app=d:\pc spiele\pes 2009\pes2009.exe | 
"UDP Query User{2FD7310F-C0E3-459D-B3C2-53CC93AF577F}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe | 
"UDP Query User{38E638F3-6B24-4E67-A874-8BAAF264C253}C:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe | 
"UDP Query User{47064FD9-B422-4E91-97C5-BD3BB49BA6D1}D:\pc spiele\fear\fpupdate.exe" = protocol=17 | dir=in | app=d:\pc spiele\fear\fpupdate.exe | 
"UDP Query User{5F61E3A3-3B58-4970-B30D-76A9B7CDAA47}D:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=d:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe | 
"UDP Query User{5FC7B76C-EB10-4538-8F6D-0F6EDE746A3B}C:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=17 | dir=in | app=c:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe | 
"UDP Query User{674093BC-7F76-4158-9613-C3A81B9DAF03}D:\pc spiele\moh pacific\mohpa.exe" = protocol=17 | dir=in | app=d:\pc spiele\moh pacific\mohpa.exe | 
"UDP Query User{9A73F0A4-032C-43D6-8071-524596EA7742}D:\pc spiele\bin32\farcry.exe" = protocol=17 | dir=in | app=d:\pc spiele\bin32\farcry.exe | 
"UDP Query User{A1D514EA-D8D6-4791-B34E-F19DA4098975}F:\kituri\torent\utorrent.exe" = protocol=17 | dir=in | app=f:\kituri\torent\utorrent.exe | 
"UDP Query User{AC741147-98D3-4BF2-BAF9-654521B013FF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{BF14F94C-C984-4CCE-A5C1-AF5166303232}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{D2C7E5D6-0501-46B1-8A68-B78B1139B176}C:\test drive\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\test drive\testdriveunlimited.exe | 
"UDP Query User{E1968F26-2526-4A32-9EE1-A127430AC318}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{EBFCE35B-F715-468C-B136-660C6718D8EF}D:\vga\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\vga\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{345CDDCB-8241-4E76-9D3B-155F2FD6F07E}" = Sony Ericsson PC Suite
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D93BD2D-BA71-491A-926C-37FE1580CEE0}" = The Witcher Enhanced Edition - "Nebenwirkungen"
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{76D6737F-CF8D-4e9c-B3FE-1C65604804E1}" = FotoUp
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9639A939-076D-4fdc-8F0C-F9D531E0E2A6}" = W3FotoUp
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B2D7C787-7BFD-47b3-AE85-60146221015D}" = C4380_Help
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Sitecom Wireless Network USB Adapter Turbo G WL-172
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F40C0988-E8B1-479b-80BD-D5FADAB9697A}" = C4380_doccd
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"2D96D7FEFC2FEFB9F9D638DA8C3C6ECD3BDF9531" = Windows-Treiberpaket - Atheros Communications Inc. (athrusb) Net  (03/26/2008 2.2.0.15)
"3868648A8462AE872BD70533258F5196B59F7823" = Windows-Treiberpaket - Realtek Semiconductor Corp. (RTL8187B) Net  (09/04/2007 6.1102.0904.2007)
"58A20748E54772454ED3FD879ADF67B0F2F740AD" = Windows-Treiberpaket - Ralink (netr28u) Net  (04/21/2008 2.01.06.0000)
"76ED8308D49DD425D85813FD8C2AFC6AA75D1099" = Windows-Treiberpaket - Ralink (rt70x86) Net  (10/09/2007 3.01.00.0000)
"7-Zip" = 7-Zip 4.57
"93A6F6D028ABE440673A298C1022FF011EF69A50" = Windows-Treiberpaket - Realtek Semiconductor Corp. (RTL8187) Net  (01/30/2007 6.1281.0130.2007)
"A4608AD9231CF116CF8816A4DF61FB9E497FBACA" = Windows-Treiberpaket - Ralink Technology, Corp. (netr28) Net  (05/19/2008 2.00.06.0000)
"A7FCE32D22855DCF300C7415E453EFBE8549AC46" = Windows-Treiberpaket - Ralink (netr73) Net  (02/26/2008 3.01.04.0000)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Premium
"C06E598F706862939966091EF919ACEB82037A3F" = Windows-Treiberpaket - Ralink Technology, Inc. (RT2500) Net  (06/01/2006 3.02.00.0000)
"CCleaner" = CCleaner (remove only)
"Clickster161" = Clickster
"D63EA7FA1ED78B2B5396F0C16AD513F162102F14" = Windows-Treiberpaket - Ralink Technology Corp. (rt61x86) Net  (09/28/2007 2.01.00.0000)
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v4.60
"facemoods" = facemoods
"Free Fire Screensaver" = Free Fire Screensaver
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Updater" = Google Updater
"Grand Theft Auto IV Screenshot" = Grand Theft Auto IV Screenshot Screen Saver
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"lvdrivers_11.90" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Nano" = Nano 1.1.1
"NAVIGON Fresh" = NAVIGON Fresh 1.4.6
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer Basic
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SeaStorm 3D Screensaver" = SeaStorm 3D Screensaver (remove only)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Messenger" = Yahoo! Messenger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.04.2011 11:03:26 | Computer Name = KIMI | Source = LoadPerf | ID = 3012
Description = 
 
Error - 27.04.2011 11:03:26 | Computer Name = KIMI | Source = LoadPerf | ID = 3011
Description = 
 
Error - 27.04.2011 11:10:47 | Computer Name = KIMI | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 15.4.3508.1109, Zeitstempel
 0x4cda7240, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00310045,  Prozess-ID 0xfd0, Anwendungsstartzeit
 01cc04eb461ff6e8.
 
Error - 27.04.2011 15:22:28 | Computer Name = KIMI | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
 Fehler auf.  Die Resource 'GAVID_SRV' wurde nicht zugewiesen.  Der Grund hierfür könnte
 zu wenig Hauptspeicher oder ein anderer Systemfehler sein.  Fehlercode: 0x5
 
Error - 27.04.2011 15:22:28 | Computer Name = KIMI | Source = Avira AntiVir | ID = 4122
Description = Die Datei GAVID_SRV konnte nicht geladen werden.  Fehlercode: 0x5
 
Error - 27.04.2011 15:23:02 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.04.2011 15:23:02 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.04.2011 11:02:36 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.04.2011 11:02:36 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.04.2011 11:04:14 | Computer Name = KIMI | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 15.4.3508.1109, Zeitstempel
 0x4cda7240, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xf9c, Anwendungsstartzeit
 01cc05b5428dda90.
 
[ System Events ]
Error - 07.04.2011 16:04:09 | Computer Name = KIMI | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.04.2011 um 22:02:28 unerwartet heruntergefahren.
 
Error - 10.04.2011 04:20:15 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 16.04.2011 14:14:47 | Computer Name = KIMI | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.04.2011 um 20:13:11 unerwartet heruntergefahren.
 
Error - 20.04.2011 15:24:52 | Computer Name = KIMI | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{A276DE79-56F2-4C3D-9808-91BDD051C09A} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 23.04.2011 09:43:39 | Computer Name = KIMI | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 23.04.2011 15:59:17 | Computer Name = KIMI | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.04.2011 03:24:40 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 25.04.2011 03:32:52 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 25.04.2011 04:00:14 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 25.04.2011 04:30:14 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         
--- --- ---

-----------------------------------------------------------------------------------

OTL.TxtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.04.2011 17:42:08 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\7\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 64,92 Gb Free Space | 44,99% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 92,51 Gb Free Space | 64,23% Space Free | Partition Type: NTFS
 
Computer Name: KIMI | User Name: 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Users\7\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\7\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (gmer) -- C:\Windows\System32\drivers\gmer.sys (GMER)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\Windows\System32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\Windows\System32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\Windows\System32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI)
DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*hxxp://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*hxxp://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*hxxp://de.search.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/7/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_498ebeee.pac"
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.yahoo.de"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.28 13:50:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.25 16:34:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.25 16:34:39 | 000,000,000 | ---D | M]
 
[2008.12.01 18:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\7\AppData\Roaming\mozilla\Extensions
[2011.04.26 17:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions
[2011.04.25 10:19:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.25 21:38:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.26 17:14:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.25 10:19:08 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\ffxtlbr@Facemoods.com
[2011.04.25 10:19:09 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\gutscheinmieze@synatix-gmbh.de
[2011.04.23 19:32:20 | 000,001,056 | ---- | M] () -- C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\icqplugin.xml
[2010.01.25 20:07:02 | 000,003,915 | ---- | M] () -- C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\sweetim.xml
[2011.04.25 16:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.27 20:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.10 10:48:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.25 18:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.10 10:09:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.18 22:53:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.04.11 19:16:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.04.27 20:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.10 10:48:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.25 18:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.10 10:09:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.18 22:53:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml
[2010.11.22 20:43:34 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O24 - Desktop WallPaper: C:\Users\7\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\7\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.28 17:12:16 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.28 17:03:20 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{16EB5C1E-DAC2-4587-826D-69894AC40C3E}
[2011.04.27 21:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2011.04.27 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{501E7A4A-E1A5-4A3B-937C-C76EED02733E}
[2011.04.26 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8BB93BEB-4B45-4B02-AE09-B0D37CE4EF35}
[2011.04.26 17:12:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{66DB1119-8650-4A22-99A9-6A74E608241A}
[2011.04.25 10:48:06 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\Malwarebytes
[2011.04.25 10:47:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.25 10:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.25 10:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.25 10:47:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.25 10:47:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.25 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{39C73259-6ADD-456E-9B16-6594E9E662D8}
[2011.04.24 10:06:43 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{6608C630-1C30-47A7-A210-181D369EC1F6}
[2011.04.23 21:59:23 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{FFA6E56B-78E6-42FC-A910-BA317800EA60}
[2011.04.23 19:19:50 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{ED0C1408-14A3-402B-B500-63FBB58786D3}
[2011.04.23 15:44:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7640FEA8-762E-4977-BFBF-155073DA73F3}
[2011.04.22 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{49160889-ABD3-47B5-BFF1-11D96AE74F48}
[2011.04.21 17:09:01 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{5A8DFD98-2E91-4FB6-90F5-3A3A281D1B5E}
[2011.04.20 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8C39F67C-7BE6-4724-9882-8184FA661881}
[2011.04.19 17:01:21 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{A9242E20-77ED-4FAB-9B2F-B2F875559784}
[2011.04.19 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{55D1AF0B-03FE-4E96-85BB-9D0C5FDB8262}
[2011.04.18 14:30:50 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{B34016DD-8A7C-4FAE-9211-1AAA597F8249}
[2011.04.17 10:22:40 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{97E4E3D2-0073-4E19-89EB-FDA32DF3B62D}
[2011.04.16 09:22:39 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{C51E5897-08D9-4F5C-9635-3145D24FBBAE}
[2011.04.15 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{DD97A9BC-A942-4F48-8898-494E5A862591}
[2011.04.14 17:16:46 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{D82BC95B-8430-4559-A296-B5989B43BB9D}
[2011.04.13 21:30:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 21:30:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 21:29:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 21:29:58 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 21:29:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 21:29:52 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 17:13:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{4F925A13-2B50-4306-B6E2-45C10D95F5AB}
[2011.04.12 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{6442C79A-30A0-40F8-A8D6-92883DD808A5}
[2011.04.11 21:46:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{147AB97D-BBF3-4083-AA91-69691C6C8667}
[2011.04.11 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F7DEEE5A-811D-4403-9EE9-40480BA248F5}
[2011.04.10 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F181078E-0662-44D0-B116-E511F89D028C}
[2011.04.09 08:55:43 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{EB1E6DB1-475B-45B8-8E30-0E1C11AD5AEA}
[2011.04.07 21:48:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.07 21:48:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.07 21:48:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.07 21:48:19 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.07 21:48:19 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.07 21:48:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.07 21:48:19 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.07 21:48:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.07 21:48:18 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.07 21:48:18 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.07 21:48:18 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.07 21:48:17 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.07 21:48:17 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.07 21:48:17 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.07 21:48:17 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.07 21:48:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.07 21:48:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.07 21:48:17 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.07 21:48:17 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.07 21:48:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.07 21:48:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.07 21:48:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.07 21:48:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.07 21:48:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.07 21:48:16 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.07 21:48:16 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.07 21:48:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.07 21:48:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.07 21:48:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.07 21:48:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.07 21:48:15 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.07 21:48:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.07 21:48:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.07 21:48:15 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.07 21:48:15 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.07 21:48:15 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.07 21:48:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.07 21:48:15 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.07 21:48:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.07 17:19:03 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{AE37ABB7-8E51-4EB5-B7C9-D6BF0462D71B}
[2011.04.07 17:18:27 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{1AA7FFF1-CFE5-45FE-B44A-B54784232588}
[2011.04.06 17:57:32 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8C3D2F3B-94D1-48AF-AB94-CFA637DB736B}
[2011.04.05 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{E1C408E6-86CC-4F43-A999-E93C851AB0FD}
[2011.04.04 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{81697491-542F-4C0E-A1A1-B81BCA4FC230}
[2011.04.03 09:04:25 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{87E89821-5BFE-4AF1-A1E8-13D9EAC7D055}
[2011.04.02 12:43:51 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7FB87039-6520-43C4-B908-ADEF4D2832BC}
[2011.04.01 16:58:42 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F76F653E-1196-4CF6-8DC9-D58EDC6C5D4B}
[2011.03.31 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{E3F59802-CA46-4507-ACA9-B6AF9529669C}
[2011.03.30 17:11:01 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7284C2D3-E83E-4578-B4CA-27EA0343E498}
[2009.11.30 19:35:48 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe7119.dll
[2007.10.29 16:40:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007.07.26 11:29:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.28 17:05:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.28 17:04:31 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.28 17:01:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.28 17:01:55 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 17:01:55 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.28 17:01:51 | 000,036,533 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.28 17:01:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.27 17:03:30 | 020,142,370 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.27 17:03:30 | 006,595,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.27 17:03:30 | 006,461,834 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.27 17:03:30 | 005,836,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 19:43:49 | 000,000,784 | ---- | M] () -- C:\Users\7\Desktop\OTL - Verknüpfung.lnk
[2011.04.25 16:58:41 | 000,000,554 | ---- | M] () -- C:\Users\7\Desktop\unhide - Verknüpfung.lnk
[2011.04.25 16:34:44 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.04.25 10:47:35 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.25 09:29:21 | 000,000,392 | ---- | M] () -- C:\ProgramData\34594568
[2011.04.25 09:27:06 | 000,000,120 | ---- | M] () -- C:\ProgramData\~34594568
[2011.04.25 09:27:05 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34594568r
[2011.04.25 09:19:29 | 000,036,533 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.24 16:57:05 | 000,008,592 | ---- | M] () -- C:\Users\7\AppData\Local\d3d9caps.dat
[2011.04.16 20:14:41 | 185,343,855 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.14 17:13:27 | 000,324,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.07 21:48:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.07 21:48:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.07 21:48:20 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.07 21:48:20 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.07 21:48:19 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.07 21:48:19 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.07 21:48:19 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.07 21:48:19 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.07 21:48:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.07 21:48:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.07 21:48:18 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.07 21:48:18 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.07 21:48:18 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.07 21:48:17 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.07 21:48:17 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.07 21:48:17 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.07 21:48:17 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.07 21:48:17 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.07 21:48:17 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.07 21:48:17 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.07 21:48:17 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.07 21:48:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.07 21:48:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.07 21:48:17 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.07 21:48:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.07 21:48:17 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.07 21:48:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.07 21:48:16 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.07 21:48:16 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.07 21:48:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.07 21:48:16 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.07 21:48:16 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.07 21:48:16 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.07 21:48:15 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.07 21:48:15 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.07 21:48:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.07 21:48:15 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.07 21:48:15 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.07 21:48:15 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.07 21:48:15 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.07 21:48:15 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.07 21:48:15 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.26 19:43:49 | 000,000,784 | ---- | C] () -- C:\Users\7\Desktop\OTL - Verknüpfung.lnk
[2011.04.25 16:58:41 | 000,000,554 | ---- | C] () -- C:\Users\7\Desktop\unhide - Verknüpfung.lnk
[2011.04.25 16:34:44 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.25 16:34:44 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.04.25 10:47:35 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.25 09:27:05 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34594568r
[2011.04.25 09:27:05 | 000,000,120 | ---- | C] () -- C:\ProgramData\~34594568
[2011.04.25 09:26:42 | 000,000,392 | ---- | C] () -- C:\ProgramData\34594568
[2011.04.07 21:48:17 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.07.28 13:49:41 | 000,023,657 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.07.15 15:56:34 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini
[2009.12.29 21:23:32 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.12.03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.08.26 18:03:16 | 000,036,533 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.26 18:01:11 | 000,036,533 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.26 15:40:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.26 15:40:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.10 20:15:11 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.04.30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.01.12 19:14:17 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.16 22:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008.12.16 22:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008.10.08 10:57:49 | 000,000,464 | ---- | C] () -- C:\Users\7\AppData\Roaming\Patch-Master.exe.ini
[2008.10.08 10:57:49 | 000,000,000 | ---- | C] () -- C:\Users\7\AppData\Roaming\Patch-Master.exe.dat
[2008.08.14 13:15:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.03 11:49:41 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.07.03 11:49:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.05.20 07:57:30 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll
[2008.02.27 11:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[2008.02.15 17:07:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.02.07 21:50:15 | 000,585,791 | ---- | C] () -- C:\Windows\gmer.dll
[2008.02.07 21:50:15 | 000,581,632 | ---- | C] () -- C:\Windows\gmer.exe
[2008.02.07 21:50:15 | 000,000,250 | ---- | C] () -- C:\Windows\gmer.ini
[2008.01.08 17:28:47 | 000,048,640 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2008.01.02 19:25:41 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.01.02 19:25:39 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007.12.20 14:50:52 | 000,640,957 | ---- | C] () -- C:\Windows\unins000.exe
[2007.12.20 14:50:52 | 000,000,789 | ---- | C] () -- C:\Windows\unins000.dat
[2007.12.14 12:32:52 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2007.12.14 10:37:32 | 000,008,592 | ---- | C] () -- C:\Users\7\AppData\Local\d3d9caps.dat
[2007.12.13 21:56:50 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.08 20:53:41 | 000,000,216 | ---- | C] () -- C:\Windows\Ulead32.ini
[2007.12.06 14:28:21 | 000,035,840 | ---- | C] () -- C:\Users\7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.05 19:58:32 | 000,000,089 | ---- | C] () -- C:\Users\7\AppData\Local\fusioncache.dat
[2007.11.29 15:15:33 | 000,166,995 | ---- | C] () -- C:\Windows\hpoins21.dat
[2007.11.29 15:15:33 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2007.11.28 13:13:38 | 000,000,819 | ---- | C] () -- C:\Windows\aolback.exe.lnk
[2007.11.28 13:11:43 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.11.23 10:57:14 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.11.23 10:57:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.11.20 21:44:18 | 000,001,650 | ---- | C] () -- C:\Users\7\AppData\Roaming\wklnhst.dat
[2007.11.19 23:08:06 | 000,000,022 | ---- | C] () -- C:\Windows\msoffice.ini
[2007.10.29 16:42:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2007.10.29 16:42:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2007.10.29 16:40:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.07.26 21:28:01 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.07.26 19:31:59 | 000,000,742 | ---- | C] () -- C:\Windows\generic.ini
[2007.07.26 19:31:59 | 000,000,128 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.07.26 19:31:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007.07.26 11:29:30 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006.11.02 17:33:31 | 020,142,370 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 006,461,834 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,324,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 006,595,066 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 005,836,508 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.02.05 21:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll
[2005.01.25 16:15:42 | 000,010,240 | R--- | C] () -- C:\Windows\System32\PA207USD.DLL
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2011.04.25 10:19:07 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Bioshock
[2007.11.21 10:37:03 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\eSobi
[2009.02.09 23:18:31 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\GlarySoft
[2011.04.25 10:19:07 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\gtk-2.0
[2010.11.17 22:04:40 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Guitar Pro 6
[2011.04.25 10:19:07 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Gutscheinmieze
[2011.02.04 19:18:24 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\ICQ
[2008.08.19 13:19:53 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Leadertech
[2010.05.11 08:39:28 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Lexware
[2011.04.25 10:19:10 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\ProtectDisc
[2011.04.25 10:19:10 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Stellarium
[2007.12.05 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\T-Online
[2008.06.01 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Teleca
[2007.11.20 21:44:32 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Template
[2009.11.22 12:11:10 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Tobit
[2009.02.08 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Tunebite
[2007.12.08 21:02:52 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Ulead Systems
[2008.12.15 16:14:20 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\uTorrent
[2008.12.01 21:38:48 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Windows-Optimierer
[2008.04.09 18:02:52 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Xilisoft Corporation
[2011.04.27 22:12:54 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Gruß


Alt 28.04.2011, 18:55   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
[2011.04.25 09:27:05 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34594568r
[2011.04.25 09:27:05 | 000,000,120 | ---- | C] () -- C:\ProgramData\~34594568
[2011.04.25 09:26:42 | 000,000,392 | ---- | C] () -- C:\ProgramData\34594568
[2011.04.07 17:19:03 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{AE37ABB7-8E51-4EB5-B7C9-D6BF0462D71B}
[2011.04.07 17:18:27 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{1AA7FFF1-CFE5-45FE-B44A-B54784232588}
[2011.04.06 17:57:32 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8C3D2F3B-94D1-48AF-AB94-CFA637DB736B}
[2011.04.05 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{E1C408E6-86CC-4F43-A999-E93C851AB0FD}
[2011.04.04 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{81697491-542F-4C0E-A1A1-B81BCA4FC230}
[2011.04.03 09:04:25 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{87E89821-5BFE-4AF1-A1E8-13D9EAC7D055}
[2011.04.02 12:43:51 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7FB87039-6520-43C4-B908-ADEF4D2832BC}
[2011.04.01 16:58:42 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F76F653E-1196-4CF6-8DC9-D58EDC6C5D4B}
[2011.03.31 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{E3F59802-CA46-4507-ACA9-B6AF9529669C}
[2011.03.30 17:11:01 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7284C2D3-E83E-4578-B4CA-27EA0343E498}
[2011.04.28 17:03:20 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{16EB5C1E-DAC2-4587-826D-69894AC40C3E}
[2011.04.27 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{501E7A4A-E1A5-4A3B-937C-C76EED02733E}
[2011.04.26 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8BB93BEB-4B45-4B02-AE09-B0D37CE4EF35}
[2011.04.26 17:12:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{66DB1119-8650-4A22-99A9-6A74E608241A}
[2011.04.25 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{39C73259-6ADD-456E-9B16-6594E9E662D8}
[2011.04.24 10:06:43 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{6608C630-1C30-47A7-A210-181D369EC1F6}
[2011.04.23 21:59:23 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{FFA6E56B-78E6-42FC-A910-BA317800EA60}
[2011.04.23 19:19:50 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{ED0C1408-14A3-402B-B500-63FBB58786D3}
[2011.04.23 15:44:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7640FEA8-762E-4977-BFBF-155073DA73F3}
[2011.04.22 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{49160889-ABD3-47B5-BFF1-11D96AE74F48}
[2011.04.21 17:09:01 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{5A8DFD98-2E91-4FB6-90F5-3A3A281D1B5E}
[2011.04.20 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8C39F67C-7BE6-4724-9882-8184FA661881}
[2011.04.19 17:01:21 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{A9242E20-77ED-4FAB-9B2F-B2F875559784}
[2011.04.19 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{55D1AF0B-03FE-4E96-85BB-9D0C5FDB8262}
[2011.04.18 14:30:50 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{B34016DD-8A7C-4FAE-9211-1AAA597F8249}
[2011.04.17 10:22:40 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{97E4E3D2-0073-4E19-89EB-FDA32DF3B62D}
[2011.04.16 09:22:39 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{C51E5897-08D9-4F5C-9635-3145D24FBBAE}
[2011.04.15 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{DD97A9BC-A942-4F48-8898-494E5A862591}
[2011.04.14 17:16:46 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{D82BC95B-8430-4559-A296-B5989B43BB9D}
[2011.04.13 17:13:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{4F925A13-2B50-4306-B6E2-45C10D95F5AB}
[2011.04.12 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{6442C79A-30A0-40F8-A8D6-92883DD808A5}
[2011.04.11 21:46:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{147AB97D-BBF3-4083-AA91-69691C6C8667}
[2011.04.11 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F7DEEE5A-811D-4403-9EE9-40480BA248F5}
[2011.04.10 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F181078E-0662-44D0-B116-E511F89D028C}
[2011.04.09 08:55:43 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{EB1E6DB1-475B-45B8-8E30-0E1C11AD5AEA}
O32 - HKLM CDRom: AutoRun - 1
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found.
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
[2011.04.25 10:19:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.25 21:38:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.26 17:14:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.25 10:19:08 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\ffxtlbr@Facemoods.com
[2011.04.25 10:19:09 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\gutscheinmieze@synatix-gmbh.de
[2011.04.23 19:32:20 | 000,001,056 | ---- | M] () -- C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\icqplugin.xml
[2010.01.25 20:07:02 | 000,003,915 | ---- | M] () -- C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\sweetim.xml
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.de/"
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> Windows Recovery Malware

Alt 28.04.2011, 20:55   #7
Spirit_1
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Hier der OTL Fix Log:

All processes killed
========== OTL ==========
File C:\ProgramData\~34594568r not found.
File C:\ProgramData\~34594568 not found.
File C:\ProgramData\34594568 not found.
Folder C:\Users\7\AppData\Local\{AE37ABB7-8E51-4EB5-B7C9-D6BF0462D71B}\ not found.
Folder C:\Users\7\AppData\Local\{1AA7FFF1-CFE5-45FE-B44A-B54784232588}\ not found.
Folder C:\Users\7\AppData\Local\{8C3D2F3B-94D1-48AF-AB94-CFA637DB736B}\ not found.
Folder C:\Users\7\AppData\Local\{E1C408E6-86CC-4F43-A999-E93C851AB0FD}\ not found.
Folder C:\Users\7\AppData\Local\{81697491-542F-4C0E-A1A1-B81BCA4FC230}\ not found.
Folder C:\Users\7\AppData\Local\{87E89821-5BFE-4AF1-A1E8-13D9EAC7D055}\ not found.
Folder C:\Users\7\AppData\Local\{7FB87039-6520-43C4-B908-ADEF4D2832BC}\ not found.
Folder C:\Users\7\AppData\Local\{F76F653E-1196-4CF6-8DC9-D58EDC6C5D4B}\ not found.
Folder C:\Users\7\AppData\Local\{E3F59802-CA46-4507-ACA9-B6AF9529669C}\ not found.
Folder C:\Users\7\AppData\Local\{7284C2D3-E83E-4578-B4CA-27EA0343E498}\ not found.
Folder C:\Users\7\AppData\Local\{16EB5C1E-DAC2-4587-826D-69894AC40C3E}\ not found.
Folder C:\Users\7\AppData\Local\{501E7A4A-E1A5-4A3B-937C-C76EED02733E}\ not found.
Folder C:\Users\7\AppData\Local\{8BB93BEB-4B45-4B02-AE09-B0D37CE4EF35}\ not found.
Folder C:\Users\7\AppData\Local\{66DB1119-8650-4A22-99A9-6A74E608241A}\ not found.
Folder C:\Users\7\AppData\Local\{39C73259-6ADD-456E-9B16-6594E9E662D8}\ not found.
Folder C:\Users\7\AppData\Local\{6608C630-1C30-47A7-A210-181D369EC1F6}\ not found.
Folder C:\Users\7\AppData\Local\{FFA6E56B-78E6-42FC-A910-BA317800EA60}\ not found.
Folder C:\Users\7\AppData\Local\{ED0C1408-14A3-402B-B500-63FBB58786D3}\ not found.
Folder C:\Users\7\AppData\Local\{7640FEA8-762E-4977-BFBF-155073DA73F3}\ not found.
Folder C:\Users\7\AppData\Local\{49160889-ABD3-47B5-BFF1-11D96AE74F48}\ not found.
Folder C:\Users\7\AppData\Local\{5A8DFD98-2E91-4FB6-90F5-3A3A281D1B5E}\ not found.
Folder C:\Users\7\AppData\Local\{8C39F67C-7BE6-4724-9882-8184FA661881}\ not found.
Folder C:\Users\7\AppData\Local\{A9242E20-77ED-4FAB-9B2F-B2F875559784}\ not found.
Folder C:\Users\7\AppData\Local\{55D1AF0B-03FE-4E96-85BB-9D0C5FDB8262}\ not found.
Folder C:\Users\7\AppData\Local\{B34016DD-8A7C-4FAE-9211-1AAA597F8249}\ not found.
Folder C:\Users\7\AppData\Local\{97E4E3D2-0073-4E19-89EB-FDA32DF3B62D}\ not found.
Folder C:\Users\7\AppData\Local\{C51E5897-08D9-4F5C-9635-3145D24FBBAE}\ not found.
Folder C:\Users\7\AppData\Local\{DD97A9BC-A942-4F48-8898-494E5A862591}\ not found.
Folder C:\Users\7\AppData\Local\{D82BC95B-8430-4559-A296-B5989B43BB9D}\ not found.
Folder C:\Users\7\AppData\Local\{4F925A13-2B50-4306-B6E2-45C10D95F5AB}\ not found.
Folder C:\Users\7\AppData\Local\{6442C79A-30A0-40F8-A8D6-92883DD808A5}\ not found.
Folder C:\Users\7\AppData\Local\{147AB97D-BBF3-4083-AA91-69691C6C8667}\ not found.
Folder C:\Users\7\AppData\Local\{F7DEEE5A-811D-4403-9EE9-40480BA248F5}\ not found.
Folder C:\Users\7\AppData\Local\{F181078E-0662-44D0-B116-E511F89D028C}\ not found.
Folder C:\Users\7\AppData\Local\{EB1E6DB1-475B-45B8-8E30-0E1C11AD5AEA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.
File C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ not found.
File C:\Windows\System32\eDStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.
File C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
File C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
File C:\Windows\System32\eDStoolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
File C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Folder C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Folder C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\ not found.
Folder C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\ffxtlbr@Facemoods.com\ not found.
Folder C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\gutscheinmieze@synatix-gmbh.de\ not found.
File C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\icqplugin.xml not found.
File C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\sweetim.xml not found.
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.yahoo.de/" removed from browser.startup.homepage
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SEARCH PAGE| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: 7
->Temp folder emptied: 87146 bytes
->Temporary Internet Files folder emptied: 33287 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7246161 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 100167278 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 103,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04282011_215015

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 28.04.2011, 21:02   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.04.2011, 21:19   #9
Spirit_1
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Hier das Kaspersky Log:

2011/04/28 22:15:33.0440 6068 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/28 22:15:34.0080 6068 ================================================================================
2011/04/28 22:15:34.0080 6068 SystemInfo:
2011/04/28 22:15:34.0080 6068
2011/04/28 22:15:34.0080 6068 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/28 22:15:34.0080 6068 Product type: Workstation
2011/04/28 22:15:34.0080 6068 ComputerName: KIMI
2011/04/28 22:15:34.0080 6068 UserName: 7
2011/04/28 22:15:34.0080 6068 Windows directory: C:\Windows
2011/04/28 22:15:34.0080 6068 System windows directory: C:\Windows
2011/04/28 22:15:34.0080 6068 Processor architecture: Intel x86
2011/04/28 22:15:34.0080 6068 Number of processors: 2
2011/04/28 22:15:34.0080 6068 Page size: 0x1000
2011/04/28 22:15:34.0080 6068 Boot type: Normal boot
2011/04/28 22:15:34.0080 6068 ================================================================================
2011/04/28 22:15:35.0156 6068 Initialize success
2011/04/28 22:16:26.0106 4532 ================================================================================
2011/04/28 22:16:26.0106 4532 Scan started
2011/04/28 22:16:26.0106 4532 Mode: Manual;
2011/04/28 22:16:26.0106 4532 ================================================================================
2011/04/28 22:16:26.0761 4532 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\ACEDRV07.sys
2011/04/28 22:16:26.0808 4532 acedrv11 (27f954120babb8a00f8745d8f5bc9b82) C:\Windows\system32\drivers\acedrv11.sys
2011/04/28 22:16:26.0948 4532 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/28 22:16:27.0198 4532 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/28 22:16:27.0323 4532 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/28 22:16:27.0354 4532 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/28 22:16:27.0432 4532 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/28 22:16:27.0619 4532 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/28 22:16:27.0681 4532 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/28 22:16:27.0822 4532 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/28 22:16:27.0884 4532 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/28 22:16:28.0009 4532 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/28 22:16:28.0181 4532 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/28 22:16:28.0337 4532 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/28 22:16:28.0477 4532 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/28 22:16:28.0664 4532 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/28 22:16:28.0727 4532 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/28 22:16:28.0898 4532 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/28 22:16:28.0961 4532 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/28 22:16:29.0070 4532 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/28 22:16:29.0179 4532 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/28 22:16:29.0288 4532 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/28 22:16:29.0335 4532 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/28 22:16:29.0460 4532 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/28 22:16:29.0553 4532 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/28 22:16:29.0663 4532 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/28 22:16:29.0694 4532 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/28 22:16:29.0741 4532 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/28 22:16:29.0865 4532 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/28 22:16:29.0897 4532 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/28 22:16:29.0928 4532 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/28 22:16:30.0037 4532 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/28 22:16:30.0099 4532 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/28 22:16:30.0209 4532 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/28 22:16:30.0271 4532 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/28 22:16:30.0318 4532 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/28 22:16:30.0458 4532 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/28 22:16:30.0489 4532 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/28 22:16:30.0536 4532 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/28 22:16:30.0583 4532 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/28 22:16:30.0739 4532 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/28 22:16:30.0801 4532 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/28 22:16:30.0926 4532 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/28 22:16:31.0051 4532 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/28 22:16:31.0113 4532 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/28 22:16:31.0238 4532 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/28 22:16:31.0332 4532 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/28 22:16:31.0457 4532 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/28 22:16:31.0597 4532 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/28 22:16:31.0691 4532 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/28 22:16:31.0862 4532 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/28 22:16:31.0925 4532 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/28 22:16:32.0034 4532 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/28 22:16:32.0096 4532 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/28 22:16:32.0221 4532 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/28 22:16:32.0252 4532 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/28 22:16:32.0299 4532 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/28 22:16:32.0439 4532 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/28 22:16:32.0502 4532 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/28 22:16:32.0611 4532 gmer (35b24c17f8aea65cabc4a4e63e88ac45) C:\Windows\system32\DRIVERS\gmer.sys
2011/04/28 22:16:32.0689 4532 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/28 22:16:32.0814 4532 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/28 22:16:32.0861 4532 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/28 22:16:32.0970 4532 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/28 22:16:33.0032 4532 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/28 22:16:33.0141 4532 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/28 22:16:33.0219 4532 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/28 22:16:33.0329 4532 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/28 22:16:33.0391 4532 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/28 22:16:33.0500 4532 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\Windows\system32\drivers\iastor.sys
2011/04/28 22:16:33.0547 4532 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/28 22:16:33.0703 4532 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/28 22:16:33.0843 4532 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/04/28 22:16:34.0124 4532 IntcAzAudAddService (75334eceef6f39eec569f2f445254eda) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/28 22:16:34.0249 4532 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/28 22:16:34.0296 4532 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/28 22:16:34.0343 4532 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/28 22:16:34.0483 4532 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/28 22:16:34.0545 4532 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/28 22:16:34.0639 4532 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/28 22:16:34.0701 4532 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/28 22:16:34.0748 4532 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/28 22:16:34.0842 4532 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/28 22:16:34.0904 4532 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/28 22:16:34.0951 4532 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/28 22:16:35.0060 4532 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/28 22:16:35.0123 4532 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/04/28 22:16:35.0169 4532 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/28 22:16:35.0325 4532 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/28 22:16:35.0372 4532 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/28 22:16:35.0450 4532 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/28 22:16:35.0528 4532 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/28 22:16:35.0575 4532 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/28 22:16:35.0622 4532 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/28 22:16:35.0731 4532 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\Windows\system32\Drivers\LVPr2Mon.sys
2011/04/28 22:16:35.0793 4532 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
2011/04/28 22:16:35.0918 4532 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\Windows\system32\drivers\LVUSBSta.sys
2011/04/28 22:16:36.0121 4532 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/04/28 22:16:36.0386 4532 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/28 22:16:36.0449 4532 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/28 22:16:36.0573 4532 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2011/04/28 22:16:36.0620 4532 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/28 22:16:36.0651 4532 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/28 22:16:36.0745 4532 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/28 22:16:36.0792 4532 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/28 22:16:36.0854 4532 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/28 22:16:36.0948 4532 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/28 22:16:37.0010 4532 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/28 22:16:37.0088 4532 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/28 22:16:37.0197 4532 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/28 22:16:37.0260 4532 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/28 22:16:37.0307 4532 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/28 22:16:37.0416 4532 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/28 22:16:37.0431 4532 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/28 22:16:37.0525 4532 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/28 22:16:37.0634 4532 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/28 22:16:37.0697 4532 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/28 22:16:37.0790 4532 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/28 22:16:37.0837 4532 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/28 22:16:37.0884 4532 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/28 22:16:38.0009 4532 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/28 22:16:38.0055 4532 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/28 22:16:38.0165 4532 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/28 22:16:38.0258 4532 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/28 22:16:38.0383 4532 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/28 22:16:38.0461 4532 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/28 22:16:38.0539 4532 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/28 22:16:38.0601 4532 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/28 22:16:38.0648 4532 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/28 22:16:38.0773 4532 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/28 22:16:38.0851 4532 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/28 22:16:38.0976 4532 netr73 (91d44aa2a61006136da32118a179bf12) C:\Windows\system32\DRIVERS\netr73.sys
2011/04/28 22:16:39.0054 4532 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/28 22:16:39.0179 4532 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/28 22:16:39.0241 4532 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/28 22:16:39.0350 4532 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/28 22:16:39.0459 4532 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/04/28 22:16:39.0506 4532 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/28 22:16:39.0615 4532 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/28 22:16:39.0927 4532 nvlddmkm (01544d3e8b6c8c490f57317ad5e4e9ff) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/28 22:16:40.0271 4532 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/28 22:16:40.0317 4532 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/28 22:16:40.0427 4532 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/28 22:16:40.0536 4532 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/28 22:16:40.0676 4532 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/04/28 22:16:40.0723 4532 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/28 22:16:40.0754 4532 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/28 22:16:40.0863 4532 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/28 22:16:40.0926 4532 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/04/28 22:16:41.0051 4532 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/28 22:16:41.0129 4532 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/28 22:16:41.0347 4532 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/28 22:16:41.0409 4532 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/28 22:16:41.0565 4532 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/28 22:16:41.0612 4532 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/04/28 22:16:41.0643 4532 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
2011/04/28 22:16:41.0753 4532 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
2011/04/28 22:16:41.0799 4532 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/28 22:16:41.0862 4532 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/28 22:16:41.0987 4532 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/28 22:16:42.0049 4532 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/28 22:16:42.0080 4532 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/28 22:16:42.0205 4532 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/28 22:16:42.0267 4532 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/28 22:16:42.0330 4532 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/28 22:16:42.0423 4532 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/28 22:16:42.0470 4532 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/28 22:16:42.0595 4532 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/28 22:16:42.0642 4532 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/28 22:16:42.0782 4532 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/28 22:16:42.0876 4532 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/28 22:16:42.0985 4532 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/28 22:16:43.0032 4532 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\Windows\system32\DRIVERS\rt73.sys
2011/04/28 22:16:43.0094 4532 RTL8169 (13e97cf38286b8a1d7605d3175db28ee) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/28 22:16:43.0203 4532 s116bus (815445f4676cc96bc9aeec303c727e19) C:\Windows\system32\DRIVERS\s116bus.sys
2011/04/28 22:16:43.0235 4532 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\Windows\system32\DRIVERS\s116mdfl.sys
2011/04/28 22:16:43.0281 4532 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\Windows\system32\DRIVERS\s116mdm.sys
2011/04/28 22:16:43.0391 4532 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\Windows\system32\DRIVERS\s116mgmt.sys
2011/04/28 22:16:43.0437 4532 s116nd5 (306f85733671fe507470f0273025e768) C:\Windows\system32\DRIVERS\s116nd5.sys
2011/04/28 22:16:43.0484 4532 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\Windows\system32\DRIVERS\s116obex.sys
2011/04/28 22:16:43.0515 4532 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\Windows\system32\DRIVERS\s116unic.sys
2011/04/28 22:16:43.0640 4532 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/28 22:16:43.0703 4532 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/28 22:16:43.0827 4532 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/28 22:16:43.0874 4532 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/28 22:16:43.0937 4532 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/28 22:16:44.0030 4532 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/28 22:16:44.0108 4532 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/28 22:16:44.0139 4532 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/28 22:16:44.0233 4532 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/28 22:16:44.0249 4532 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/28 22:16:44.0295 4532 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/28 22:16:44.0342 4532 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/28 22:16:44.0373 4532 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/28 22:16:44.0529 4532 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/28 22:16:44.0607 4532 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
2011/04/28 22:16:44.0748 4532 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/28 22:16:44.0810 4532 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/28 22:16:44.0919 4532 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/28 22:16:44.0951 4532 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/28 22:16:44.0997 4532 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/28 22:16:45.0060 4532 ssm_bus (df5c19f053eff7f8ba25d73aea899656) C:\Windows\system32\DRIVERS\ssm_bus.sys
2011/04/28 22:16:45.0153 4532 ssm_mdfl (5347169fa449eabc4d0728ae39fab926) C:\Windows\system32\DRIVERS\ssm_mdfl.sys
2011/04/28 22:16:45.0216 4532 ssm_mdm (7aae23dd105eed15c4f45fc269fa42a9) C:\Windows\system32\DRIVERS\ssm_mdm.sys
2011/04/28 22:16:45.0341 4532 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/28 22:16:45.0403 4532 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/28 22:16:45.0481 4532 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/28 22:16:45.0512 4532 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/28 22:16:45.0575 4532 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\Windows\system32\drivers\tbhsd.sys
2011/04/28 22:16:45.0684 4532 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/28 22:16:45.0762 4532 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/28 22:16:45.0840 4532 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/28 22:16:45.0887 4532 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/28 22:16:45.0980 4532 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/28 22:16:46.0089 4532 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/28 22:16:46.0152 4532 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/28 22:16:46.0261 4532 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/28 22:16:46.0355 4532 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/28 22:16:46.0417 4532 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/28 22:16:46.0464 4532 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/28 22:16:46.0542 4532 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/28 22:16:46.0620 4532 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/28 22:16:46.0682 4532 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/28 22:16:46.0745 4532 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/28 22:16:46.0791 4532 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/28 22:16:46.0854 4532 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/28 22:16:46.0947 4532 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/28 22:16:47.0057 4532 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/28 22:16:47.0119 4532 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/28 22:16:47.0213 4532 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/28 22:16:47.0259 4532 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/28 22:16:47.0306 4532 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/28 22:16:47.0369 4532 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/28 22:16:47.0462 4532 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/28 22:16:47.0556 4532 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/28 22:16:47.0649 4532 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/28 22:16:47.0727 4532 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/28 22:16:47.0790 4532 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/28 22:16:47.0868 4532 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/28 22:16:47.0930 4532 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/28 22:16:47.0961 4532 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/28 22:16:48.0024 4532 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/28 22:16:48.0133 4532 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/28 22:16:48.0211 4532 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/28 22:16:48.0273 4532 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/28 22:16:48.0383 4532 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/28 22:16:48.0445 4532 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 22:16:48.0476 4532 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 22:16:48.0585 4532 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/04/28 22:16:48.0648 4532 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/28 22:16:48.0726 4532 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/28 22:16:48.0944 4532 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/28 22:16:49.0038 4532 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/28 22:16:49.0100 4532 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/28 22:16:49.0241 4532 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/28 22:16:49.0287 4532 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
2011/04/28 22:16:49.0381 4532 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
2011/04/28 22:16:49.0568 4532 ================================================================================
2011/04/28 22:16:49.0568 4532 Scan finished
2011/04/28 22:16:49.0568 4532 ================================================================================


Gruß

Geändert von Spirit_1 (28.04.2011 um 21:26 Uhr)

Alt 29.04.2011, 09:43   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.04.2011, 18:30   #11
Spirit_1
 
Windows Recovery Malware - Standard

Windows Recovery Malware



So, hab nun schon vier mal probiert ComboFix laufen zu lassen, allerdings stürzt der PC jedesmal kurz vor ende des Scans mit einem BlueScreen ab.

Der Virenscanner ist Deaktiviert und andere Hintergrundwächter sind nicht Installiert, auch Maus und Tastatur wurden während des Scans nicht benutzt.

Werde es weiter probieren!

Gruß

Alt 29.04.2011, 20:51   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Starte Windows neu, lösch die alte cofi.exe, lade CF neu als cofi.exe runter und probier es bitte nochmal.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.04.2011, 08:36   #13
Spirit_1
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Klappt auch so nicht, es kommt erneut kurz vor ende des Scans(Stufe 32) zu einem BlueScreen.
Es ist wirklich zum haare raufen.

Alt 01.05.2011, 12:15   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.05.2011, 13:01   #15
Spirit_1
 
Windows Recovery Malware - Standard

Windows Recovery Malware



Zitat:
Ordner C:\Qoobox in eine Datei zippen
Hi,

Sorry, aber wo kann ich Qoobox finden?
hab alles durchsucht, kann den Ordner aber nicht finden.

Gruß

Edit:So hat jetzt alles prima geklappt, Datei wurde Erfolgreich Hochgeladen!

Geändert von Spirit_1 (01.05.2011 um 13:22 Uhr)

Antwort

Themen zu Windows Recovery Malware
anti-malware, appdata, dateien, desktop, entfernt, explorer, heute, infizierte, install, malwar, malware, malwarebytes, microsoft, recovery, richtig, roaming, scan, service, software, start, start menu, temp, trojan.fakealert, trojaner, version, windows, wirklich




Ähnliche Themen: Windows Recovery Malware


  1. Data Recovery Malware eingefangen und gemäß Anleitung hier bekämpft
    Log-Analyse und Auswertung - 06.11.2011 (1)
  2. Recovery-Opfer nach malware geht es wie mit otl weiter
    Log-Analyse und Auswertung - 25.06.2011 (9)
  3. Windows XP Recovery GAU
    Plagegeister aller Art und deren Bekämpfung - 18.06.2011 (15)
  4. Windows Recovery
    Log-Analyse und Auswertung - 10.06.2011 (20)
  5. Malware Windows Recovery
    Plagegeister aller Art und deren Bekämpfung - 11.05.2011 (23)
  6. Windows recovery Malware
    Log-Analyse und Auswertung - 09.05.2011 (11)
  7. Windows Recovery Malware
    Log-Analyse und Auswertung - 08.05.2011 (22)
  8. Windows Recovery auf PC
    Log-Analyse und Auswertung - 08.05.2011 (6)
  9. Windows Recovery
    Log-Analyse und Auswertung - 04.05.2011 (7)
  10. Diverse Trojaner, Nicht mehr funktionsfähiges AntiVir, Windows Recovery Malware
    Log-Analyse und Auswertung - 25.04.2011 (1)
  11. Windows Recovery :(
    Plagegeister aller Art und deren Bekämpfung - 24.04.2011 (1)
  12. Malware Windows Recovery !
    Log-Analyse und Auswertung - 21.04.2011 (4)
  13. Nach Windows-Recovery (?) Befall und Entfernen via Malware schwarzer Hintergrund und alle Daten weg
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (23)
  14. Windows Recovery Malware. Halbwegs beseitigt.
    Log-Analyse und Auswertung - 15.04.2011 (20)
  15. 'Windows Recovery' Rogue Malware / nun unerwünschte Umleitungen auf andere Seiten
    Log-Analyse und Auswertung - 14.04.2011 (1)
  16. Windows Recovery Malware Logfiles
    Log-Analyse und Auswertung - 14.04.2011 (11)
  17. Probleme nach Windows Recovery Malware Befall
    Log-Analyse und Auswertung - 07.04.2011 (37)

Zum Thema Windows Recovery Malware - Hallo, da mich der Windows Recovery Trojaner nun auch getroffen hat, habe ich mich hier angemeldet. Habe bereits ein Malwarebytes Scan durchlaufen lassen, dadurch wurden alle Infizierten Objekte Entfernt und - Windows Recovery Malware...
Archiv
Du betrachtest: Windows Recovery Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.